LLM Insecure Output Handling
Description
This vulnerability occurs when applications fail to properly sanitize or validate outputs generated by Large Language Models (LLMs) before rendering or processing them. Since LLMs can produce arbitrary content based on their training data or malicious prompts, unsanitized outputs may contain executable code, markup, or commands that are treated as trusted input by downstream systems or user interfaces.
Remediation
Implement comprehensive output handling controls for all LLM-generated content:<br/><br/><strong>1. Treat LLM outputs as untrusted user input:</strong> Apply the same sanitization and validation techniques used for external user data.<br/><br/><strong>2. Context-aware output encoding:</strong> Encode outputs based on where they will be used (HTML, JavaScript, SQL, shell commands, etc.).<br/><pre>// Example: HTML encoding for web display const sanitizedOutput = escapeHtml(llmResponse); document.getElementById('result').textContent = sanitizedOutput; // Example: Using a sanitization library import DOMPurify from 'dompurify'; const cleanOutput = DOMPurify.sanitize(llmResponse);</pre><br/><strong>3. Implement Content Security Policy (CSP):</strong> Use strict CSP headers to prevent execution of inline scripts from LLM outputs.<br/><br/><strong>4. Use parameterized queries:</strong> Never directly concatenate LLM outputs into SQL queries or system commands.<br/><br/><strong>5. Apply output validation:</strong> Define expected output formats and reject responses that don't conform to specifications.