Scanning LLM application code for OWASP Top 10 Vulnerabilities
The OWASP 2025 Top 10 Risk & Mitigations for LLMs and Gen AI Apps is an often-cited industry framework for categorizing LLM security vulnerabilities. In most cases, it makes sense to apply it at the application level (rather than the model level) because the ultimate security posture of an app depends on the surrounding infrastructure more than the underlying model.
There are now many tools that evaluate security apps for vulnerabilities listed in OWASP, such as prompt injection, sensitive information disclosure, etc. Such tests are valuable, but can only cover a subset of the vulnerabilities, and then only though observing behavior.
Our analysis shows that all of the OWASP LLM application vulnerabilities can be mitigated or secured in the application code itself. And therefore a code scan that enforces best practices with respect to security can be a way to confirm that these vulnerabilities have been dealt with.
We have published a mapping between the OWASP Top 10 for LLMs and Gen AI Apps and their associated code checks and mitigations. Using Kereva scanner, organizations can verify that their code, and that of open-source tools they use, conforms to these security practices, and to other organizational or external standards related to security and performance.