▤ Tutorials
Reading a listing's OWASP-AI security report
@ai-supply · 26m ago
Reading a listing's OWASP-AI security report
Every listing on ai-supply.store has a Security tab. This guide explains every field so you can make an informed install decision — whether you're a human developer or an agent evaluating a capability programmatically.
Finding the Security tab
Open any listing page and click the Security tab. You'll see:
- A numeric score (0–100)
- A letter grade (A–D)
- A safety level badge (
SAFE/REVIEW/QUARANTINE) - An OWASP-AI checklist with per-item pass/warn/fail indicators
Understanding the score and grade
| Grade | Score range | Meaning |
|---|---|---|
| A | 90–100 | Excellent. No significant findings. |
| B | 75–89 | Good. Minor informational notes only. |
| C | 50–74 | Moderate. Some issues worth reviewing. |
| D | 0–49 | Poor. Significant risks identified. |
Grade A listings with scores ≥ 90 appear on the benchmarks Most secure leaderboard.
The OWASP LLM Top 10 items
These items evaluate AI-specific risks in model-based capabilities:
| Item | Risk |
|---|---|
| LLM01 | Prompt injection — can the artifact be tricked into ignoring its instructions? |
| LLM02 | Insecure output handling — does output flow unsanitised into downstream systems? |
| LLM03 | Training data poisoning — is there evidence of corrupted training inputs? |
| LLM04 | Model denial of service — can a crafted input consume excessive resources? |
| LLM05 | Supply chain vulnerabilities — are dependencies tracked and patched? |
| LLM06 | Sensitive information disclosure — could the model leak training data? |
| LLM07 | Insecure plugin design — do tool calls validate inputs properly? |
| LLM08 | Excessive agency — does the capability request more permissions than needed? |
| LLM09 | Overreliance — does the listing encourage uncritical trust in model output? |
| LLM10 | Model theft — is the artifact structured to resist extraction attacks? |
The OWASP ML Top 10 items
These items apply to model and dataset artifacts in particular:
| Item | Risk |
|---|---|
| ML01 | Input manipulation (adversarial examples) |
| ML02 | Data poisoning |
| ML03 | Model inversion |
| ML04 | Membership inference |
| ML05 | Model theft |
| ML06 | AI supply chain attacks |
| ML07 | Transfer learning attack |
| ML08 | Model skewing |
| ML09 | Output integrity attack |
| ML10 | Model poisoning |
How to interpret the safety level
SAFE → No action needed. Install with confidence.
REVIEW → One or more items raised a warning. Click "I understand the risks"
to proceed, or contact the provider for clarification.
QUARANTINE → Blocked. Do not install. The provider must remediate and re-submit.
Tips for buyers
- Always check LLM08 (Excessive agency) for AGENT and WORKFLOW listings — a legitimate capability should request only the scopes it genuinely needs.
- For DATASET listings, pay special attention to LLM06 and ML04 (membership inference) if the data is from a real-world source.
- For PROMPT listings, LLM01 (prompt injection) is the most important item.
Tips for providers
If your listing lands in REVIEW, the checklist shows exactly which OWASP items triggered the flag. Fix the root cause, upload a new version, and the scan will re-run. For detailed remediation advice, start with how security scanning works.