Skip to content
RansomLeak
Blog

OWASP

4 posts with the tag “OWASP”

OWASP Top 10 for Agentic Applications: 10 free training exercises now live

OWASP Top 10 for Agentic Applications training course - terminal showing all 10 exercises live with checkmarks
Dmytro Koziatynskyi
Founder & CEO

Every risk category in the OWASP Top 10 for Agentic AI Applications now has a dedicated training exercise on RansomLeak. Ten exercises covering ten attack scenarios where AI agents act on their own and things go wrong. All free, no account required.

The OWASP Top 10 for Agentic AI Applications is the industry framework for categorizing security risks specific to autonomous AI agents. This course turns each category into a hands-on simulation where employees experience these attacks in realistic workplace scenarios.

OWASP Top 10 for LLM Applications: 10 free training exercises now live

OWASP Top 10 for LLM Applications training course - terminal showing all 10 exercises live with checkmarks
Dmytro Koziatynskyi
Founder & CEO

Every risk category in the OWASP Top 10 for LLM Applications now has a dedicated training exercise on RansomLeak. Ten exercises covering ten attack scenarios, from prompt injection to denial-of-wallet. All free, no account required.

The OWASP Top 10 for LLM Applications is the industry standard for categorizing AI security risks. This course turns each category into a hands-on simulation where employees experience these attacks firsthand in realistic workplace scenarios.

OWASP Agentic AI Top 10: Security Risks When AI Acts on Its Own

OWASP Agentic AI Top 10 - interconnected AI agents with cascading failure visualization
Dmytro Koziatynskyi
Founder & CEO

An AI agent at a fintech company was tasked with resolving a customer’s billing dispute. It accessed the billing system, issued a refund, then escalated the ticket internally. Along the way it read the customer’s full payment history, forwarded account details to an external logging service it had been configured to use, and modified the customer’s subscription tier without approval. Every action was technically within the permissions it had been granted.

Nobody told the agent to do most of that. It chained together actions it deemed logical. Each step made sense in isolation. Together, they created a data exposure incident that took weeks to untangle.

This is the class of risk the OWASP Agentic AI Top 10 was built to address. Not the vulnerabilities of the language model itself, but the dangers that emerge when AI systems act autonomously across multiple tools, APIs, and data sources.

OWASP Top 10 for LLM Applications: What Security Teams Get Wrong

OWASP Top 10 for LLM Applications - neural network with vulnerability categories
Dmytro Koziatynskyi
Founder & CEO

OWASP published its first Top 10 for Large Language Model Applications in 2023. Two years later, most security teams still treat “LLM risk” as a synonym for “prompt injection.” That’s like treating the OWASP Web Top 10 as if SQL injection were the only vulnerability that mattered.

The 2025 revision of the OWASP LLM Top 10 expanded and reorganized the list based on real-world incidents. Supply chain attacks replaced insecure plugins. System prompt leakage and vector embedding weaknesses got their own categories. The list reflects what attackers are actually doing, not what conference talks speculate about.

Your employees interact with LLMs daily. Customer support agents use chatbots. Marketing teams generate content. Developers lean on AI coding assistants for everything from debugging to architecture decisions. Each interaction is a potential attack surface, and your team probably doesn’t know it.