What is OWASP LLM05 (2025) Improper Output Handling?
Improper output handling is what happens after the model responds. If downstream code trusts LLM text without validation, a plausible-looking string can become XSS, SQL injection, or an executed command.
What this looks like in production
The failure is not always a hallucination. Even a well-intentioned prompt can produce output your renderer or database layer should never see. Input filtering alone does not fix downstream execution.
What teams usually do about it
- Treat model output as untrusted input to every downstream system.
- Enforce schemas, allowlists, and encoding at integration boundaries.
- Test the full path from answer to action, not the chat UI alone.