Refactor threat and testing focus sections

This commit is contained in:
Matteo Meucci
2025-11-13 19:16:52 +01:00
committed by GitHub
parent 0559169c01
commit eeaa84828d
+40 -40
View File
@@ -92,62 +92,62 @@ For broader security assurance across networks, infrastructure, and traditional
* Scope: Front-end UX, APIs, agents/plugins, user-AI interactions * Scope: Front-end UX, APIs, agents/plugins, user-AI interactions
* Threats: * Threats:
* Prompt injection (LLM01) - Prompt injection (LLM01)
* Output handling (LLM05) - Output handling (LLM05)
* Excessive agency (LLM06) - Excessive agency (LLM06)
* Misinformation (LLM09) - Misinformation (LLM09)
* Automation bias - Automation bias
* Hallucinations - Hallucinations
* Toxic content - Toxic content
* Explainability gaps - Explainability gaps
* Testing Focus: * Testing Focus:
* Behavior consistency - Behavior consistency
* Ethical content validation - Ethical content validation
* User interface abuse (e.g., phishing via AI) - User interface abuse (e.g., phishing via AI)
* Interpretability & transparency evaluation - Interpretability & transparency evaluation
### **2\. AI Model Testing** ### **2\. AI Model Testing**
* Scope: Model training, fine-tuning, inference behavior * Scope: Model training, fine-tuning, inference behavior
* Threats: * Threats:
* Model & data poisoning (LLM04) - Model & data poisoning (LLM04)
* Inversion/inference attacks - Inversion/inference attacks
* Bias/discrimination - Bias/discrimination
* Model exfiltration - Model exfiltration
* Overfitting / generalization issues - Overfitting / generalization issues
* Explainability & fairness gaps - Explainability & fairness gaps
* Testing Focus: * Testing Focus:
* Adversarial robustness - Adversarial robustness
* Fairness auditing - Fairness auditing
* Membership inference testing - Membership inference testing
* Alignment and behavior under edge cases - Alignment and behavior under edge cases
### **3\. AI Infrastructure Testing** ### **3\. AI Infrastructure Testing**
* Scope: Hosting, serving, orchestration, APIs, plugin permissions * Scope: Hosting, serving, orchestration, APIs, plugin permissions
* Threats: * Threats:
* System prompt leakage (LLM07) - System prompt leakage (LLM07)
* Resource abuse (LLM10) - Resource abuse (LLM10)
* Supply chain poisoning (LLM03) - Supply chain poisoning (LLM03)
* Unauthorized API control - Unauthorized API control
* Insecure agent capabilities - Insecure agent capabilities
* Testing Focus: * Testing Focus:
* Least privilege enforcement - Least privilege enforcement
* Resource sandboxing - Resource sandboxing
* Plugin/agent boundary testing - Plugin/agent boundary testing
* Environment security (CI/CD, containers) - Environment security (CI/CD, containers)
### **4\. AI Data Testing** ### **4\. AI Data Testing**
* Scope: Data collection, curation, storage, labeling, filtering * Scope: Data collection, curation, storage, labeling, filtering
* Threats: * Threats:
** Data poisoning (LLM04) - Data poisoning (LLM04)
** Training data leaks - Training data leaks
** Toxic/unrepresentative data - Toxic/unrepresentative data
** Bias introduced during preprocessing - Bias introduced during preprocessing
** Mislabeling or filtering inconsistencies - Mislabeling or filtering inconsistencies
* Testing Focus: * Testing Focus:
* Dataset integrity & labeling accuracy - Dataset integrity & labeling accuracy
* Bias and diversity analysis - Bias and diversity analysis
* Data provenance validation - Data provenance validation
* Filtering robustness (toxicity, duplication) - Filtering robustness (toxicity, duplication)