LLM Security Glossary - VS Code Extension

Educational VS Code extension for OWASP GenAI security terminology

This extension helps developers ("vibe coders") understand LLM-specific security concepts by providing in-context definitions from the OWASP GenAI glossary. Part of the Secure LLM Education Tools suite.

What's New in v2.0

• Complete OWASP GenAI Glossary - Now includes all 35+ terms from the official OWASP GenAI Glossary
• Source Links - Every term includes clickable links to authoritative sources (NIST, CISA, Wikipedia, academic papers)
• Status Badges - Visual indicators showing OWASP approval status:
  • ✅ Approved - Through voting/approval process with source used
  • 🔷 Standard - Through voting/approval process with link provided
• Enhanced UI - Improved popup design with better visual hierarchy

Why This Matters

• Prompt injection is the #1 risk in OWASP's LLM Top 10
• Many developers are unaware of LLM-specific security terminology
• Quick access to definitions improves security awareness

Features

Look Up Selected Term

1. Select any text in your editor
2. Right-click → "LLM Glossary: Look Up Selected Term"
3. Or use keyboard shortcut: Ctrl+Shift+G (Windows/Linux) / Cmd+Shift+G (Mac)

Hover Definitions

Hover over recognized security terms to see instant definitions.

Browse All Terms

Use Command Palette (Ctrl+Shift+P) → "LLM Glossary: Show All Terms" to browse the complete glossary.

Multilingual Support

• English (default)
• Chinese (Simplified) - partial coverage for key security terms

Included Terms (35+)

The glossary now covers the complete OWASP GenAI glossary:

Installation

From Source (Development)

cd glossary_popup_extension

# Install dependencies
npm install

# Compile TypeScript
npm run compile

# Run extension in VS Code (opens new window)
# Press F5 in VS Code with this folder open

From VSIX (Production)

# Package the extension
npx vsce package

# Install the .vsix file
code --install-extension llm-security-glossary-0.1.0.vsix

Configuration

Access via Settings → Extensions → LLM Security Glossary:

Project Structure

glossary_popup_extension/
├── package.json           # Extension manifest
├── tsconfig.json          # TypeScript configuration
├── README.md              # This file
├── src/
│   ├── extension.ts       # Main extension code
│   └── test/
│       ├── extension.test.ts  # Test suite
│       └── runTest.ts         # Test runner
└── data/
    └── glossary.json      # OWASP GenAI glossary (local cache)

Commands

Educational Notes

Understanding LLM Security Terms

The glossary focuses on terms from OWASP's LLM Top 10, including:

1. LLM01: Prompt Injection - #1 risk, where attackers manipulate LLM input
2. LLM04: Model Denial of Service - Resource exhaustion attacks
3. LLM05: Supply Chain Vulnerabilities - Risks from dependencies
4. LLM06: Sensitive Information Disclosure - Data leakage risks
5. LLM08: Excessive Agency - Too much autonomous capability

Layered Defence Approach

The definitions emphasize OWASP's recommended layered defence strategy:

• Input validation
• Structured prompts
• Output monitoring
• Least privilege design

Disclaimer

⚠️ This extension is for educational purposes only. It does not replicate commercial SAST products. The glossary content is derived from public OWASP resources.

Resources

• OWASP LLM Top 10
• OWASP Cheat Sheet Series
• VS Code Extension API

Contributing

Contributions welcome! Please add new terms following the existing JSON schema in data/glossary.json.

License

MIT License - See LICENSE file for details.