Threat Detection Coverage
Complete coverage map for all 10 OWASP LLM Top 10 2025 categories.
AIGodfather detects threats across all 10 categories defined by the OWASP LLM Top 10 2025 standard. Detection uses a combination of 47+ pattern rules and dual-layer LLM analysis.
Coverage Table
| OWASP ID | Title | Status | Subcategories Detected |
|---|---|---|---|
| LLM01 | Prompt Injection | ✅ Covered | Direct injection, indirect injection, jailbreak, role hijack, system prompt leak |
| LLM02 | Sensitive Information Disclosure | ✅ Covered | Memory overwrite, context manipulation, history injection |
| LLM03 | Supply Chain Vulnerabilities | ✅ Covered | Unverified model reference, malicious plugin indicator, dependency confusion |
| LLM04 | Data and Model Poisoning | ✅ Covered | Context manipulation, history injection, memory overwrite |
| LLM05 | Improper Output Handling | ✅ Covered | XSS in output, SQL injection in output, code execution, path traversal, template injection, markdown injection |
| LLM06 | Excessive Agency | ✅ Covered | Unauthorized tool call, tool parameter manipulation, excessive tool usage |
| LLM07 | System Prompt Leakage | ✅ Covered | System prompt disclosure, credential in output, internal config leak, role structure leak, instruction verbatim leak |
| LLM08 | Vector and Embedding Weaknesses | ✅ Covered | RAG poisoning attempt, embedding manipulation, vector store injection |
| LLM09 | Misinformation | ✅ Covered | Detected via prompt injection patterns that manipulate outputs |
| LLM10 | Unbounded Consumption | ✅ Covered | Detected via tool abuse patterns (excessive usage, loop induction) |
LLM05 — Improper Output Handling
AIGodfather scans LLM outputs for executable content that could be dangerous if passed downstream: script tags, SQL statements, shell commands, path traversal sequences, and template injection patterns. These patterns only fire on output — not input — to avoid false positives from legitimate security discussions.
LLM07 — System Prompt Leakage
The scanner detects when an LLM reveals its own instructions, API keys (OpenAI sk-*, Google AIza*), database credentials, Bearer tokens, or internal architecture details in its output. Credential patterns found in user input are downgraded in severity since they may be legitimate configuration.
LLM03 — Supply Chain Vulnerabilities
Detects instructions to load external models, install packages from URLs, or use unverified plugins. Patterns identify references to external model endpoints, pip/npm install commands, and fine-tuning instructions pointing to external data sources.
LLM08 — Vector & Embedding Weaknesses
Identifies attempts to poison RAG/vector stores by injecting content with manipulated relevance scores, or instructions to always retrieve specific content regardless of query. Severity is automatically upgraded when these patterns appear in tool outputs (indicating the retrieved content itself is compromised).
Reference: OWASP LLM Top 10 2025 (official)