OWASP LLM Security Verification Standard

OWASP Incubator Creative Commons License


The primary aim of the OWASP Large Language Model Security Verification Standard (LLMSVS) Project is to provide an open security standard for systems which leverage artificial intelligence and Large Language Models.

The standard provides a basis for designing, building, and testing robust LLM backed applications, including architectural, model lifecycle, model training, model operation and integration, model storage and monitoring concerns.

Initial Draft Version - 0.1

The latest stable version is version 0.1 (dated February 2024), which can be found:

The master branch of this repository will always be the “bleeding edge version” which might have in-progress changes or other edits open.

We gratefully recognize the organizations who have supported the project either through significant time provision or financially on our “Supporters” page!

Standard Objectives

The requirements were developed with the following objectives in mind:

  1. Develop and Refine Security Guidelines: Consolidate general objectives, including community involvement and standard evolution, into a comprehensive set of security guidelines for AI and LLM-based systems.
  2. Address Unique Security Challenges of LLMs: Focus specifically on the unique functional and non-functional security challenges presented by Large Language Models.
  3. Guide Development Teams in Secure Practices: Provide detailed guidance to development teams for implementing robust security measures in LLM-based applications.
  4. Assist Security Teams in Audits and Penetration Testing: Offer methodologies and standards for security teams to conduct effective security audits and penetration tests on LLM-backed systems.
  5. Establish and Update Security Benchmarks: Create and regularly update security benchmarks to align with the latest advancements in AI and cybersecurity.
  6. Promote Best Practices in LLM Security: Encourage the adoption of industry best practices in securing LLM-based systems.
  7. Align Security Expectations Among Stakeholders: Establish a common understanding of security expectations among developers, security professionals, vendors, and clients.