OWASP LLM05 (2025) Improper Output Handling

What is OWASP LLM05 (2025) Improper Output Handling?

Improper output handling is what happens after the model responds. If downstream code trusts LLM text without validation, a plausible-looking string can become XSS, SQL injection, or an executed command.

What this looks like in production

The failure is not always a hallucination. Even a well-intentioned prompt can produce output your renderer or database layer should never see. Input filtering alone does not fix downstream execution.

What teams usually do about it

  • Treat model output as untrusted input to every downstream system.
  • Enforce schemas, allowlists, and encoding at integration boundaries.
  • Test the full path from answer to action, not the chat UI alone.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox