LLM05 · OWASP LLM Top 10

Improper Output Handling (LLM05)

Downstream systems trust LLM output and execute it without validation, leading to traditional injection vulnerabilities (XSS, SQL injection, command execution) being introduced through LLM-generated payloads.

Examples

An LLM writes a SQL query that's executed without parameterization.
An LLM-generated HTML response is rendered without escaping, leading to stored XSS.
An LLM writes shell commands that an automation framework executes.

Recommended controls

Treat LLM output as untrusted input to downstream systems
Output schema validation
Sandboxing for code-execution use cases
Output filtering and re-validation

Posture Check checkpoint

Posture Check questions Q11–Q15 plus Q21–Q25. Affects Prompt and Runtime.

Score yourself against this framework.

The AI Posture Check is a free 30-question self-assessment that maps your gaps directly to OWASP LLM Top 10, NIST AI RMF, and ISO 42001.

Take the AI Posture Check

Need help operationalizing this?

Talk to a CWS engineer about your AI security program.

Schedule a Discovery Call to scope a Standard Audit or Enterprise Program.

Schedule a Discovery Call