What is OWASP LLM09 (2025) Misinformation?
Misinformation in OWASP terms is when fluent, authoritative LLM output drives bad decisions: fabricated citations, wrong regulatory advice, or invented case law. Users act on it because it sounds right.
What this looks like in production
Courts have seen fake precedents submitted from chatbots. Consumer finance bots gave incorrect tax guidance at scale. The harm is operational and regulatory, not only reputational.
What teams usually do about it
- Ground answers in verifiable sources where stakes are high.
- Surface uncertainty instead of false confidence.
- Monitor hallucination and misinformation probes continuously.