Framework Mappings
Browse resources mapped to security frameworks: OWASP, NIST, MITRE ATLAS, and ISO/IEC 42001.
OWASP Top 10 for LLM Applications
Official site OWASP LLM: LLM01 Prompt Injection (40 resources)
Manipulating LLMs through crafted inputs
- Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection (2023)
- Ignore This Title and HackAPrompt: Exposing Systemic Weaknesses of LLMs through a Global Scale Prompt Hacking Competition (2023)
- Jailbroken: How Does LLM Safety Training Fail? (2024)
- Universal and Transferable Adversarial Attacks on Aligned Language Models (2023)
- The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions (2024)
- + 35 more
OWASP LLM: LLM02 Sensitive Information Disclosure (13 resources)
Unintended revelation of confidential data
- Extracting Training Data from Large Language Models (2021)
- Scalable Extraction of Training Data from (Production) Language Models (2023)
- A Survey on Large Language Model (LLM) Security and Privacy: The Good, The Bad, and The Ugly (2024)
- A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models (2024)
- Multi-step Jailbreaking Privacy Attacks on ChatGPT (2023)
- + 8 more
OWASP LLM: LLM03 Supply Chain Vulnerabilities (10 resources)
Compromised components in LLM supply chain
- Stealing Part of a Production Language Model (2024)
- A Survey on Large Language Model (LLM) Security and Privacy: The Good, The Bad, and The Ugly (2024)
- A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models (2024)
- AI Supply Chain Attacks and Mitigations: A Security-Focused Survey (2024)
- OWASP Top 10 for Large Language Model Applications (2025)
- + 5 more
OWASP LLM: LLM04 Data and Model Poisoning (14 resources)
Tampering with training data or models
- Poisoning Language Models During Instruction Tuning (2023)
- PoisonedRAG: Knowledge Poisoning Attacks to Retrieval-Augmented Generation of Large Language Models (2024)
- A Survey on Large Language Model (LLM) Security and Privacy: The Good, The Bad, and The Ugly (2024)
- A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models (2024)
- OWASP Top 10 for Large Language Model Applications (2025)
- + 9 more
OWASP LLM: LLM05 Improper Output Handling (12 resources)
Insufficient validation of LLM outputs
- Llama Guard: LLM-based Input-Output Safeguard for Human-AI Conversations (2023)
- NeMo Guardrails: A Toolkit for Controllable and Safe LLM Applications with Programmable Rails (2023)
- A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models (2024)
- OWASP Top 10 for Large Language Model Applications (2025)
- OWASP AI Security and Privacy Guide (2024)
- + 7 more
OWASP LLM: LLM06 Excessive Agency (10 resources)
Granting LLMs too much autonomy or access
- NeMo Guardrails: A Toolkit for Controllable and Safe LLM Applications with Programmable Rails (2023)
- AgentDojo: A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents (2024)
- InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated LLM Agents (2024)
- R-Judge: Benchmarking Safety Risk Awareness for LLM Agents (2024)
- OWASP Top 10 for Large Language Model Applications (2025)
- + 5 more
OWASP LLM: LLM07 System Prompt Leakage (5 resources)
Exposure of system-level instructions
- The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions (2024)
- OWASP Top 10 for Large Language Model Applications (2025)
- OWASP LLM AI Security & Governance Checklist (2024)
- GPT in Sheep's Clothing: The Risk of Customized GPTs (2024)
- Prompt Stealing Attacks Against Text-to-Image Generation Models (2024)
OWASP LLM: LLM08 Vector and Embedding Weaknesses (4 resources)
Vulnerabilities in vector stores and embeddings
OWASP LLM: LLM09 Misinformation (3 resources)
Generation of false or misleading content
OWASP LLM: LLM10 Unbounded Consumption (2 resources)
Uncontrolled resource usage by LLMs
OWASP Top 10 for Agentic AI
Official site OWASP Agentic: AGT01 Excessive Agency & Privilege Escalation (6 resources)
- LLM Agents Can Autonomously Hack Websites (2024)
- OWASP Top 10 for Agentic AI Applications (2025)
- The Emerged Security and Privacy of LLM Agent: A Survey with Case Studies (2024)
- LLM Agents Can Autonomously Exploit One-day Vulnerabilities (2024)
- SWE-agent: Agent-Computer Interfaces Enable Automated Software Engineering (2024)
- + 1 more
OWASP Agentic: AGT02 Unsafe Tool Execution (10 resources)
- AgentDojo: A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents (2024)
- InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated LLM Agents (2024)
- Toolformer: Language Models Can Teach Themselves to Use Tools (2023)
- OWASP Top 10 for Agentic AI Applications (2025)
- Model Context Protocol (MCP): Security Considerations and Best Practices (2024)
- + 5 more
OWASP Agentic: AGT03 Prompt Injection in Agent Pipelines (8 resources)
- AgentDojo: A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents (2024)
- InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated LLM Agents (2024)
- ConfusedPilot: Confused Deputy Attacks Against RAG-based Code Assistants (2024)
- OWASP Top 10 for Agentic AI Applications (2025)
- Model Context Protocol (MCP): Security Considerations and Best Practices (2024)
- + 3 more
OWASP Agentic: AGT04 Memory & Context Poisoning (1 resources)
OWASP Agentic: AGT05 Insecure Multi-Agent Communication (1 resources)
OWASP Agentic: AGT06 Inadequate Human Oversight (2 resources)
OWASP Agentic: AGT07 Supply Chain Compromise (3 resources)
OWASP Agentic: AGT08 Insufficient Monitoring & Logging (1 resources)
OWASP Agentic: AGT09 Unsafe Autonomy & Self-Modification (5 resources)
- LLM Agents Can Autonomously Hack Websites (2024)
- OWASP Top 10 for Agentic AI Applications (2025)
- LLM Agents Can Autonomously Exploit One-day Vulnerabilities (2024)
- SWE-agent: Agent-Computer Interfaces Enable Automated Software Engineering (2024)
- Voyager: An Open-Ended Embodied Agent with Large Language Models (2023)
OWASP Agentic: AGT10 Data Leakage Across Agent Boundaries (1 resources)
MITRE ATLAS
Official site MITRE ATLAS: AML.T0000 Reconnaissance (1 resources)
MITRE ATLAS: AML.T0001 Resource Development (1 resources)
MITRE ATLAS: AML.T0010 ML Supply Chain Compromise (3 resources)
MITRE ATLAS: AML.T0015 Evade ML Model (2 resources)
MITRE ATLAS: AML.T0018 Backdoor ML Model (4 resources)
- Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training (2024)
- TrojLLM: A Black-box Trojan Prompt Attack on Large Language Models (2024)
- LoRA Fine-Tuning Efficiently Undoes Safety Training in Llama 2-Chat (2023)
- BadChain: Backdoor Chain-of-Thought Prompting for Large Language Models (2024)
MITRE ATLAS: AML.T0020 Poison Training Data (6 resources)
- Poisoning Language Models During Instruction Tuning (2023)
- PoisonedRAG: Knowledge Poisoning Attacks to Retrieval-Augmented Generation of Large Language Models (2024)
- MITRE ATLAS: Adversarial Threat Landscape for AI Systems (2024)
- Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training (2024)
- BadChain: Backdoor Chain-of-Thought Prompting for Large Language Models (2024)
- + 1 more
MITRE ATLAS: AML.T0024 Exfiltration via ML Inference API (3 resources)
MITRE ATLAS: AML.T0025 Exfiltration via Cyber Means (0 resources)
MITRE ATLAS: AML.T0034 Cost Harvesting (0 resources)
MITRE ATLAS: AML.T0035 Denial of ML Service (0 resources)
MITRE ATLAS: AML.T0040 ML Model Inference API Access (0 resources)
MITRE ATLAS: AML.T0042 Verify Attack (0 resources)
MITRE ATLAS: AML.T0043 Craft Adversarial Data (5 resources)
- Universal and Transferable Adversarial Attacks on Aligned Language Models (2023)
- Adversarial Attacks and Defenses in Large Language Models: Old and New Threats (2024)
- MITRE ATLAS: Adversarial Threat Landscape for AI Systems (2024)
- TrojLLM: A Black-box Trojan Prompt Attack on Large Language Models (2024)
- Visual Adversarial Examples Jailbreak Aligned Large Language Models (2024)
MITRE ATLAS: AML.T0044 Full ML Model Access (0 resources)
MITRE ATLAS: AML.T0047 ML-Enabled Product or Service (0 resources)
MITRE ATLAS: AML.T0048 Prompt Injection (2 resources)
MITRE ATLAS: AML.T0049 Extract ML Model (3 resources)
MITRE ATLAS: AML.T0050 Command and Control via ML Service (0 resources)
MITRE ATLAS: AML.T0051 LLM Prompt Injection (11 resources)
- Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection (2023)
- Ignore This Title and HackAPrompt: Exposing Systemic Weaknesses of LLMs through a Global Scale Prompt Hacking Competition (2023)
- The Instruction Hierarchy: Training LLMs to Prioritize Privileged Instructions (2024)
- A Survey on Large Language Model (LLM) Security and Privacy: The Good, The Bad, and The Ugly (2024)
- AgentDojo: A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents (2024)
- + 6 more
MITRE ATLAS: AML.T0054 LLM Jailbreak (15 resources)
- Ignore This Title and HackAPrompt: Exposing Systemic Weaknesses of LLMs through a Global Scale Prompt Hacking Competition (2023)
- Jailbroken: How Does LLM Safety Training Fail? (2024)
- Universal and Transferable Adversarial Attacks on Aligned Language Models (2023)
- A Survey on Large Language Model (LLM) Security and Privacy: The Good, The Bad, and The Ugly (2024)
- Adversarial Attacks and Defenses in Large Language Models: Old and New Threats (2024)
- + 10 more
MITRE ATLAS: AML.T0056 LLM Data Leakage (3 resources)
MITRE ATLAS: AML.T0057 LLM Plugin Compromise (1 resources)
NIST AI Risk Management Framework
Official site NIST AI RMF: GOVERN Govern (14 resources)
Cultivate a culture of risk management
- Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory (2024)
- Machine Unlearning for Large Language Models: A Survey (2024)
- NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0) (2023)
- OWASP AI Security and Privacy Guide (2024)
- Constitutional AI: Harmlessness from AI Feedback (2022)
- + 9 more
NIST AI RMF: MAP Map (14 resources)
Context and risk identification
- Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory (2024)
- NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0) (2023)
- OWASP AI Security and Privacy Guide (2024)
- Identifying and Mitigating the Security Risks of Generative AI (2023)
- The AI Security Pyramid of Pain (2024)
- + 9 more
NIST AI RMF: MEASURE Measure (19 resources)
Analyze, assess, and track AI risks
- Red Teaming Language Models to Reduce Harms: Methods, Scaling Behaviors, and Lessons Learned (2022)
- Garak: A Framework for Security Probing Large Language Models (2024)
- NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0) (2023)
- OWASP AI Security and Privacy Guide (2024)
- PyRIT: Python Risk Identification Toolkit for Generative AI (2024)
- + 14 more
NIST AI RMF: MANAGE Manage (15 resources)
Allocate resources to mapped and measured risks
- Machine Unlearning for Large Language Models: A Survey (2024)
- Red Teaming Language Models to Reduce Harms: Methods, Scaling Behaviors, and Lessons Learned (2022)
- NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0) (2023)
- OWASP AI Security and Privacy Guide (2024)
- Constitutional AI: Harmlessness from AI Feedback (2022)
- + 10 more
ISO/IEC 42001
Official site ISO 42001: 4 Context of the organization (2 resources)
ISO 42001: 5 Leadership (1 resources)
ISO 42001: 6 Planning (2 resources)
ISO 42001: 7 Support (1 resources)
ISO 42001: 8 Operation (5 resources)
- Machine Unlearning for Large Language Models: A Survey (2024)
- DP-SGD for Fine-Tuning Foundation Models: A Privacy-Utility Trade-off Study (2024)
- Federated Fine-Tuning of LLMs on the Very Edge: The Good, the Bad, the Ugly (2024)
- ISO/IEC 42001:2023 - Artificial Intelligence Management System (2023)
- EU AI Act: Regulation on Artificial Intelligence (2024)
ISO 42001: 9 Performance evaluation (1 resources)
ISO 42001: 10 Improvement (1 resources)
ISO 42001: A Annex A - AI Controls (1 resources)
ISO 42001: B Annex B - AI Objectives (1 resources)