OWASP LLM02 (2023) Insecure Output Handling

What is OWASP LLM02 (2023) Insecure Output Handling?

Insecure output handling described LLM answers passed to browsers, shells, or APIs without sanitization. The vulnerability lives in the integration layer, not the model weights.

What this looks like in production

In 2025 this theme became LLM05 Improper Output Handling, while sensitive data leaking through conversation moved up as its own category, LLM02 (2025).

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox