Sprint 2 is open: vote and comment on the 2026 Top 10 by May 18

[rocklambros]

Sprint 2 of the 2026 OWASP Top 10 for LLM Applications is open.

For the next 14 days, the community votes and comments on:

• 10 refreshed existing entries (LLM01 through LLM10)
• 10 new candidate entries the working group surfaced from a year of research, incidents, and CVE traffic

Sprint 3 (May 18 to June 1) cuts the 10 candidates to 5 and refines the 10 existing entries based on your feedback. Sprint 4 produces the final stack-ranked 2026 Top 10. Publication target: June 15, 2026.

How to vote

Single ballot covering both tracks: https://forms.gle/jFmqZF1R6k9gCEfi6

Estimated time: 10 minutes if you score every entry, 1 to 2 minutes if you score one. All Likert questions are optional.

You score:

• Importance (1 to 5): How critical is this risk to LLM application security in 2026?
• Clarity (1 to 5): How clearly does the entry describe the risk and mitigations?
• Distinctness (1 to 5, new candidates only): Is this materially different from existing entries, or could it be merged into one of them?

Voting closes May 18, 2026 at 23:59 UTC.

How to comment

Each of the 20 entries has its own feedback issue: https://github.com/GenAI-Security-Project/GenAI-LLM-Top10/issues?q=is%3Aissue+label%3Asprint-2

Comment on the issue tied to the entry you're discussing. The form captures scores. The issues capture discussion.

For cross-cutting feedback that doesn't tie to one entry, comment in this Discussion thread.

FAQ

Do I need to vote on every entry?
No. Skip any entry you haven't read. Skip rate is a metric the working group looks at.

Can I edit my response?
Yes. The form allows response edits. Use the same email and resubmit.

Is this a public vote or working-group-only?
Public. Anyone with a Google account can vote. We dedup by email, stratify by self-reported affiliation and expertise, and run anomaly detection on the results.

Where does the data live after Sprint 2?
Aggregated results publish at the start of Sprint 3 (May 18). Raw response data publishes with emails hashed for transparency.

What if I think a candidate should merge with an existing entry?
That's exactly what the Distinctness score captures. Score it low (1 or 2) on Distinctness and explain in a comment on the candidate's issue.

Who are the project leads?
Steve Wilson and Rock Lambros, supported by a working group of contributors.

My GitHub handle is on the form. Why?
Optional, not required. We use it only to cross-validate engagement and detect anomalies. It is not published.

Integrity

We dedup by email. The form requires email collection. Email is not published. We collect optional GitHub usernames to cross-validate engagement, and stratify results by self-reported affiliation and expertise. The aggregation pipeline runs anomaly checks for vote brigading.

Code of Conduct

The OWASP Code of Conduct applies to all comments, votes, and discussion threads: https://owasp.org/www-policy/operational/code-of-conduct

Keep it factual. Keep it constructive.

Timeline

Sprint	Window	Output
Sprint 2 (now)	May 4 to May 18	Community vote and comments
Sprint 3	May 18 to June 1	Refined existing 10 plus 5 selected new = 15 candidates
Sprint 4	June 1 to June 15	Final stack-ranked Top 10, publication-ready
Publication	June 15, 2026	OWASP Top 10 for LLM Applications 2026

Vote here: https://forms.gle/jFmqZF1R6k9gCEfi6