From 0093a65bc364a38902343b91703bc6932974b668 Mon Sep 17 00:00:00 2001 From: Matteo Meucci Date: Sun, 16 Nov 2025 17:49:06 +0100 Subject: [PATCH] Update 2.1.2_Identify_RAI_threats.md --- .../content/2.1.2_Identify_RAI_threats.md | 141 +++++++++++------- 1 file changed, 85 insertions(+), 56 deletions(-) diff --git a/Document/content/2.1.2_Identify_RAI_threats.md b/Document/content/2.1.2_Identify_RAI_threats.md index 38f742c..0d1b083 100644 --- a/Document/content/2.1.2_Identify_RAI_threats.md +++ b/Document/content/2.1.2_Identify_RAI_threats.md @@ -90,66 +90,95 @@ The threat scenarios presented in this guide highlight AI-specific risks and cor For broader security assurance across networks, infrastructure, and traditional applications, we recommend using the following foundational testing references, which remain essential for comprehensive system-level evaluations such as Network Security \[17\] *NIST SP 800-115: Technical Guide to Information Security Testing and Assessment*. \[18\] *OSSTMM – Open Source Security Testing Methodology Manual* and \[19\] *OWASP Web Security Testing Guide (WSTG)*. -### **1\. AI Application Testing** +### **1. AI Application Testing** -**Scope:** Front-end UX, APIs, agents/plugins, user-AI interactions -**Threats:** -* Prompt injection (LLM01) -* Output handling (LLM05) - -- Excessive agency (LLM06) - -- Misinformation (LLM09) - -- Automation bias - -- Hallucinations - -- Toxic content - -- Explainability gaps -* Testing Focus: - -- Behavior consistency - -- Ethical content validation - -- User interface abuse (e.g., phishing via AI) - -- Interpretability & transparency evaluation +**Scope** +Covers all components exposed directly to users or external environments: +- Front-end UX +- APIs +- Agents / Plugins +- User–AI interactions -### **2\. AI Model Testing** +**Key Threats** +- Prompt Injection (LLM01) +- Improper Output Handling (LLM05) +- Excessive Agency (LLM06) +- Misinformation (LLM09) +- Automation Bias +- Hallucinations +- Toxic or Harmful Content +- Explainability Gaps -* Scope: Model training, fine-tuning, inference behavior -* Threats: - -- Model & data poisoning (LLM04) - -- Inversion/inference attacks - -- Bias/discrimination - -- Model exfiltration - -- Overfitting / generalization issues - -- Explainability & fairness gaps -* Testing Focus: - -- Adversarial robustness - -- Fairness auditing - -- Membership inference testing - -- Alignment and behavior under edge cases +**Testing Focus** +- Consistent model behavior across sessions +- Ethical and safety-oriented content validation +- UI-driven abuse (e.g., AI-assisted phishing vectors) +- Interpretability & transparency evaluation -### **3\. AI Infrastructure Testing** +### **2. AI Model Testing** -* Scope: Hosting, serving, orchestration, APIs, plugin permissions -* Threats: - -- System prompt leakage (LLM07) - -- Resource abuse (LLM10) - -- Supply chain poisoning (LLM03) - -- Unauthorized API control - -- Insecure agent capabilities -* Testing Focus: - -- Least privilege enforcement - -- Resource sandboxing - -- Plugin/agent boundary testing - -- Environment security (CI/CD, containers) +**Scope** +Addresses the internal behavior and lifecycle of AI models: +- Model training +- Fine-tuning +- Inference-time decision making + +**Key Threats** +- **Model & Data Poisoning (LLM04)** +- Inversion & Membership Inference Attacks +- Bias, Discrimination & Fairness Issues +- Model Exfiltration (API or runtime) +- Overfitting / Generalization Weaknesses +- Explainability & Fairness Gaps + +**Testing Focus** +- Adversarial Robustness Evaluation +- Fairness & Bias Auditing +- Membership Inference & Privacy Testing +- Alignment Testing (behavior in edge or adversarial scenarios) + +### **3. AI Infrastructure Testing** + +**Scope** +Focuses on the security of the systems hosting, serving, and orchestrating AI: +- Model hosting & serving infrastructure +- APIs and service gateways +- Plugin / agent permissions & execution environment +- Orchestration and deployment pipelines + +**Key Threats** +- System Prompt Leakage (LLM07) +- Resource Abuse / Unbounded Consumption (LLM10) +- Supply Chain Poisoning (LLM03) +- Unauthorized API Control +- Insecure Agent or Plugin Capabilities + +**Testing Focus** +- Least Privilege & Permission Boundary Enforcement +- Resource Sandboxing & Rate Limiting +- Plugin / Agent Isolation & Boundary Testing +- Environment Security (CI/CD, containers, secrets management) + +### **4. AI Data Testing** + +**Scope** +Covers the full lifecycle of data used to train, fine-tune, and evaluate models: +- Data collection & ingestion +- Dataset curation +- Storage & filtering +- Labeling & preprocessing + +**Key Threats** +- **Data Poisoning (LLM04)** +- Training Data Leakage +- Toxic, Biased, or Unrepresentative Data +- Bias Introduction During Preprocessing +- Mislabeling or Inconsistent Filtering + +**Testing Focus** +- Dataset Integrity & Label Quality +- Bias and Diversity Analysis +- Data Provenance & Source Validation +- Filtering Robustness (toxicity detection, duplication control) -### **4\. AI Data Testing** -* Scope: Data collection, curation, storage, labeling, filtering -* Threats: - -- Data poisoning (LLM04) - -- Training data leaks - -- Toxic/unrepresentative data - -- Bias introduced during preprocessing - -- Mislabeling or filtering inconsistencies -* Testing Focus: - -- Dataset integrity & labeling accuracy - -- Bias and diversity analysis - -- Data provenance validation - -- Filtering robustness (toxicity, duplication)