Cyber Resilience: Mitigating the OWASP Top 10 for LLMs

F5 Newsroom Staff

When OWASP released its 2025 Top 10 Risk & Mitigations for LLMs and Gen AI Apps, , it gave the industry a much-needed security benchmark. But benchmarks mean nothing without action.

F5 AI runtime security solutions address 80% of the OWASP Top 10, prioritizing the most pressing real-world risks. The solutions combine real-time runtime protection and deep adversarial testing, providing unmatched coverage across today’s most critical LLM risks. From prompt injection and data leakage to excessive agency and unbounded consumption, we’ve built an inference perimeter for how AI is actually used in the enterprise.

Where other vendors skim the surface or secure one slice of the stack, F5 runtime security goes deeper—mapping to OWASP risks across both red-team and defensive layers. This isn’t about checking boxes. It’s about giving security teams the visibility, control, and enforcement they need to protect GenAI systems at scale.

Here’s how we match up against OWASP’s top risks — and go further.

LLM01: Prompt Injection

Blocked, tested, and mitigated.
F5 delivers extensive testing for prompt injection vulnerabilities using over 30,000 evaluation prompts. The platform provides built-in protections to prevent unauthorized prompt manipulation.

LLM02: Sensitive Information Disclosure

Sensitive data stays private.
F5 identifies vulnerabilities where sensitive data may be disclosed. The platform includes an out-of-the-box scanner for personally identifiable information (PII) and supports custom scanning via keywords, regex, and generative AI models.

LLM03: Supply Chain

We mitigate risks so you don’t have to.
The platform mitigates risks such as outdated models, vulnerable pre-trained models, and weak model provenance through red-teaming and continuous monitoring.

LLM04: Data and Model Poisoning

We protect inference — even from upstream mistakes.
While primarily a training risk, F5 helps identify poorly trained or poisoned models and provides protection for retrieval-augmented generation (RAG) applications at inference.

LLM05: Improper Output Handling

Safer interactions by design.
F5 detects and blocks Cross-Site Scripting (XSS) and code injection attempts in LLM responses, ensuring safer interactions.

LLM06: Excessive Agency

Autonomy with accountability.
The platform provides in-line agent protection by scanning inputs and outputs to mitigate risks associated with Multi-Agent Collaboration Platforms.

LLM07: System Prompt Leakage

We keep your systems secure.
F5 includes built-in protection mechanisms against system prompt leakage, with additional roadmap capabilities planned for enhancement.

LLM08: Vector and Embedding Weaknesses

Not applicable — by design.
F5 security solutions operate at runtime, at the inference layer, and do not directly address vector storage vulnerabilities.

LLM09: Misinformation

Not applicable — handled upstream of inference
F5 does not currently provide hallucination detection, as this is being addressed at the model level by upstream providers such as OpenAI and Anthropic. Our focus remains on securing runtime to ensure safe and reliable AI outputs.

LLM10: Unbounded Consumption

Efficiency meets enforcement.
F5 prevents excessive API consumption and abuse, ensuring LLM resources are used efficiently and securely.

Built for Real-World AI

This isn’t just checkbox compliance. F5’s AI runtime security solutions were purpose-built to protect AI in production — where the risks are real and the consequences matter. From red-teaming against 30,000+ attacks to delivering real-time runtime protection, our platform adapts to new threats before they impact your business.

Click here to learn more about how F5’s AI runtime security solutions can protect your use cases.

About the Author

F5 Newsroom Staff

More blogs by F5 Newsroom Staff