What is OWASP LLM02 (2023) Insecure Output Handling?
Insecure output handling described LLM answers passed to browsers, shells, or APIs without sanitization. The vulnerability lives in the integration layer, not the model weights.
What this looks like in production
In 2025 this theme became LLM05 Improper Output Handling, while sensitive data leaking through conversation moved up as its own category, LLM02 (2025).