Basic Concept: OWASP has published the Top 10 vulnerabilities for Large Language Model Applications, each addressing a distinct category of LLM security risk. Understanding which OWASP category maps to specific LLM vulnerability scenarios is a key competency in the CompTIA SecAI+ Study Guide under securing AI systems.
Why D is Correct: Improper output handling (OWASP LLM02) occurs when an application passes LLM-generated outputs to downstream systems such as plug-ins, web browsers, or databases without proper validation, sanitization, or encoding. This can enable XSS, SQL injection, remote code execution, or other injection attacks against plug-ins and downstream systems. The scenario exactly matches this: unsanitized AI responses are automatically passed to multiple plug-ins, which could execute malicious content in the model ' s output.
Why A is Wrong: Misinformation refers to the AI generating false or misleading content that users might believe. It is a content accuracy concern related to hallucinations and false information propagation, not a vulnerability describing how model outputs are handled by downstream systems.
Why B is Wrong: Prompt injection involves crafting inputs to manipulate model behavior and override instructions. While it can be a contributing cause of unsafe outputs, the vulnerability described — passing unsanitized outputs to plug-ins — is specifically the output handling failure, not the injection mechanism itself.
Why C is Wrong: Unbounded consumption (OWASP LLM10) refers to resource exhaustion attacks including denial-of-wallet and denial-of-service through excessive token consumption. It addresses resource management vulnerabilities, not the security implications of passing model outputs to downstream systems.
