As Vietnamese enterprises adopt AI and LLM-powered applications — from customer-service chatbots to AI-assisted e-commerce and fintech features — a new class of security risk emerges that traditional testing cannot address.
The OWASP Framework for AI Security
The OWASP Top 10 for LLM Applications 2025 is the industry-standard framework for AI-specific security risks. It covers ten categories including Prompt Injection (the number-one risk — manipulating AI behaviour through crafted inputs), Sensitive Information Disclosure (extracting internal data from the model), Excessive Agency (AI tools executing unintended actions), and two categories new in the 2025 edition: System Prompt Leakage and Vector and Embedding Weaknesses affecting RAG pipelines.
Vietnam's Context
Vietnam's Personal Data Protection Law (Law 91/2025/QH15) creates obligations for organisations processing personal data. AI applications that process customer data — whether for personalisation, recommendations, or automated decisions — fall squarely within scope. Testing AI applications for data leakage vulnerabilities is directly relevant to PDPL compliance.
Vietnam's rapidly growing technology sector, including significant software development and fintech industries, is increasingly embedding AI features into products. Ensuring these features are secure before deployment is more efficient and less costly than responding to incidents after launch.
What We Test
Our AI/LLM VAPT covers the complete OWASP Top 10 for LLM Applications 2025, testing prompt injection (direct and indirect), data leakage, system prompt extraction, RAG pipeline integrity, excessive agency, output handling, and model API security. We test both cloud-hosted and self-hosted AI deployments.
How Simuna Infosec Helps
We combine traditional application security expertise with AI-specific attack techniques — the combination required to test AI systems the way sophisticated adversaries would. We support a multinational software company with major operations in Vietnam, giving us direct familiarity with the local technology environment.
*This article references the OWASP Top 10 for LLM Applications 2025. The AI security landscape evolves rapidly.*