LLM09: Misinformation
OWASP LLM Top 10 (2025)
Hallucinated, biased, or fabricated outputs treated as authoritative.
What this risk means
LLMs confidently produce false content. Risk is highest where outputs are consumed without expert review — medical advice, legal analysis, financial reasoning. The vendor's grounding, citation, and uncertainty-expression posture shape exposure.
How TrustAtlas dimensions address it
Transparency covers model-card disclosure of known limitations and benchmarks; regulatory compliance covers the regulated-domain claims (medical-device classification, legal-advice disclaimers); business stability covers exposure to defamation/misinformation litigation.
See methodology for how each dimension is scored across the catalog.
Questions to ask vendors
Drop these into RFPs, due-diligence questionnaires, or a procurement scorecard. Each question maps back to evidence visible on the vendor's TrustAtlas profile.
- Do you publish model-card hallucination benchmarks, and how frequently are they refreshed against new model versions?
- Is grounding (RAG, citations, structured retrieval) available, and on which tiers?
- Do you carry liability insurance for misinformation harm in regulated domains (medical, legal, financial)?
- What disclaimer or AI-content-labelling guidance do you provide for downstream products consuming your output?
Related
- Back to the full OWASP LLM Top 10 cross-walk
- NIST AI RMF cross-walk — the U.S. enterprise companion framework
- TrustAtlas methodology — how the 8 risk dimensions are scored
- Browse the vendor directory and filter by the dimensions tied to this risk