Change Log

All notable changes to the OWASP Top 10 for LLM Applications project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.0.1] - 2023-08-26

v1.1 Instructions for the Expert Group reference

Fixed

• Spelling, grammer, formatting clean ups via an agreed IDE code linter for Vulnerability Entry Leads to prevent future errors and standard conformity throughout the repo.
• Enhancements, updates and recommendations to each vulnerability entry via community-raised GitHub issues within the repo which were then triaged to the corresponding vulnerability entry lead for triage and resolution through Pull Requests to the repo v1.1 directory.

Added

• Architected a CODEOWNERS file and branch protection rules in aid to audit and control CI/CD workflow and updates of the repo against the default branch.
• Redesign of the repo style and layout guidelines for vulnerability entries
• Inclusion of artifacts (visual diagrams) which maps the Top 10 entries against a typical LLM application and client/server interaction
• Translations in Chinese, Hindi and Portugese (01-03-2024)

Other Additions

• We added an automated meeting for our biweekly schedule here:
  • 👉 Download the official .ical here to import into your calendar application.
• We also introduced an OWASP Top 10 for Large Language Model Applications Newsletter for signup of notifications about the project.
  • 👀 The November 2023 newsletter will include a call for opportunity to participate in an open-source project with Ads to create a DV-LLMA (Damn Vulnerable LLM Application) to test and hone your skills as well as a fun learning and development experience for LLM application vulnerabilities.
• The OWASP LLM Top 10 continues to translate the list into different languages! This is done by multilingual members (humans)
  • If you’re fluent in another language and willing to help, email us at: [email protected]

[1.0] - 2023-08-01

Added

• Initial official release of the OWASP Top 10 for LLM Applications based on two months of working group efforts.
• Engagement from over 485 experts and contributions from over 130 experts in the field of AI and application security.

[0.9] - 2023-07-18

Added

• Second draft of the OWASP Top 10 for LLM Applications based on working group input.

[0.5] - 2023-07-01

Added

• Initial draft of the OWASP Top 10 for LLM Applications based on working group input.

[0.1] - 2023-05-23

Added

• Version 0.1 “straw man” list published
• Project inception and approval by the OWASP board.
• Project homepage created on the OWASP website.
• GitHub repository for direct participation and contributions.
• OWASP Slack Workspace channel for discussions.

Legend

• Added: for new features.
• Changed: for changes in existing functionality.
• Deprecated: for soon-to-be removed features.
• Removed: for now removed features.
• Fixed: for any bug fixes.
• Security: in case of vulnerabilities.