Framework mapping
OWASP LLM Top 10 (2025) Mapped to Vendor Coverage and Cost
The canonical attack taxonomy with the cheapest published rate per entry, where one exists.
10
OWASP entries
$0.08
Cheapest per-entry published rate
20
Vendors mapped
2025
OWASP edition
Cheapest published rate per OWASP entry
Where the cheapest path has a number, it is shown verbatim. Where every vendor for the entry is quote-only, that is what the column says.
LLM01 Prompt injection
genai.owasp.org →$0.08 / 1K text units (AWS Bedrock prompt attack)
LLM02 Sensitive information disclosure
genai.owasp.org →$0.10 / 1K text units (AWS Bedrock sensitive info)
LLM03 Supply chain
genai.owasp.org →Quote only across all named scanner vendors
LLM04 Data and model poisoning
genai.owasp.org →Quote only; covered by HiddenLayer, Prisma AIRS, Wiz AI-SPM
LLM05 Improper output handling
genai.owasp.org →$0.15 / 1K text units (AWS Bedrock content filters)
LLM06 Excessive agency
genai.owasp.org →Quote only; specialist agent-aware vendors only
LLM07 System prompt leakage
genai.owasp.org →Free Lakera Community; otherwise quote-only
LLM08 Vector and embedding weaknesses
genai.owasp.org →Quote only; Wiz AI-SPM lists explicit coverage
LLM09 Misinformation
genai.owasp.org →$0.10 / 1K text units (AWS Bedrock grounding)
LLM10 Unbounded consumption
genai.owasp.org →Covered by API gateway / rate limiter, not a guardrail line item
Full vendor heatmap
| Vendor | LLM01 | LLM02 | LLM03 | LLM04 | LLM05 | LLM06 | LLM07 | LLM08 | LLM09 | LLM10 |
|---|---|---|---|---|---|---|---|---|---|---|
| Bedrock Guardrails | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ |
| Model Armor | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ |
| Azure Prompt Shields | ✓ | ✓ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ |
| Lakera | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ |
| Promptfoo | ✓ | ✓ | ✗ | ✗ | ✓ | ✓ | ✓ | ✗ | ✓ | ✗ |
| Guardrails AI | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ |
| NeMo Guardrails | ✓ | ✓ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ |
| Garak | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ | ✗ |
| Prisma AIRS | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HiddenLayer | ✓ | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Cisco AI Defense | ✓ | ✓ | ✗ | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Noma | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Prompt Security | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ |
| CalypsoAI | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✓ | ✗ | ✗ | ✗ |
| WhyLabs | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ |
| Mend AI | ✓ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Wiz AI-SPM | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ |
| CrowdStrike AI | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Pillar | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Knostic | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ |
For per-vendor pricing depth, see /vendors.
Last verified June 2026Source: vendor pricing pages. See /methodology.