mirror of
https://github.com/OWASP/www-project-ai-testing-guide.git
synced 2026-07-16 07:57:18 +02:00
Update 2.1.2_Identify_RAI_threats.md
This commit is contained in:
@@ -90,66 +90,95 @@ The threat scenarios presented in this guide highlight AI-specific risks and cor
|
||||
|
||||
For broader security assurance across networks, infrastructure, and traditional applications, we recommend using the following foundational testing references, which remain essential for comprehensive system-level evaluations such as Network Security \[17\] *NIST SP 800-115: Technical Guide to Information Security Testing and Assessment*. \[18\] *OSSTMM – Open Source Security Testing Methodology Manual* and \[19\] *OWASP Web Security Testing Guide (WSTG)*.
|
||||
|
||||
### **1\. AI Application Testing**
|
||||
### **1. AI Application Testing**
|
||||
|
||||
**Scope:** Front-end UX, APIs, agents/plugins, user-AI interactions
|
||||
**Threats:**
|
||||
* Prompt injection (LLM01)
|
||||
* Output handling (LLM05)
|
||||
-- Excessive agency (LLM06)
|
||||
-- Misinformation (LLM09)
|
||||
-- Automation bias
|
||||
-- Hallucinations
|
||||
-- Toxic content
|
||||
-- Explainability gaps
|
||||
* Testing Focus:
|
||||
-- Behavior consistency
|
||||
-- Ethical content validation
|
||||
-- User interface abuse (e.g., phishing via AI)
|
||||
-- Interpretability & transparency evaluation
|
||||
**Scope**
|
||||
Covers all components exposed directly to users or external environments:
|
||||
- Front-end UX
|
||||
- APIs
|
||||
- Agents / Plugins
|
||||
- User–AI interactions
|
||||
|
||||
### **2\. AI Model Testing**
|
||||
**Key Threats**
|
||||
- Prompt Injection (LLM01)
|
||||
- Improper Output Handling (LLM05)
|
||||
- Excessive Agency (LLM06)
|
||||
- Misinformation (LLM09)
|
||||
- Automation Bias
|
||||
- Hallucinations
|
||||
- Toxic or Harmful Content
|
||||
- Explainability Gaps
|
||||
|
||||
* Scope: Model training, fine-tuning, inference behavior
|
||||
* Threats:
|
||||
-- Model & data poisoning (LLM04)
|
||||
-- Inversion/inference attacks
|
||||
-- Bias/discrimination
|
||||
-- Model exfiltration
|
||||
-- Overfitting / generalization issues
|
||||
-- Explainability & fairness gaps
|
||||
* Testing Focus:
|
||||
-- Adversarial robustness
|
||||
-- Fairness auditing
|
||||
-- Membership inference testing
|
||||
-- Alignment and behavior under edge cases
|
||||
**Testing Focus**
|
||||
- Consistent model behavior across sessions
|
||||
- Ethical and safety-oriented content validation
|
||||
- UI-driven abuse (e.g., AI-assisted phishing vectors)
|
||||
- Interpretability & transparency evaluation
|
||||
|
||||
### **3\. AI Infrastructure Testing**
|
||||
### **2. AI Model Testing**
|
||||
|
||||
* Scope: Hosting, serving, orchestration, APIs, plugin permissions
|
||||
* Threats:
|
||||
-- System prompt leakage (LLM07)
|
||||
-- Resource abuse (LLM10)
|
||||
-- Supply chain poisoning (LLM03)
|
||||
-- Unauthorized API control
|
||||
-- Insecure agent capabilities
|
||||
* Testing Focus:
|
||||
-- Least privilege enforcement
|
||||
-- Resource sandboxing
|
||||
-- Plugin/agent boundary testing
|
||||
-- Environment security (CI/CD, containers)
|
||||
**Scope**
|
||||
Addresses the internal behavior and lifecycle of AI models:
|
||||
- Model training
|
||||
- Fine-tuning
|
||||
- Inference-time decision making
|
||||
|
||||
**Key Threats**
|
||||
- **Model & Data Poisoning (LLM04)**
|
||||
- Inversion & Membership Inference Attacks
|
||||
- Bias, Discrimination & Fairness Issues
|
||||
- Model Exfiltration (API or runtime)
|
||||
- Overfitting / Generalization Weaknesses
|
||||
- Explainability & Fairness Gaps
|
||||
|
||||
**Testing Focus**
|
||||
- Adversarial Robustness Evaluation
|
||||
- Fairness & Bias Auditing
|
||||
- Membership Inference & Privacy Testing
|
||||
- Alignment Testing (behavior in edge or adversarial scenarios)
|
||||
|
||||
### **3. AI Infrastructure Testing**
|
||||
|
||||
**Scope**
|
||||
Focuses on the security of the systems hosting, serving, and orchestrating AI:
|
||||
- Model hosting & serving infrastructure
|
||||
- APIs and service gateways
|
||||
- Plugin / agent permissions & execution environment
|
||||
- Orchestration and deployment pipelines
|
||||
|
||||
**Key Threats**
|
||||
- System Prompt Leakage (LLM07)
|
||||
- Resource Abuse / Unbounded Consumption (LLM10)
|
||||
- Supply Chain Poisoning (LLM03)
|
||||
- Unauthorized API Control
|
||||
- Insecure Agent or Plugin Capabilities
|
||||
|
||||
**Testing Focus**
|
||||
- Least Privilege & Permission Boundary Enforcement
|
||||
- Resource Sandboxing & Rate Limiting
|
||||
- Plugin / Agent Isolation & Boundary Testing
|
||||
- Environment Security (CI/CD, containers, secrets management)
|
||||
|
||||
### **4. AI Data Testing**
|
||||
|
||||
**Scope**
|
||||
Covers the full lifecycle of data used to train, fine-tune, and evaluate models:
|
||||
- Data collection & ingestion
|
||||
- Dataset curation
|
||||
- Storage & filtering
|
||||
- Labeling & preprocessing
|
||||
|
||||
**Key Threats**
|
||||
- **Data Poisoning (LLM04)**
|
||||
- Training Data Leakage
|
||||
- Toxic, Biased, or Unrepresentative Data
|
||||
- Bias Introduction During Preprocessing
|
||||
- Mislabeling or Inconsistent Filtering
|
||||
|
||||
**Testing Focus**
|
||||
- Dataset Integrity & Label Quality
|
||||
- Bias and Diversity Analysis
|
||||
- Data Provenance & Source Validation
|
||||
- Filtering Robustness (toxicity detection, duplication control)
|
||||
|
||||
### **4\. AI Data Testing**
|
||||
|
||||
* Scope: Data collection, curation, storage, labeling, filtering
|
||||
* Threats:
|
||||
-- Data poisoning (LLM04)
|
||||
-- Training data leaks
|
||||
-- Toxic/unrepresentative data
|
||||
-- Bias introduced during preprocessing
|
||||
-- Mislabeling or filtering inconsistencies
|
||||
* Testing Focus:
|
||||
-- Dataset integrity & labeling accuracy
|
||||
-- Bias and diversity analysis
|
||||
-- Data provenance validation
|
||||
-- Filtering robustness (toxicity, duplication)
|
||||
|
||||
Reference in New Issue
Block a user