“Vectors and embeddings vulnerabilities present significant security risks in systems utilizing Retrieval-Augmented Generation (RAG) with Large Language Models. These weaknesses arise from how vectors are created, stored, or accessed — allowing attackers to introduce harmful content, alter outputs, or expose confidential data.”
“How vectors are created” — what content enters the embedding pipeline (hidden text, adversarial formatting)
“How vectors are stored” — whether the vector store is encrypted and access-controlled
“How vectors are accessed” — whether retrieval enforces permissions at query time
LLM08 is one of three categories added for the 2025 edition of the OWASP LLM Top 10. Its addition reflects how rapidly RAG-based applications have become the dominant deployment pattern for enterprise AI. If your system uses an LLM with any private knowledge base, this category applies to you.