04·OWASP GenAI Top 10:2025 — threat map as a course guide

Introduction

OWASP (Open Web Application Security Project) published in 2025 an updated list of the 10 most important threats for generative AI applications. This list has become the industry standard for security assessments of LLM-based systems — covering threats to the models themselves (prompt injection, model theft, training data poisoning) as well as to systems embedded in infrastructure (insecure plugin design, excessive agency, vector/embedding weaknesses). This lesson covers each of the 10 threats, the attack mechanism, typical scenarios, and maps them to agent architecture components.