The OWASP Top 10 for LLM Applications calls out LLM01 Prompt Injection, LLM02 Insecure Output Handling, and LLM08 Excessive Agency as critical risks.
Mitigations you can implement today
- Isolation & sandboxing for tool execution and code evaluation; never run model output with production privileges.
- Strong allow-lists for tools, file types and destinations; enforce typed tool contracts.
- Output validation/normalization: schemas (JSON), regex allow-lists, and taint tracking before downstream use.
- System prompt hardening and content filters for jailbreaks and data exfil cues.
- Defense-in-depth: monitor for anomalous tool chains, escalation and token bursts.
Source: OWASP LLM Top 10 (risks & mitigations), plus Exchange control families.