CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-06-01 03:51:42 +02:00
Code Issues Packages Projects Releases Wiki Activity
219 Commits 2 Branches 0 Tags
3be20eaa24cd3dd3e1dda32e660b387b425ebee9
Commit Graph

134 Commits

Author SHA1 Message Date
Marco Morana ab21d1f5e7 Update README.md 
Changed the titles for Appendix sections to make it clear what the appendix cover and better selection from TOC
 2025-10-16 08:14:56 -04:00
Marco Morana d8703cb1d0 Update 2.2_Appendix_E.md 
Should be the last. correction. I hope
 2025-10-15 13:57:41 -04:00
Marco Morana 29fd475e68 Update 2.2_Appendix_E.md 
Added more clarity to the CVE to SAIF and AI threats with an example
 2025-10-15 12:35:24 -04:00
Marco Morana 74cf81b771 Update 2.2_Appendix_E.md 
Revised the content to clarify and make it more actionable for pen testers
 2025-10-15 10:24:30 -04:00
Marco Morana ce42b98b9e Create 2.2_Appendix_E.md 2025-10-14 17:57:46 -04:00
Marco Morana 1756c276ba Update README.md 
Add link to content appendix E
 2025-10-14 16:40:08 -04:00
Matteo Meucci aaffd7e14c Merge pull request #27 from DotDotSlashRepo/main 
Enhancements to testcases
 2025-10-10 10:40:18 +02:00
Matteo Meucci c0c38b582e Merge pull request #32 from zangobot/main 
Include more testing tools, by dividing them between general-purpouse or domain-specific
 2025-09-09 16:37:06 +02:00
Luca Demetrio 0749eeda55 Update AITG-MOD-01_Testing_for_Evasion_Attacks.md 
Removed typo
 2025-09-02 11:21:23 +02:00
Roei Arpaly 4182d8f869 Update AITG-APP-04_Testing_for_Input_Leakage.md 
Co-authored-by: Yoni Birman <birmanbirman@gmail.com>
 2025-08-31 23:13:40 +03:00
Roei Arpaly 296224d780 Update AITG-APP-04_Testing_for_Input_Leakage.md 
adding adversarial input test cases
 2025-08-13 11:46:54 +03:00
maurapintor 0ed6bb99ad added secml-torch and adv-lib, updated description of deepsec 2025-08-08 10:16:15 +02:00
Luca Demetrio be0385d8cf Update AITG-MOD-01_Testing_for_Evasion_Attacks.md 
Update AI security testing tools by adding difference between general-purpose and domain-specific libraries
 2025-08-08 09:57:15 +02:00
DotDotSlash 3bd5536fbd Update AITG-APP-05_Testing_for_Unsafe_Outputs.md 
fixed a typo
 2025-08-05 16:24:06 +05:30
DotDotSlash e5e95445cb Update AITG-APP-01_Testing_for_Prompt_Injection.md 
added more examples of filter bypass while attempting to extract sensitive information
 2025-08-05 16:21:26 +05:30
DotDotSlash 22eaecdd59 Update AITG-APP-03_Testing_for_Sensitive_Data_Leak.md 
Added additional prompts on testing for implementation details leak
 2025-08-05 15:56:08 +05:30
Federico Ricciuti befe2755c7 Introduced Debunking tests and a differentiation between "Factuality and Misinformation" and "Debunking" hallucinations. As described by Giskard in the Phrase benchmark. 2025-08-03 14:34:38 +02:00
fedric95 d27026fda7 Merge branch 'OWASP:main' into main 2025-07-25 20:30:56 +02:00
Federico Ricciuti 0dd87354da 1. Specified that temperature=0 does not imply reproducibility (https://arxiv.org/pdf/2506.09501) 
2. Pointed out that LLMs are generally less secure in low-resource languages
3. Made some order on the payloads for the bias test, now it using always the same base example.
 2025-07-25 20:26:32 +02:00
federicodotta 897c532bba + Planning instructions to avoid issues with token consumption 2025-07-25 12:18:11 +02:00
Federico Ricciuti 9da16a16c1 Correction of the readme to refer to the correct changed test 2025-07-17 15:22:07 +02:00
Federico Ricciuti 977235af4d Introduction of the AITG-APP-10_Testing_for_Content_Bias.md, with tests to detect biased decisions made by the AI System. 2025-07-17 15:16:22 +02:00
Federico Ricciuti 49ee4b9d6c The unsafe output test now includes hate releated unsafe content as part of the tests. 
AITG-APP-10_Testing_for_Harmful_Content_Bias.md replaced with AITG-APP-10_Testing_for_Content_Bias.md, and now it focuses on the detection of biases contened in the generated outputs.
 2025-07-17 15:14:33 +02:00
federicodotta 82b7a18ef4 README updated 2025-07-14 08:19:58 +02:00
federicodotta 2b16a5c5f3 + Testing Limitations and Requirements 2025-07-13 11:21:09 +02:00
Matteo Meucci 71b4f26900 Merge pull request #20 from fedric95/main 2025-07-12 21:30:58 +04:00
Federico Ricciuti 198167aebe - Introduced the necessity of defining a safety taxonomy before conducting the tests: the definition of what is safe and what is unsafe depends on the application. 
- Linked an existing safety taxonomy
- Added examples of moderation models
- Removed most of the references to the concept of bias. They should be addressed in another test.

TO-DO

- Include tests that consider the potential multimodal nature of the application (right now it is more text-only)
- Make a specific test to evaluate the biases of the AI application under test and remove all the references to biases in this test
 2025-07-12 19:12:00 +02:00
federicodotta 5dbedf3dc3 Prompt Injection Techniques section addeded 2025-07-12 13:51:10 +02:00
federicodotta 5a434e776b Update in typo tricks 2025-07-12 12:35:05 +02:00
federicodotta a56ba3f4e6 + Echo Chamber Attack 2025-07-12 12:24:58 +02:00
federicodotta b483d240cf + AntiGPT reference 2025-07-12 11:53:03 +02:00
federicodotta abfcbde568 + AntiGPT Prompt Injection 2025-07-12 11:49:27 +02:00
Marco Morana 250ead1ffc Update 2.1_Identify_AI_Threats.md 
Re-aligned all references and links
 2025-07-09 11:38:48 -04:00
Marco Morana f821459f13 Update 2.1_Identify_AI_Threats.md 
Reference more specialized taxonomies like the one developed by Pangea
 2025-07-09 10:18:43 -04:00
Marco Morana 5fef43e31f Update References.md 
Added ref [23] to PJI taxonomy
 2025-07-09 09:55:52 -04:00
Marco Morana 2c6a41ef75 Update 2.1_Identify_AI_Threats.md 
Add note on risk
 2025-07-08 18:17:12 -04:00
Marco Morana 84c9c7c989 Testing small edits 2025-06-30 15:36:22 -04:00
Didier Durand e754867dd5 fixing typos in multiple texts. 2025-06-29 13:48:42 +02:00
GraoMelo b03267133e Update 2.2_Appendix_B.md 
fixed #8
 2025-06-26 15:12:53 -03:00
federicodotta a50c0ceb65 Fix copy/paste error in AITG-INF-02 2025-06-26 18:36:36 +02:00
federicodotta d390fa1605 Add some attack vectors and some additional notes to AITG-INF-02 2025-06-26 18:29:32 +02:00
federicodotta 77ebe9e3b5 Add prompt disclosure techniques 2025-06-26 16:42:50 +02:00
federicodotta 15218fd5cb Add direct tool invocation sections 2025-06-26 16:42:37 +02:00
federicodotta 29c2bcfeca Add XSS attack vectors 2025-06-26 16:42:21 +02:00
federicodotta 249ab5fb84 Add some data leaks related to tool list and reasoning 2025-06-26 16:42:11 +02:00
federicodotta 25fc713549 Added some prompt injection techniques 2025-06-26 16:41:44 +02:00
Ram K 0a93f78ebd Add EchoLeak technique to indirect prompt injection testing 
- Added Reference-Style Markdown Injection (EchoLeak Technique) section
- Included real-world example with CVE-2025-32711 from Aim Security Labs
- Enhanced testing methodology for markdown-based data exfiltration attacks
 2025-06-25 23:39:39 -05:00
Jeremy Redmond 392f1a10e8 docs: fix README spacing, prompt-injection typos, and meta tag property 2025-06-25 16:22:14 -04:00
Matteo Meucci 743966aa74 Merge pull request #3 from SitaRamSai/fix/spelling-corrections-test-files 
fix: correct spelling errors in test documentation files
 2025-06-25 19:11:01 +02:00
Ram K a1f115010a fix: correct spelling errors in test documentation files 
- Fix 'system prompots' to 'system prompts' in AITG-APP-01
- Fix 'confidetial' to 'confidential' in AITG-APP-04
- Fix 'input.s.' to 'input.' in AITG-APP-04
- Fix 'esearch efforts' to 'Research efforts' in AITG-APP-07
- Fix 'How to test for Al' to 'How to test for AI' in AITG-APP-11
- Fix 'GaraK . PAckage Hallucionantion' to 'Garak - Package Hallucination' in AITG-INF-01

These corrections improve documentation quality and readability across the AI Testing Guide test specifications.
 2025-06-25 11:59:29 -05:00