Compliance / OWASP LLM Top 10

OWASP LLM Top 10 Compliance Mapping

OWASP LLM Top 10 (2025) is the community-curated list of the most critical security risks for large-language-model applications, covering LLM01 (prompt injection) through LLM10 (model theft).

Last reviewed June 2026

Problem

Why OWASP LLM Top 10 evidence is hard

Auditors arrive with the framework control list. Security teams arrive with a finding list. Without a pre-computed mapping, every finding requires manual translation.

How Penaxtra approaches it

How Penaxtra maps to OWASP LLM Top 10

Penaxtra ships probe families across all ten categories. The runtime gateway enforces controls aligned to LLM02, LLM06, LLM07, and LLM08.

Technical capabilities

OWASP LLM Top 10 capabilities

Every finding carries the LLM-NN identifier and the OWASP CWE references that underpin it

.

Audit-ready PDF export with control IDs attached

JSON export for GRC ticketing systems

Configurable audit retention from 1 day to 10 years

Cross-framework overlaps reduce duplicate evidence collection

Compliance mapping

OWASP LLM Top 10 control coverage

A successful indirect-injection probe via a RAG document is tagged LLM01 (prompt injection) and cross-mapped to LLM06 (sensitive disclosure) when the response leaked context.

Controls

Controls in this framework

Each control has a dedicated page: what it covers and how Penaxtra tests and evidences it.

LLM01 Prompt Injection LLM02 Sensitive Information Disclosure LLM03 Supply Chain LLM04 Data and Model Poisoning LLM05 Improper Output Handling LLM06 Excessive Agency LLM07 System Prompt Leakage LLM08 Vector and Embedding Weaknesses LLM09 Misinformation LLM10 Unbounded Consumption
Related

Explore further

Compliance overview Audit Evidence Export

Request a demo

Scoped walkthrough of the Compliance / OWASP LLM Top 10 surface against your environment. No credit card.

Request a demo Explore AI-SPM platform