Update 2.1.2_Identify_RAI_threats.md

This commit is contained in:
Matteo Meucci
2025-11-16 17:49:06 +01:00
committed by GitHub
parent 06bb22d9f0
commit 0093a65bc3
+85 -56
View File
@@ -90,66 +90,95 @@ The threat scenarios presented in this guide highlight AI-specific risks and cor
For broader security assurance across networks, infrastructure, and traditional applications, we recommend using the following foundational testing references, which remain essential for comprehensive system-level evaluations such as Network Security \[17\] *NIST SP 800-115: Technical Guide to Information Security Testing and Assessment*. \[18\] *OSSTMM Open Source Security Testing Methodology Manual* and \[19\] *OWASP Web Security Testing Guide (WSTG)*.
### **1\. AI Application Testing**
### **1. AI Application Testing**
**Scope:** Front-end UX, APIs, agents/plugins, user-AI interactions
**Threats:**
* Prompt injection (LLM01)
* Output handling (LLM05)
-- Excessive agency (LLM06)
-- Misinformation (LLM09)
-- Automation bias
-- Hallucinations
-- Toxic content
-- Explainability gaps
* Testing Focus:
-- Behavior consistency
-- Ethical content validation
-- User interface abuse (e.g., phishing via AI)
-- Interpretability & transparency evaluation
**Scope**
Covers all components exposed directly to users or external environments:
- Front-end UX
- APIs
- Agents / Plugins
- UserAI interactions
### **2\. AI Model Testing**
**Key Threats**
- Prompt Injection (LLM01)
- Improper Output Handling (LLM05)
- Excessive Agency (LLM06)
- Misinformation (LLM09)
- Automation Bias
- Hallucinations
- Toxic or Harmful Content
- Explainability Gaps
* Scope: Model training, fine-tuning, inference behavior
* Threats:
-- Model & data poisoning (LLM04)
-- Inversion/inference attacks
-- Bias/discrimination
-- Model exfiltration
-- Overfitting / generalization issues
-- Explainability & fairness gaps
* Testing Focus:
-- Adversarial robustness
-- Fairness auditing
-- Membership inference testing
-- Alignment and behavior under edge cases
**Testing Focus**
- Consistent model behavior across sessions
- Ethical and safety-oriented content validation
- UI-driven abuse (e.g., AI-assisted phishing vectors)
- Interpretability & transparency evaluation
### **3\. AI Infrastructure Testing**
### **2. AI Model Testing**
* Scope: Hosting, serving, orchestration, APIs, plugin permissions
* Threats:
-- System prompt leakage (LLM07)
-- Resource abuse (LLM10)
-- Supply chain poisoning (LLM03)
-- Unauthorized API control
-- Insecure agent capabilities
* Testing Focus:
-- Least privilege enforcement
-- Resource sandboxing
-- Plugin/agent boundary testing
-- Environment security (CI/CD, containers)
**Scope**
Addresses the internal behavior and lifecycle of AI models:
- Model training
- Fine-tuning
- Inference-time decision making
**Key Threats**
- **Model & Data Poisoning (LLM04)**
- Inversion & Membership Inference Attacks
- Bias, Discrimination & Fairness Issues
- Model Exfiltration (API or runtime)
- Overfitting / Generalization Weaknesses
- Explainability & Fairness Gaps
**Testing Focus**
- Adversarial Robustness Evaluation
- Fairness & Bias Auditing
- Membership Inference & Privacy Testing
- Alignment Testing (behavior in edge or adversarial scenarios)
### **3. AI Infrastructure Testing**
**Scope**
Focuses on the security of the systems hosting, serving, and orchestrating AI:
- Model hosting & serving infrastructure
- APIs and service gateways
- Plugin / agent permissions & execution environment
- Orchestration and deployment pipelines
**Key Threats**
- System Prompt Leakage (LLM07)
- Resource Abuse / Unbounded Consumption (LLM10)
- Supply Chain Poisoning (LLM03)
- Unauthorized API Control
- Insecure Agent or Plugin Capabilities
**Testing Focus**
- Least Privilege & Permission Boundary Enforcement
- Resource Sandboxing & Rate Limiting
- Plugin / Agent Isolation & Boundary Testing
- Environment Security (CI/CD, containers, secrets management)
### **4. AI Data Testing**
**Scope**
Covers the full lifecycle of data used to train, fine-tune, and evaluate models:
- Data collection & ingestion
- Dataset curation
- Storage & filtering
- Labeling & preprocessing
**Key Threats**
- **Data Poisoning (LLM04)**
- Training Data Leakage
- Toxic, Biased, or Unrepresentative Data
- Bias Introduction During Preprocessing
- Mislabeling or Inconsistent Filtering
**Testing Focus**
- Dataset Integrity & Label Quality
- Bias and Diversity Analysis
- Data Provenance & Source Validation
- Filtering Robustness (toxicity detection, duplication control)
### **4\. AI Data Testing**
* Scope: Data collection, curation, storage, labeling, filtering
* Threats:
-- Data poisoning (LLM04)
-- Training data leaks
-- Toxic/unrepresentative data
-- Bias introduced during preprocessing
-- Mislabeling or filtering inconsistencies
* Testing Focus:
-- Dataset integrity & labeling accuracy
-- Bias and diversity analysis
-- Data provenance validation
-- Filtering robustness (toxicity, duplication)