For more than 20 years, Open Worldwide Application Security Project (OWASP) top 10 risk lists has have been go-to references in the fight to make software more secure. In 2023, OWASP brought forward a new addition: a rundown of risks specific to AI. Two draft versions of the AI risk list were published in spring/summer of that year, with a formal version 1 released in October.
Since then, LLMs have only become more entrenched as business productivity tools. Most companies are either using or exploring the use of AI, and while some liabilities are well known—such as the need to always check an LLM’s work—others remain under the radar.
We did some analysis and found the vulnerabilities identified by OWASP fall broadly into three categories:
- Access risks associated with exploited privileges and unauthorized actions.
- Data risks such as data manipulation or loss of services.
- Reputational and business risks resulting from bad AI outputs or actions.
In this blog, we take a closer look at the specific risks in each case and offer some suggestions about how to handle them.
1. Access risks with AI
Of the 10 vulnerabilities listed by OWASP, three are specific to access and…
