Skip to content

Security Test: LLM Endpoint Detection

Description

Default Severity:

LLM Endpoint Detection is about finding when an application exposes a way to interact with a language model, which can be a hidden door for potential attackers. If developers aren’t careful, these endpoints may allow malicious input that tricks the system into doing unexpected or harmful things, like revealing sensitive data or running unauthorized code. Often, the issue arises when endpoints aren’t properly secured or validated, letting attackers use injection attacks to manipulate how the underlying model behaves. This can lead not only to data breaches but also to broader misuse of the application, especially when developers make assumptions about what kind of input will be received. The danger lies in these overlooked spaces—what seems like a harmless feature can become a gateway for more significant security problems if not treated with caution.

Reference:

Configuration

Identifier: injection/llm_detection

Examples

All configuration available:

checks:
  injection/llm_detection:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API8:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.1
GDPR Article-32
SOC2 CC6
PSD2 Article-95
ISO 27001 A.12.2
NIST SP800-53
FedRAMP SI-3
CWE 200
CVSS Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N