🍂 OWASP LLM Top 10 Newsletter - September '23 Edition 🍂

Don’t mind me, just buzzing by to deliver the latest OWASP LLM Top 10 news! 🐝

Don’t mind me, just buzzing by to deliver the latest OWASP LLM Top 10 news! 🐝

Hello security enthusiasts and OWASP Community Members!

September has been a month of exciting changes and initiatives for us. Let's dive into what’s been brewing!

🧹 Housekeeping Matters First 🧹

First things first, we’ve updated our meeting links! No more confusion or missed connections. Head over to our Meetings Wiki to find the new links and a convenient .ical file to keep your calendar up-to-date. While we’re talking numbers, a big shoutout to our nearly 170 newsletter subscribers —each and every one of you is amazing!

If you have suggestions or find something in the project that could be improved, feel free to submit a GitHub Issue. And if you haven’t yet joined our Slack channel, let this be your sign. Our home channel is #project-top10-for-llm and here’s your exclusive invite.

🛠️ The Journey to v1.1 🛠️

September has been all about refinement and our v1.1 lead Ads Dawson has kept us to a tight schedule! During our first sprint, we polished v1.0, focusing on typos, grammatical errors, and inconsistencies. Sprint two was where the community all came into play, contributing invaluable amendments via Github Issues. And since then our designated vulnerability entry leads have been hard at work, creating and refining PRs. Mark your calendars because v1.1 is set to release in the first few days of October!

📊 2.0 Data Gathering 📊

In data we trust! Emmanuel Guilherme Jr. has graciously taken the lead in this crucial project phase. Our focus here is to gather real-world data on vulnerabilities to ensure our project is as relevant and up-to-date as possible. Want to be a part of this? Check out our Data Gathering Methodology and join the #team-llm-datagathering-methodology Slack channel.

✒️ Style Matters, Even in Security ✒️

Our draft style guide is now published on the GitHub repo, which will help us maintain uniformity in our entries. And speaking of terminology, our style lead Jason Ross has initiated an intriguing conversation on whether we should refer to them as “top 10 vulnerabilities” or “top 10 risks”. Have your say on Slack.

🌐 Bridging Language Barriers: Globalize Our Top 10 🌐

In a world as connected as ours, language should never be a barrier to critical cybersecurity knowledge. That's where you come in! If you're proficient in languages other than English, our new localization lead Talesh Seeparsan invites you to help us make the OWASP LLM Top 10 accessible to non-English speakers around the globe! Your skills could help empower individuals and organizations to bolster their security postures, no matter what language they speak. To contribute to this meaningful initiative, please reach out to Talesh on Slack.

🎨 Visualizing Security: Help Perfect Our Diagrams 🎨

Bob Simonoff has been busy crafting an updated set of charts and diagrams for our v1.1 release, and he wants your two cents! These visuals are more than just eye-candy; they serve as an invaluable resource for understanding complex security issues at a glance. Dive into our Slack channel, #team-llm_diagrams_and_visuals, to take a look at Bob's latest creations. Your feedback could be the finishing touch that turns these charts from good to great. Don't miss the chance to be a part of the team that brings these vital educational tools to life!

📺 Must-See Content 📺

Earlier this month, Distinguished Engineer at IBM Security Jeff Crume covered the first three items out of the Top 10 list in one of IBM’s awesome lightboard educational videos. If you've already mastered the ins and outs of LLM Top 10, this video serves as an excellent resource to introduce the subject to your peers and leaders. Consider it your go-to primer for diving into the wealth of content we've created around large language model security.

🛡️ Introducing Our Security & Governance Checklist 🛡️

We're thrilled to announce our very first sub-project led by Sandy Dunn—the Artificial Intelligence Security & Governance Checklist. This initiative aims to cut through the noise surrounding AI security, steering clear of both extreme skepticism and uncritical acceptance.

The Why

As AI technologies like Large Language Models become increasingly woven into the fabric of our digital lives, the stakes for security have never been higher. We're charting a balanced course, recognizing that attackers will not only use these technologies but will also continually refine their techniques.

The Roadmap

  • September 28th: The journey began with our official kick-off.

  • October 15th: We'll release the first draft, giving you an early look at our findings.

  • November 15th: Your chance to weigh in during our public comment period.

  • December 1: The big day — v1.0 of the checklist officially releases.

  • 2024: Stay tuned, there's more to come!

Ready to contribute or learn more? Join the conversation on in the #team-llm_ai-secgov slack channel.

📱Stay Connected📱

Aubrey King has expanded our social media reach across various platforms including LinkedIn, Youtube, Twitter (can’t make me say X), and soon even more! Follow and don’t be shy to re-share any content we post! BTW, if you're presenting anything related to our project externally, do let us know at [email protected] so we can review and blast out to our social media followers!

💭 Closing Thoughts 💭

As we step into October and enter Cybersecurity Awareness Month, it’s the perfect time to get more involved with our project. We look forward to seeing you in our Slack channels and at our upcoming meetings!

Buzzing out of your inbox until next month,

Will Chilcutt
LinkedIn, Twitter