llmthreat
For vendors 21 vendors · 10 tools Matrix Vendors
Changelog: LLM Guard — archived · promptfoo — ownership changed · 7 of 21 vendors now acquired →

The Ledger That Scores
Coverage. Not Claims.

LLM Threat scores 21 LLM-security vendors and 10 open-source tools against the OWASP LLM Top 10 (2025) and MITRE ATLAS. Each profile marks all 10 risks as Covered, Partial, Not covered, or Unverified, and every one of those cells was checked and dated by hand. Last verified 2026-07-13.

coverage_matrixlive
OWASP LLM Top 10 →
01
02
03
04
05
06
07
08
09
10
Covered Partial None Unverified 21 vendors →
17/21
Cover LLM01 Prompt Injection
2/21
Cover LLM05 Improper Output Handling
7/21
Vendors acquired
210
Cells scored by hand
23,165
Stars on promptfoo, top tool
Why this exists

Every Vendor Site Sounds The Same. This Grid Shows What They Actually Cover.

Most vendor sites just reprint marketing bullets. We map every vendor onto a fixed grid — ten OWASP risks, four plain verdicts — and name the exact feature behind each score.

"Not covered" and "Unverified" aren't the same verdict. Not covered means we checked and it isn't there. Unverified means the vendor claims it but no source confirms it — a question for the demo call, not a win.

Market coverage by OWASP LLM risk — as of 2026-07-13
OWASP LLM RiskVendors covering it
LLM01 Prompt Injection 17/21
LLM02 Sensitive Information Disclosure 16/21
LLM03 Supply Chain 6/21
LLM04 Data and Model Poisoning 5/21
LLM05 Improper Output Handling 2/21
LLM06 Excessive Agency 8/21
LLM07 System Prompt Leakage 5/21
LLM08 Vector and Embedding Weaknesses 2/21
LLM09 Misinformation 8/21
LLM10 Unbounded Consumption 4/21

Of the ten risks, prompt injection has the best coverage — 17 of the 21 vendors we track handle it — while improper output handling is nearly untouched, with 2 covering it, per our review of public vendor documentation.

No vendor pays for a better score — independence is the whole product.
Every cell is scored by hand against OWASP and MITRE ATLAS.
Each funding and repo figure carries a date and a source.

Sources: OWASP LLM Top 10 (2025), MITRE ATLAS, vendor documentation, GitHub API. See Data & Sources. Last verified 2026-07-13.