Simuna InfosecSIMUNA INFOSEC
AI Security2026-08-05

AI & LLM Security Testing in Singapore: OWASP Top 10 for LLMs 2025

As Singapore builds its AI governance framework and MAS-regulated entities deploy AI, security testing against the OWASP LLM Top 10 becomes essential.

Singapore is actively building its AI governance framework while its enterprises โ€” particularly in financial services โ€” rapidly deploy LLM-powered applications. For MAS-regulated entities and CII operators, understanding and testing AI-specific risks is essential.

Singapore's AI Governance Direction

Singapore's approach to AI governance emphasises responsible development and deployment. The Model AI Governance Framework, published by IMDA and the Personal Data Protection Commission, provides guidance on AI accountability, transparency, and human oversight. While not prescriptive about specific security testing, the framework's emphasis on risk management and accountability creates a clear environment where rigorous AI security testing supports governance objectives.

For MAS-regulated financial institutions deploying AI features, the TRM Guidelines' expectations for testing proportionate to risk apply โ€” and AI applications represent a novel risk category that warrants specific assessment.

The OWASP Top 10 for LLM Applications 2025

The 2025 edition provides the technical framework, covering Prompt Injection, Sensitive Information Disclosure, Supply Chain risks, Data and Model Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage (new), Vector and Embedding Weaknesses (new), Misinformation, and Unbounded Consumption. These categories map to the real-world attacks that AI applications face.

What We Test

We test against the complete OWASP Top 10 for LLM Applications 2025, covering prompt injection across all data paths, system prompt and credential extraction, RAG pipeline integrity and cross-tenant isolation, tool-use and agency controls, output handling and downstream injection risks, and model API security. We test cloud-hosted and self-hosted deployments.

How Simuna Infosec Helps

We have secured infrastructure for Tier-1 telecom operators in Singapore, and we bring this enterprise-grade rigour to AI security testing. Our AI/LLM VAPT combines traditional application security with AI-specific attack techniques, providing the independent, expert assessment that Singapore's governance frameworks expect.

*This article references the OWASP Top 10 for LLM Applications 2025 and publicly available Singapore regulatory information as of mid-2026.*

Related Articles

AI Security

AI & LLM Security Testing: The Enterprise Guide to Securing Your AI Applications

Compliance

MAS TRM Guidelines: Penetration Testing Requirements for Singapore Financial Institutions

Compliance

Singapore's Cybersecurity (Amendment) Act 2024: What Came Into Force in October 2025