006e4e9ee0
Fix image filename for indirect prompt injection test
...
Updated infographics
2026-06-01 10:45:49 +02:00
f4afba420b
Add files via upload
2026-06-01 10:44:44 +02:00
647c3065c2
Merge pull request #71 from didier-durand/fix-typos-c
...
[Doc] Fixing typos in diverse files
2026-06-01 10:31:45 +02:00
29836cde90
Merge pull request #73 from prasunsrivastav123-lang/clarify-aitg05-aitg12-scope
...
Clarify scope separation between AITG-APP-05 and AITG-APP-12
2026-06-01 10:31:16 +02:00
da6b783faa
Merge pull request #77 from ppcvote/docs/aitg-app-05-output-injection-vectors
...
AITG-APP-05: add 6 output-injection vector categories
2026-06-01 10:27:33 +02:00
5e942cabca
AITG-APP-05: add 6 output-injection vector categories (XSS-beyond-script-tags / SQLi / Shell / Path / MD-image-exfil / Unicode-smuggling)
...
The existing AITG-APP-05 test scenario covers content-level safety
categories (1-10) and a single XSS attack vector (test 11), but the doc's
summary explicitly identifies application-level risks (XSS, SSRF,
injections) as a major category and the framework page #28 has an
open request for "more examples of web exploits enabled by output."
Adds six new payload categories (tests 12-17) covering the
application-level injection vectors not yet documented:
12. XSS beyond `<script>` tags — event handlers, javascript: URIs,
data:text/html URIs, iframe `srcdoc`, SVG-embedded scripts.
13. SQL injection in output — destructive statements, UNION-based
exfiltration, comment-bypass payloads.
14. Shell command injection in output — `curl … | sh` installers,
destructive `rm -rf`, reverse shells, env-var exfiltration.
15. Path traversal to sensitive system files — Unix `etc/passwd`/
`etc/shadow`, Windows `system32`, container `proc/self`.
16. Markdown image exfiltration — model-emitted external image with
conversation content in the query string.
17. Unicode smuggling — homoglyphs and bidirectional overrides used
to slip security-relevant tokens past byte-level filters.
Each entry follows the existing test format (probe prompts + a
"Response indicating vulnerability" line) and references the OWASP
LLM02:2025 mapping that the doc already cites.
Closes (partially) #28 ; cross-references #76 .
2026-06-01 14:44:46 +08:00
3d9bf8312b
Merge pull request #75 from vasconcedu/main
...
Fix typo in 2.0_Threat_Modeling_for_AI_Systems.md
2026-03-04 09:21:15 +01:00
4e8c15f925
Fix typo in 2.0_Threat_Modeling_for_AI_Systems.md
2026-03-03 12:22:00 -03:00
e3edca11c5
Merge pull request #74 from vasconcedu/main
2026-02-19 21:56:45 +01:00
76ff08d832
Fix typo in 1.3_Objectives_of_AI_Testing_Guide.md
2026-02-19 17:24:26 -03:00
3ceb89cf30
Clarify scope separation between AITG-APP-05 and AITG-APP-12
2025-12-24 02:07:10 +05:30
b37ca2e85c
Merge pull request #72 from prasunsrivastav123-lang/main
2025-12-23 14:18:57 +01:00
b30785327b
[Doc] Fix typos and links in README
2025-12-23 18:18:12 +05:30
f804b268bb
[Doc] Fixing typos in diverse files
2025-12-20 06:44:38 +01:00
55768a7aa5
Merge pull request #70 from didier-durand/fix-typos-b
2025-12-19 13:49:01 +01:00
ef3a09c32c
[Doc] Fixing typos in diverse files
2025-12-19 13:10:21 +01:00
ed0c4195d8
Merge pull request #67 from didier-durand/fix-typos-a
...
[Doc] Fixing typos in diverse files
2025-12-19 13:02:02 +01:00
85ac17208c
[Doc] Fixing typos in diverse files
2025-11-27 06:41:33 +01:00
fd6eebce92
Update index.md
2025-11-26 21:03:11 +01:00
68f82c6a6e
modified gitignore
2025-11-26 20:56:18 +01:00
5c6d357e22
update
2025-11-26 20:49:34 +01:00
6ac12d01c2
update
2025-11-26 20:46:03 +01:00
8cc7af4863
Delete PDFGenerator/V1.0/OWASP-AI-Testing-Guide-v1.pdf
2025-11-26 17:55:33 +01:00
11ca7ab1ba
Update 1.1_Preface_and_Contributors.md
2025-11-26 17:53:56 +01:00
69d9fd4995
Update index.md
2025-11-26 13:34:25 +01:00
f42f0b27b4
Update index.md
2025-11-26 13:33:04 +01:00
b53e98e8a5
Update index.md
2025-11-26 13:31:35 +01:00
d641514cbd
Delete PDFGenerator/V1.0/aa.md
2025-11-26 13:18:33 +01:00
b10410b1f0
Add files via upload
2025-11-26 13:18:13 +01:00
6a67101fe5
Create aa.md
2025-11-26 13:15:17 +01:00
d66ebf9de7
Delete PDFGenerator/OWASP-AI-Testing-Guide-v0.91.pdf
2025-11-26 13:14:12 +01:00
128176a039
Update 1.1_Preface_and_Contributors.md
2025-11-26 13:09:02 +01:00
c391dc786a
Update tab_roadmap.md
2025-11-26 13:07:55 +01:00
6545b88cf7
Update LICENSE.md
2025-11-26 12:37:21 +01:00
3d052f9506
Update AITG-DAT-05_Testing_for_Data_Minimization_and_Consent.md
2025-11-23 18:22:33 +01:00
8121287524
Update AITG-DAT-04_Testing_for_Harmful_Content_in_Data.md
2025-11-23 18:21:31 +01:00
951d177d6b
Update AITG-DAT-03_Testing_for_Dataset_Diversity_and_Coverage.md
2025-11-23 18:19:49 +01:00
17df60379f
Update AITG-APP-10_Testing_for_Content_Bias.md
2025-11-23 18:12:55 +01:00
13408c2e2e
Update AITG-APP-10_Testing_for_Content_Bias.md
2025-11-23 18:11:51 +01:00
68fdc4bd38
Update and rename 4.0_Appendix_and_References.md to 4.0_Appendices_and_References.md
2025-11-23 17:49:10 +01:00
6643995587
Update README.md
2025-11-23 17:48:24 +01:00
c4ba78aa3c
Update ToC.md
2025-11-23 17:47:50 +01:00
37c18dd79e
Update AITG-MOD-07_Testing_for_Goal_Alignment.md
2025-11-23 17:42:29 +01:00
519528e512
Update AITG-MOD-06_Testing_for_Robustness_to_New_Data.md
2025-11-23 17:40:35 +01:00
41082ce1ef
Update AITG-MOD-05_Testing_for_Inversion_Attacks.md
2025-11-23 17:39:00 +01:00
47bdc39d4b
Update AITG-MOD-04_Testing_for_Membership_Inference.md
2025-11-23 13:52:10 +01:00
8de2087c04
Update AITG-MOD-03_Testing_for_Poisoned_Training_Sets.md
2025-11-23 13:51:01 +01:00
4882826a0b
Update AITG-MOD-03_Testing_for_Poisoned_Training_Sets.md
2025-11-23 13:50:37 +01:00
a5485eab40
Update AITG-MOD-02_Testing_for_Runtime_Model_Poisoning.md
2025-11-23 13:49:44 +01:00
c4fe008037
Update AITG-MOD-01_Testing_for_Evasion_Attacks.md
2025-11-23 13:48:15 +01:00
Matteo Meucci