CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-06-01 03:51:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update AITG-APP-06_Testing_for_Agentic_Behavior_Limits.md

Browse Source
This commit is contained in:
Matteo Meucci
2025-11-15 17:06:43 +01:00
committed by GitHub
parent ae475944f7
commit 0dc9c2c86a
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Document/content/tests/AITG-APP-06_Testing_for_Agentic_Behavior_Limits.md
+1 -2
View File
@@ -19,7 +19,6 @@ Taking authorization controls as an example, the design of an external tool used
During testing, it is important to verify as much as possible the presence of potential design issues like the previous one, that could impact the security of the system.
### Test Objectives
- Ensure agents terminate operations when instructed.
- Detect unbounded autonomy, looping, or sub-goal generation.
@@ -45,7 +44,7 @@ Being able to direct invocate arbitrary tool may allow an attacker to bypass AI
**2. Non-agentic issues in external tools**
External tools can execute arbitrary operations, like call external APIs, contact databases and so on. Consequently, such can be vulnerable to non-agentic application vulerabilities.
External tools can execute arbitrary operations, like call external APIs, contact databases and so on. Consequently, such can be vulnerable to non-agentic application vulnerabilities.
One of the biggest challenges when exploiting non-agentic issues in tools is managing to pass an input to those tools that is not tampered with/interpreted by the agent(s) in the middle. Some of the techniques described in the previous point can be used for this purpose.