LLM security and OWASP Top 10 2025: what changes for IAM teams

TL;DR: Governance and runtime protection are paired with a 2025 State of AI Data Security Report, highlighting prompt injection, sensitive data disclosure, excessive agency, and unbounded consumption as the main enterprise risks, according to Cyera. The security model is shifting from policy intent to continuous enforcement because static controls do not reliably contain LLM behaviour in production.

NHIMG editorial — based on content published by Cyera: Securing LLMs: Cyera's AI Guardian and the OWASP Top Ten 2025

By the numbers:

• Only 14 percent have implemented automated blocking for autonomous agents.
• 86 percent of respondents say they’re concerned about AI leaking sensitive data.

Questions worth separating out

Q: How should security teams implement LLM governance without slowing adoption?

A: Start by governing the model’s access path, not just the application wrapper.

Q: Why do LLMs create more identity risk than traditional automation?

A: LLMs create more identity risk because they can decide which instructions to follow, what context to use, and which tools to call in real time.

Q: What do security teams get wrong about prompt injection?

A: They often treat prompt injection as a content-filtering problem when it is really an instruction-boundary problem.

Practitioner guidance

• Map model-readable data to minimum necessary access Inventory which datasets, documents, and memory stores the LLM can see, then cut access until the model can complete the task with the smallest workable context.
• Separate instructions from untrusted content Design prompt pipelines so system instructions, user prompts, and retrieved text remain logically isolated.
• Gate model-initiated actions before execution Require explicit policy checks for any action that can modify data, send messages, call tools, or trigger workflows.

What's in the full article

Cyera's full article covers the operational detail this post intentionally leaves for the source:

• The article breaks down each of the OWASP 2025 LLM Top Ten categories one by one, which is useful if you need a control-by-control implementation checklist.
• It includes the 2025 State of AI Data Security Report findings behind the prompt injection, leakage, and agency claims, which helps with internal risk justification.
• The article shows how Cyera positions AI Security Posture Management, runtime protection, and DLP against each threat, which is relevant once you are comparing enforcement options.
• It provides the vendor's own view of how these controls fit across training, runtime, and output handling, which is the operational layer beyond this analysis.

👉 Read Cyera's analysis of the 2025 OWASP LLM Top Ten and AI risk controls →

LLM security and OWASP Top 10 2025: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →