* [Blog](https://www2.paloaltonetworks.com/blog) * [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/) * [AI Security](https://www2.paloaltonetworks.com/blog/category/ai-security/) * Complying with OWASP Top ... # Complying with OWASP Top 10 for LLM Applications and NIST AI 600-1 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-application-security-owasp-llm-nist%2F) [](https://twitter.com/share?text=Complying+with+OWASP+Top+10+for+LLM+Applications+and+NIST+AI+600-1&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-application-security-owasp-llm-nist%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-application-security-owasp-llm-nist%2F&title=Complying+with+OWASP+Top+10+for+LLM+Applications+and+NIST+AI+600-1&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/ai-application-security-owasp-llm-nist/&ts=markdown) \[\](mailto:?subject=Complying with OWASP Top 10 for LLM Applications and NIST AI 600-1) Link copied By [Roni Yaari](https://www.paloaltonetworks.com/blog/author/roni-yaari/?ts=markdown "Posts by Roni Yaari") Dec 04, 2024 6 minutes [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown) [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown) [CSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/cspm/?ts=markdown) [LLMs](https://www.paloaltonetworks.com/blog/tag/llms/?ts=markdown) [NIST](https://www.paloaltonetworks.com/blog/tag/nist/?ts=markdown) [OWASP Top 10](https://www.paloaltonetworks.com/blog/tag/owasp-top-10/?ts=markdown) Rapid advancement in [artificial intelligence (AI)](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai) and the availability of accessible developer tools have made it relatively easy to incorporate sophisticated AI capabilities into applications. In the past two years, we've seen countless AI-powered applications launched. At the same time, developers have been discovering how to enhance existing software with conversational interfaces, predictive analytics, automated customer support, and similar features. The AI boom caught many by surprise, and standards and regulations have taken a while to catch up. But things are now changing. While the establishment of a regulatory landscape looms, industry standards, spearheaded by the [EU AI Act,](https://artificialintelligenceact.eu/) are moving forward to lead the way. In today's blog post, we look at two of the main security standards for AI and [large language models (LLMs)](https://www.paloaltonetworks.com/cyberpedia/large-language-models-llm) in application development. We then explain how you can use Prisma Cloud to accelerate and simplify compliance with these standards. ## About the OWASP Top 10 for LLM and NIST AI 600-1 **The** [**OWASP Top 10 for LLM Applications**](https://owasp.org/www-project-top-10-for-large-language-model-applications/) identifies and ranks the most critical security risks associated with LLM applications. Developed by a global team of nearly 500 experts, this list addresses unique vulnerabilities in LLM systems, including prompt injection, insecure output handling and training data poisoning. It highlights potential security risks when deploying and managing LLMs and offers mitigation strategies to improve the overall security posture of these applications. [**NIST AI 600-1**](https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf)**,** also known as the AI Risk Management Framework developed by the National Institute of Standards and Technology (NIST), offers guidance to help organizations manage risks associated with AI systems. It provides a structured approach for identifying, assessing and mitigating AI-related risks across various domains, including privacy, security and fairness, as well as for addressing concerns such as bias, transparency and accountability in AI systems. It's worth noting that while both standards are voluntary, organizations across industries are widely adopting them. For many companies still early in their AI journey, the standards help establish a baseline of secure practices and policies. For those closer to deployment, they help maintain customer trust and a foundation for additional governance efforts. What about regulations? While the regulatory landscape for AI is still unclear (with near-certain regional differences), complying with industry standards will most likely shorten the time to compliance with binding regulations, whenever they come into play. ## Accelerating and Maintaining AI Compliance with Prisma Cloud AI-SPM Prisma Cloud offers several purpose-built capabilities to improve compliance workflows. To help organizations comply with AI standards, we've extended them as built-in features of Prisma Cloud AI-SPM. ![AI compliance dashboard](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/11/word-image-332126-1.png) Figure 1: AI compliance dashboard ### Detect Training and Inference Data Training and inference data is a major risk vector for AI-powered applications. Sensitive information contained in this data can be extracted if cloud resources or user-facing applications are misconfigured. Alternatively, the data that models rely on can be poisoned to create unsafe or low-quality output. Rules such as OWASP LLM06 and LLM03 dictate that controls must be in place to prevent these types of attacks. Prisma Cloud identifies datasets used for training or inference, including in object storage, documents stores and vector databases, and elsewhere in your cloud environment. It highlights misconfigurations such as publicly readable or publicly writable training datasets, which enable security teams to investigate and remediate the risk and ensure compliance with relevant standards. Compliance is also baked into Prisma Cloud DSPM's data classification engine, which automatically detects when a datastore contains data that has significance for a supported compliance framework (e.g., data that falls under the [GDPR's](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance) definition of [personally identifiable information (PII)](https://www.paloaltonetworks.com/cyberpedia/pii)). ### Discover Deployed AI Models and Inference API Endpoints Both the OWASP Top 10 and NIST 600-1 require specific guardrails on AI deployments, such as content filtering to prevent model misuse. With the wealth of open source, managed and homegrown models available to developers, however, just knowing what AI model is deployed in what environment can be tricky. Prisma Cloud AI-SPM simplifies the process, automatically finding deployed models and ecosystem components like compute and data resources. ### Manage and Prioritize Compliance Risk with Data and AI Posture Management Once data and models are discovered and classified, Prisma Cloud analyzes security and compliance posture and identifies high-priority issues and misconfigurations. The analysis includes the full context of data at risk of exposure and the part each dataset plays in the AI supply chain (whether used as training or inference data). With Prisma Cloud, you gain instant visibility into compliance risk, both at a big-picture and granular level. In just a few clicks, you can see the AI compliance frameworks you're aiming to comply with and drill down into the datastores, datasets or records that put you at risk of a violation. ## Example of AI Compliance Risks Covered by Prisma Cloud Prisma Cloud and other Palo Alto Networks cloud security solutions cover controls required by the OWASP Top 10 for LLM and NIST AI-600-1. The table below gives you an idea of the type of AI security risks covered by Prisma Cloud's out-of-the-box guardrails. |-----------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------| | **Risk** | **Description** | **OWASP 1.1** | **NIST AI 600-1** | | **Publicly writable training dataset** | Fine-tuned or trained models rely on the fidelity and security of training data to ensure that they're suitable to the organization's needs. If a training dataset is publicly writable it can be compromised, impacting model output quality or leading to unsafe responses. | LLMO3: Training Data Poisoning LLM05: Supply Chain Vulnerabilities | 8: Information Integrity 9: Information Security 12: Value Chain and Component Integration | | **Al inference dataset from foreign project** | Al applications often rely on retrieval augmented generation (RAG) to produce grounded and accurate results. This mechanism relies on inference datasets that contain the grounding data. When data is ingested from foreign projects, the application is at risk of inference data poisoning. | LLM03: Training Data Poisoning LLM05: Supply Chain Vulnerabilities | 8: Information Integrity 9: Information Security 12: Value Chain and Component Integration | | **Al asset without content filtering** | Al deployments often serve end-user-facing applications. In these cases, the best practice calls for robust content filtering policies on model inputs (to prevent unapproved model use or sensitive data sharing) and on outputs (to prevent unsafe or insecure model responses). | LLM01: Prompt Injection LLM02: Insecure Output Handling | 3: Dangerous, Violent or Hateful Content 9: Information Security 11: Obscene, Degrading or Abusive Content | ## Accelerate Your AI Compliance Journey with Prisma Cloud [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) is the only CNAPP that improves your [AI security](https://www.paloaltonetworks.com/cyberpedia/ai-security) and compliance posture with complete Code to Cloud™ protection. With Prisma Cloud, you can continuously monitor and visualize your compliance with leading AI standards and simplify the process of responding to violations or vulnerabilities. Leveraging broad multicloud coverage and powerful data-centric capabilities, [Prisma Cloud AI-SPM](https://www.paloaltonetworks.com/prisma/cloud/ai-spm) is uniquely designed to identify the latest AI risks and attack paths that can lead to insecure or unsafe usage. These capabilities can then be augmented with additional tools within Palo Alto Networks' cloud security suite, including [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar) for remediation, and with runtime protection tools. To see how everything comes together, [request a Prisma Cloud](https://www.google.com/search?client=safari&rls=en&q=prisma+cloud+request+a+demo&ie=UTF-8&oe=UTF-8) demo. *** ** * ** *** ## Related Blogs ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [Artificial Intelligence](https://www.paloaltonetworks.com/blog/cloud-security/category/artificial-intelligence/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/cspm/?ts=markdown) [#### The Rise of AI-Powered IDEs: What the Windsurf Acquisition News Mean for Security Teams](https://www2.paloaltonetworks.com/blog/cloud-security/windsurf-openai-acquisition/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [CSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/cspm/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown) [#### Deploying Secure LLM and RAG Applications with Amazon Bedrock and Prisma Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/deploy-secure-llm-rag-applications/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown) [#### AI-SPM Update: 3 New Capabilities for Model Activity, Agentic AI and Software Supply Chain Risks](https://www2.paloaltonetworks.com/blog/cloud-security/aispm-capabilities-enhanced-security/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown) [#### Don't Let Inactive AI Models Linger: Reduce Risk and Cost with Cortex Cloud](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-security-inactive-ai-model-risk/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown) [#### Implementing AI Security with Cortex Cloud AI-SPM](https://www2.paloaltonetworks.com/blog/cloud-security/implementing-ai-security-with-cortex-cloud-ai-spm/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown) [#### The New AI Attack Surface --- How Cortex Cloud Secures MCP](https://www2.paloaltonetworks.com/blog/2025/06/cloud-security-model-context-protocol-mcp-security/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language