// Write-ups
10 research write-ups across all OWASP LLM categories
LLM10beginnermedium
How adversaries exploit LLM token generation to inflate costs and degrade service availability through sponge examples and token flooding.
DoStoken-floodingsponge-examplescost-attack
LLM09intermediatemedium
How adversaries exploit LLM tendency to hallucinate confidently, enabling misinformation campaigns and trust exploitation.
hallucinationmisinformationoverconfidencetrust
LLM08advancedhigh
How adversaries inject malicious documents into RAG vector stores to manipulate retrieval and corrupt LLM responses.
RAGvector-databasepoisoningretrieval
LLM07intermediatehigh
A taxonomy of techniques adversaries use to extract hidden system prompts and how to defend against prompt leakage.
system-promptleakageextractioncanary-tokens
LLM06advancedcritical
How LLM agents with excessive tool permissions can be manipulated into performing unintended high-impact actions.
agentsprivilege-escalationtool-useSSRF
LLM05intermediatehigh
How unsanitized LLM output rendered as HTML can lead to cross-site scripting, stored XSS, and downstream code injection.
XSSoutput-handlingmarkdowninjection
LLM04advancedcritical
How adversaries embed hidden backdoors in fine-tuned language models that activate only when specific trigger tokens appear.
backdoordata-poisoningfine-tuningtrigger-tokens
LLM03intermediatehigh
What makes a supply chain attack on an ML model dangerous, and what to look for when auditing third-party models.
supply-chainmodel-poisoninghuggingfaceprovenance
LLM02advancedhigh
How adversaries extract memorized training data — including PII and proprietary code — from large language models.
memorizationdata-extractionPIItraining-data
LLM01intermediatecritical
A comprehensive breakdown of prompt injection attack classes, real-world examples, and proven mitigation strategies for LLM-powered applications.
prompt-injectionllm01jailbreakindirect-injectionsystem-prompt