Glossary term
Glossary term
Security
Failure to treat AI outputs as untrusted data before passing them into code, queries, workflows, browsers, documents, or other systems. Applications should validate, sanitize, and constrain AI outputs before using them in SQL, HTML, code execution, workflow automation, or privileged actions.
OWASP LLM05:2025 Improper Output Handling addresses cross-site scripting, SQL injection, and remote code execution arising from unsanitized LLM outputs.
Embrace The Red and other researchers demonstrated XSS attacks via markdown-rendered LLM output in Chat UIs and Confluence integrations in 2023 and 2024.
Industry guidance from Snyk, Checkmarx, and Mend recommends treating LLM output as untrusted input subject to standard sanitization and output encoding.