LLM10:2025Sources
← Back to lesson
Sources & Attribution
Everything in this lesson, sourced.
Every incident, CVE, and research paper mentioned in LLM10:2025 — Unbounded Consumption — traced back to where it came from.
Framework License

This lesson is built on the OWASP Top 10 for Large Language Model Applications (2025), released under Creative Commons Attribution-ShareAlike 4.0. Definitions, vulnerability categories, mitigation structure, and attack scenarios are drawn directly from this framework. Real-world incidents and research are independent factual reporting, cited individually below.

01
Primary Framework
The structure this entire lesson is built on
OWASP Top 10 for LLM Applications 2025 — LLM10: Unbounded Consumption
OWASP Foundation · Released 2025 · CC BY-SA 4.0
Cited for: Core definition, 4 attack types, 6 mitigation categories, 3 official attack scenarios (slides 3, 9, 14–16, 18–25)
genai.owasp.org →
02
CVEs — Official Records
Formally catalogued vulnerabilities referenced in this lesson
CVE-2019-20634 — Proof Pudding (Model Extraction Against Proofpoint)CVSS 3.7
Proofpoint Email Protection · Model extraction / API scraping attack · Will Pearce & Nick Landers · DerbyCon 2019
Cited for: Model extraction via API scraping, slides 9, 13, 25. Also catalogued as AVID-2023-V009. OWASP's canonical example for this attack type within LLM10.
NVD record →
03
Confirmed Incidents
Real-world events verified against primary or first-party sources
Sourcegraph Security Incident — August 30, 2023Company Disclosure
Sourcegraph · Admin access token leaked via public GitHub repo · ~2 million API calls before detection · Disclosed September 2023
Cited for: Context window flooding, API abuse via unauthorized token, service degradation, slides 10, 14, 22, 25
Sourcegraph disclosure →
Sourcegraph Breach — BleepingComputer ReportPress Report
BleepingComputer · Lawrence Abrams · August 2023 · Corroborates Sourcegraph's own disclosure with additional technical detail
Cited for: Confirmation of 2 million API calls, proxy app mechanics, rate limit response, slide 10
BleepingComputer →
04
Academic Research
Peer-reviewed and preprint research cited in this lesson
Scalable Extraction of Training Data from (Production) Language ModelsResearch Paper
Nasr et al. · Google DeepMind, Cornell, UW, CMU, UC Berkeley, ETH Zurich · arXiv:2311.17035 · Disclosed to OpenAI August 30, 2023 · Published November 28, 2023
Cited for: Repeated-token attack, sustained generation causing behavioral divergence, disproportionate token consumption per query, slides 12, 25. The "poem poem poem" technique extracted 10,000+ training examples for ~$200.
arXiv:2311.17035 →
AVID-2023-V009 — Proof Pudding (moohax & monoxgas)Vulnerability Report
AI Vulnerability Database · Will Pearce & Nick Landers · DerbyCon 2019 presentation: "42: The answer to life, the universe, and everything offensive security"
Cited for: Proof Pudding model extraction mechanics, systematic probe query approach, slide 13
AVID database →
Built on the OWASP LLM Top 10:2025 framework under CC BY-SA 4.0.
Found an error or outdated link? Let us know.