The impact of OWASP's top 10s on securing AI

Jelle and Gerben discuss security in AI applications, exploring the threats and vulnerabilities that can arise when developing such applications, including those leveraging AI models, machine learning models, or large language model (LLM) chatbots. To determine how to build secure AI apps, they examine OWASP's efforts to identify common risks through their top 10 lists. They discuss the focus and shortcomings of these lists and how the theory behind them relates to securing actual applications. Jelle and Gerben take a closer look at the Machine Learning top 10 and the Large Language Model top 10. Based on these risks, they debate whether the top 10s help developers or if they pose risks themselves. While both agree that the lists play a key role in raising awareness and initiating important discussions, they disagree on whether the top 10s are a net positive. Specifically, they discuss potential categorization problems and the possible misuse of the top 10s as checklists.

Links for more information:

• Machine Learning top 10
• Large Language Model top 10
• Consider donating to OWASP