AI Posture Check Take the Check
LLM08 · OWASP LLM Top 10

Vector and Embedding Weaknesses (LLM08)

Risks specific to vector databases, embedding models, and RAG architectures. Includes embedding inversion (recovering source text from embeddings), unauthorized retrieval, and corpus poisoning.

Examples

  • An attacker inverts embeddings stored without access controls and recovers training-text.
  • A RAG retrieval returns chunks the requesting user did not have permission to see.
  • A poisoned corpus chunk is retrieved and biases model output.

Recommended controls

  • Access control on vector stores aligned to source-document permissions
  • Embedding-store encryption
  • Retrieval audit logging
  • Corpus content review

Posture Check checkpoint

Posture Check questions Q6–Q10 plus Q16–Q20. Affects Data and Model.

Score yourself against this framework.

The AI Posture Check is a free 30-question self-assessment that maps your gaps directly to OWASP LLM Top 10, NIST AI RMF, and ISO 42001.

Take the AI Posture Check
Need help operationalizing this?

Talk to a CWS engineer about your AI security program.

Schedule a Discovery Call to scope a Standard Audit or Enterprise Program.

Schedule a Discovery Call