The primary aim of the OWASP Large Language Model Security Verification Standard (LLMSVS) Project is to provide an open security standard for systems which leverage artificial intelligence and Large Language Models.
The standard provides a basis for designing, building, and testing robust LLM backed applications, including architectural, model lifecycle, model training, model operation and integration, model storage and monitoring concerns.
We gratefully recognize the organizations who have supported the project either through significant time provision or financially on our "Supporters" page!
Please log issues if you find any bugs or if you have ideas. We may subsequently ask you to open a pull request based on the discussion in the issue.
Classification: Documentation
Audience:
- Builders
- Breakers
- Defenders
The project is led by the two project leaders Vandana Verma Sehgal and Elliot Ward.
-
LLMSVS v2.0 (English) — Markdown edition of the English 2.0 release.
-
LLMSVS v1.0 (English) — Markdown edition matching the historical 0.1 publication track (February 2024); same requirement numbering as the community PDF:
The master branch of this repository will always be the "bleeding edge version" which might have in-progress changes or other edits open.
The requirements were developed with the following objectives in mind:
- Develop and Refine Security Guidelines: Consolidate general objectives, including community involvement and standard evolution, into a comprehensive set of security guidelines for AI and LLM-based systems.
- Address Unique Security Challenges of LLMs: Focus specifically on the unique functional and non-functional security challenges presented by Large Language Models.
- Guide Development Teams in Secure Practices: Provide detailed guidance to development teams for implementing robust security measures in LLM-based applications.
- Assist Security Teams in Audits and Penetration Testing: Offer methodologies and standards for security teams to conduct effective security audits and penetration tests on LLM-backed systems.
- Establish and Update Security Benchmarks: Create and regularly update security benchmarks to align with the latest advancements in AI and cybersecurity.
- Promote Best Practices in LLM Security: Encourage the adoption of industry best practices in securing LLM-based systems.
- Align Security Expectations Among Stakeholders: Establish a common understanding of security expectations among developers, security professionals, vendors, and clients.
Thank you for your interest in contributing to the OWASP Large Language Model Security Verification Standard (LLMSVS) Project. We welcome all contributions and appreciate your efforts to improve our project.
- Join the OWASP Slack workspace and the
#project-llmvschannel — use the links under Repository and community above. - Familiarize yourself with the project goals and objectives.
- Fork the repository and clone it to your local machine.
- Install any necessary dependencies and set up your development environment.
- Make your changes and test them locally to ensure they work as expected.
- Submit a pull request with your changes.
Before submitting a pull request, please make sure:
- Your changes are consistent with the project's goals and objectives.
- Your changes are well-documented and follow the project's coding standards.
- Your changes do not introduce new bugs or break existing functionality.
- Your changes are accompanied by tests, if applicable.
- Your pull request includes a clear and concise description of the changes you have made.
We ask that all contributors to OWASP projects abide by our Code of Conduct. This code outlines our expectations for behavior within the project community and helps us maintain a welcoming and inclusive environment for all contributors.
Thank you for your interest in contributing to an OWASP project. We appreciate your efforts to help us improve and grow our projects.
The entire project content is under the Creative Commons Attribution-Share Alike v4.0 license.