CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-05-31 19:41:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9 from GraoMelo/patch-1

Browse Source 
Update 2.2_Appendix_B.md
This commit is contained in:
Matteo Meucci
2025-06-26 20:16:11 +02:00
committed by GitHub
parent 451a558764 b03267133e
commit fd20d35e01
1 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Document/content/2.2_Appendix_B.md
+18 -18
View File
@@ -31,35 +31,35 @@ Here is the completed DIE (Distributed, Immutable, Ephemeral) threat mapping for
| Application Layer \- DIE Threats Mapping | |
| :---- | :---- |
| **SAIF Component** | **DIE Threats (Distributed, Immutable, Ephemeral)** |
| \#1 \- User | Distributed: User impersonation across multiple access points; Immutable: Insecure session storage allowing manipulation; Ephemeral: Persistent session tokens or non-expiring authentication. |
| \#2 \- User Input & Output | Distributed: Interception at multiple points of UI/API; Immutable: Unvalidated input leading to state corruption; Ephemeral: Cached responses leading to stale or replayed outputs. |
| \#3 \- Application | Distributed: Lateral movement within app clusters; Immutable: Tampered configs or injected runtime logic; Ephemeral: Long-lived processes vulnerable to memory attacks. |
| \#4 \- Agents/Plugins | Distributed: Chained plugin abuse; Immutable: Modified plugin payloads; Ephemeral: Persistent plugin state leaking data. |
| \#5 \- External Sources | Distributed: Manipulated feeds at source or in transit; Immutable: Lack of integrity validation on ingested data; Ephemeral: Reliance on long-lived static external datasets. |
| \#1 \- User | Distributed: User impersonation across multiple access points;Immutable: Insecure session storage allowing manipulation;Ephemeral: Persistent session tokens or non-expiring authentication. |
| \#2 \- User Input & Output | Distributed: Interception at multiple points of UI/API;Immutable: Unvalidated input leading to state corruption;Ephemeral: Cached responses leading to stale or replayed outputs. |
| \#3 \- Application | Distributed: Lateral movement within app clusters;Immutable: Tampered configs or injected runtime logic;Ephemeral: Long-lived processes vulnerable to memory attacks. |
| \#4 \- Agents/Plugins | Distributed: Chained plugin abuse;Immutable: Modified plugin payloads;Ephemeral: Persistent plugin state leaking data. |
| \#5 \- External Sources | Distributed: Manipulated feeds at source or in transit;Immutable: Lack of integrity validation on ingested data;Ephemeral: Reliance on long-lived static external datasets. |
| Model Layer \- DIE Threats Mapping | |
| :---- | :---- |
| **SAIF Component** | **DIE Threats (Distributed, Immutable, Ephemeral)** |
| \#6 \- Input Handling | Distributed: Input abuse across endpoints; Immutable: Bypass of sanitization layers; Ephemeral: Delayed reprocessing of malicious data. |
| \#7 \- Output Handling | Distributed: Output leaking via multiple channels; Immutable: Spoofed or altered model responses; Ephemeral: Retention of unsafe inference results. |
| \#8 \- Model Usage | Distributed: Repeated or coordinated inference abuse; Immutable: Malicious prompts altering inference pathways; Ephemeral: Caching of results exposing stale outputs. |
| \#6 \- Input Handling | Distributed: Input abuse across endpoints;Immutable: Bypass of sanitization layers;Ephemeral: Delayed reprocessing of malicious data. |
| \#7 \- Output Handling | Distributed: Output leaking via multiple channels;Immutable: Spoofed or altered model responses; Ephemeral: Retention of unsafe inference results. |
| \#8 \- Model Usage | Distributed: Repeated or coordinated inference abuse;Immutable: Malicious prompts altering inference pathways; Ephemeral: Caching of results exposing stale outputs. |
| Infrastructure Layer \- DIE Threats Mapping | |
| :---- | :---- |
| **SAIF Component** | **DIE Threats (Distributed, Immutable, Ephemeral)** |
| \#9 \- Model Storage Infrastructure | Distributed: Replicated stolen models; Immutable: Hash mismatch undetected; Ephemeral: Residual temp artifacts after use. |
| \#10 \- Model Serving Infrastructure | Distributed: Scalable attack surface across nodes; Immutable: Corrupted container images; Ephemeral: Persistent sockets vulnerable to abuse. |
| \#11 \- Model Evaluation | Distributed: Result leakage across evaluations; Immutable: Fake metrics stored long-term; Ephemeral: Testing artifacts reused in prod. |
| \#12 \- Model Training & Tuning | Distributed: Federated poisoning attacks; Immutable: Compromised checkpoints; Ephemeral: Retained outdated training data. |
| \#13 \- Model Frameworks & Code | Distributed: Infected libraries used across builds; Immutable: Code injection in frameworks; Ephemeral: Exploitable debug files not purged. |
| \#14 \- Data Storage Infrastructure | Distributed: Data exfiltration via synced systems; Immutable: Stale corrupted backups; Ephemeral: Temporary stores left exposed. |
| \#9 \- Model Storage Infrastructure | Distributed: Replicated stolen models; Immutable: Hash mismatch undetected; Ephemeral: Residual temp artifacts after use. |
| \#10 \- Model Serving Infrastructure | Distributed: Scalable attack surface across nodes; Immutable: Corrupted container images; Ephemeral: Persistent sockets vulnerable to abuse. |
| \#11 \- Model Evaluation | Distributed: Result leakage across evaluations; Immutable: Fake metrics stored long-term; Ephemeral: Testing artifacts reused in prod. |
| \#12 \- Model Training & Tuning | Distributed: Federated poisoning attacks; Immutable: Compromised checkpoints; Ephemeral: Retained outdated training data. |
| \#13 \- Model Frameworks & Code | Distributed: Infected libraries used across builds; Immutable: Code injection in frameworks; Ephemeral: Exploitable debug files not purged. |
| \#14 \- Data Storage Infrastructure | Distributed: Data exfiltration via synced systems;Immutable: Stale corrupted backups;Ephemeral: Temporary stores left exposed. |
| Data Layer \- DIE Threats Mapping | |
| :---- | :---- |
| **SAIF Component** | **DIE Threats (Distributed, Immutable, Ephemeral)** |
| \#15 \- Training Data | Distributed: Poisoning across datasets; Immutable: Bad data fixed in only one copy; Ephemeral: Non-rotated sensitive data. |
| \#16 \- Data Filtering & Processing | Distributed: Filter evasion via edge node abuse; Immutable: Faulty transformations undetected; Ephemeral: Processed data not purged timely. |
| \#17 \- Internal Data Sources | Distributed: Compromise through internal systems; Immutable: Corrupt reference records; Ephemeral: Excessive query logs or retained queries. |
| \#18 \- External Data Sources | Distributed: Public API abuse; Immutable: No integrity checks on ingestion; Ephemeral: Source content reused unsafely. |
| \#15 \- Training Data | Distributed: Poisoning across datasets; Immutable: Bad data fixed in only one copy; Ephemeral: Non-rotated sensitive data. |
| \#16 \- Data Filtering & Processing | Distributed: Filter evasion via edge node abuse; Immutable: Faulty transformations undetected; Ephemeral: Processed data not purged timely. |
| \#17 \- Internal Data Sources | Distributed: Compromise through internal systems; Immutable: Corrupt reference records; Ephemeral: Excessive query logs or retained queries. |
| \#18 \- External Data Sources | Distributed: Public API abuse; Immutable: No integrity checks on ingestion; Ephemeral: Source content reused unsafely. |
##