OWASP Top 10 in 2025: What Actually Changed

OWASP updated the Top 10 for 2025, and the discourse is already drowning in hot takes. "Injection dropped to #5!" "AI risks are finally on the list!" Most of the commentary misses the point. The Top 10 isn't a vulnerability ranking — it's a data-driven snapshot of what's actually exploited in the wild. Here's what the 2025 update actually tells us and how it should change your testing.

The Headline Changes

Broken Access Control stays at #1. This is the third consecutive cycle where access control leads the list, and the data gap between #1 and #2 is widening. According to OWASP's contributor data, 94% of applications tested had some form of broken access control, up from 85% in the 2021 dataset.

Why it matters: if you're only testing for injection and XSS, you're optimizing for the wrong century. The majority of exploitable findings in modern applications are authorization issues — IDOR, privilege escalation, and missing function-level access controls.

New Entry: Insecure AI Integration (A11:2025)

OWASP added a new category for applications that integrate AI/LLM components insecurely. This covers:

• Prompt injection in user-facing AI features
• Insufficient output validation from LLM responses
• Over-permissioned AI agents with access to sensitive data or operations
• Training data poisoning in fine-tuned models

This entry reflects the explosive growth of AI integrations since 2023. Our scanning data aligns: 45% of applications with AI features have at least one prompt injection vulnerability, and 67% don't validate LLM output before rendering it in the UI (enabling indirect XSS).

Cryptographic Failures Moved to #3

Formerly "Sensitive Data Exposure," this category now focuses specifically on cryptographic failures: weak algorithms, missing encryption at rest, improper key management, and insufficient transport layer security. The rename clarifies that the issue isn't data exposure per se but the broken cryptographic controls that enable it.

What Dropped and Why

XML External Entities (XXE) is no longer a standalone category. It's been merged into the broader injection category. This makes sense — XXE is still a real vulnerability class, but it's increasingly rare in modern applications that use JSON APIs. Our scanning data shows XXE in less than 3% of applications tested in 2024.

Cross-Site Scripting (XSS) was absorbed into injection in the 2021 update and remains there. React, Vue, and modern frameworks auto-escape output by default, dramatically reducing reflected XSS. Stored XSS persists but typically through rich text editors, Markdown rendering, or dangerouslySetInnerHTML — specific contexts rather than systemic issues.

How This Should Change Your Testing

Prioritize access control testing

Invest in multi-user testing scenarios. Create two accounts at the same privilege level and systematically test whether User A can access User B's resources. Then test vertical escalation — can a regular user access admin functions? This requires authenticated scanning with multiple sessions, which most traditional DAST tools handle poorly.

Add AI-specific security testing

If your app has AI features, test them:

1. Send prompt injection payloads through every user input that reaches an LLM
2. Check if LLM output is rendered as HTML without sanitization
3. Verify that AI agents can't access data or operations beyond their intended scope
4. Test for data extraction through prompt manipulation

Update your cryptographic baseline

Audit your TLS configuration (TLS 1.2+ only, strong cipher suites), verify encryption at rest for sensitive fields, and check that you're not using deprecated algorithms (MD5, SHA-1 for security purposes, DES).

The Unchanged Truth

The Top 10 changes at the margins. The core message has been consistent for 15 years: validate input, enforce authorization, encrypt sensitive data, and don't trust the client. What changes is the emphasis and the specific manifestation. In 2025, the emphasis is clear: access control, server-side security components, and AI integration safety.

The OWASP Top 10 tells you where to look. Your security testing tells you what's actually broken. Update the former, but invest in the latter.