LLM05: Improper Output Handling

OWASP LLM Top 10 (2025)

Downstream systems blindly trust model output, enabling injection downstream.

What this risk means

When applications pass model output directly to shells, browsers, SQL engines, or other interpreters without validation, model output becomes an injection vector. This is an integrator-side risk shaped by the vendor's output-guarantee documentation.

How TrustAtlas dimensions address it

IP exposure covers vendor output-rights and any indemnification offered; transparency covers whether the vendor documents output behaviour and provides safe-by-default integration guidance.

IP exposureTransparency

See methodology for how each dimension is scored across the catalog.

Questions to ask vendors

Drop these into RFPs, due-diligence questionnaires, or a procurement scorecard. Each question maps back to evidence visible on the vendor's TrustAtlas profile.

Do you provide structured-output guarantees (JSON schema validation, typed function-calling contracts) so integrators do not free-form parse model output?
What is your stance on output indemnification — do you cover IP infringement claims arising from model output, and under what terms?
Do you publish safe-by-default integration patterns (input sanitisation, sandboxing, allow-listed tool sets)?

← LLM04: Data and Model Poisoning LLM06: Excessive Agency →

Back to the full OWASP LLM Top 10 cross-walk
NIST AI RMF cross-walk — the U.S. enterprise companion framework
TrustAtlas methodology — how the 8 risk dimensions are scored
Browse the vendor directory and filter by the dimensions tied to this risk

LLM05: Improper Output Handling

What this risk means

How TrustAtlas dimensions address it

Questions to ask vendors

Related