4c3dbfbfa1
Moved Document/content/1.1_Principles_of_AI_Testing.md
2025-10-30 18:01:41 +01:00
64059cf00f
Add OWASP AI Testing principles and lifecycle phases
...
This document outlines the principles of OWASP AI Testing, detailing four macro domains: Security, Privacy, Responsible AI, and Trustworthy AI Systems. It also describes the phases of the AI system lifecycle and the importance of integrating testing throughout.
2025-10-30 18:01:13 +01:00
d4573ce6cb
Moved
2025-10-30 17:59:15 +01:00
f522948dfd
Add OWASP AI Testing Guide and contributor list
...
Introduced the OWASP AI Testing Guide, outlining its purpose, methodology, and contributors.
2025-10-30 17:57:48 +01:00
5baed52ca3
Fix link to AI Application Testing section
2025-10-30 17:53:07 +01:00
c99d2969f3
Refine testing documentation for prompt disclosure
...
Updated sections for clarity and consistency, including test objectives, expected outputs, and suggested tools.
2025-10-30 17:38:58 +01:00
d2b2f3b057
Refine content and headings for agentic behavior testing
...
Updated section headings for consistency and clarity. Revised text for better readability and precision regarding agentic behavior testing.
2025-10-30 17:22:31 +01:00
88f15ccb7d
Revise section titles for clarity in testing guidelines
...
Updated section titles and clarified testing instructions for unsafe outputs.
2025-10-30 17:18:32 +01:00
8bd00636cd
Revise section titles in input leakage testing doc
...
Updated section titles for clarity in testing documentation.
2025-10-30 17:08:58 +01:00
dac1a442f4
Revise test documentation for sensitive data leakage
...
Updated sections for clarity and consistency in testing documentation.
2025-10-30 17:05:34 +01:00
1ca047f15a
Update testing document for indirect prompt injection
2025-10-30 17:03:10 +01:00
8a6445b6ae
Update testing document for prompt injection techniques
2025-10-30 17:01:39 +01:00
76ffd748ba
+ Tools vulnerabilities
2025-10-28 09:44:46 +01:00
e6cc4ffb64
+ MCP indirect prompt injection
2025-10-28 09:44:33 +01:00
9a9fa8448c
Update 2.2_Appendix_E.md
...
Riveduto il mapping threats CWE, rattionale, reccomendations per consisenza
2025-10-22 15:25:50 -04:00
b99c7d9aa2
Update 2.2_Appendix_E.md
...
Cambi cosmetici per chiarezza nella lettura
2025-10-21 19:33:15 -04:00
24bbc66504
Update 00_Preface and Contributors.md
2025-10-21 19:36:35 +02:00
7de813ef92
Update 2.2_Appendix_E.md
...
It is really 3 steps.. so revised again
2025-10-21 13:13:32 -04:00
47b241cb29
Update 2.2_Appendix_E.md
...
aggiunta maggiore chiarezza su come la mappatura dalla minaccia al componente SAIF, al test e alle vulnerabilità (CVEs e CWEs) di quel componente renda il report di penetration testing più concreto e orientato all’azione, facilitando la formulazione di raccomandazioni di correzione efficaci.
2025-10-21 12:21:10 -04:00
c9438a0f81
Update title formatting in preface document
2025-10-21 17:20:42 +02:00
d9f4df44b1
Add preface and contributors section for AITG
...
This document serves as the preface and contributor acknowledgment for the OWASP AI Testing Guide, outlining the purpose, methodology, and contributors involved in the project.
2025-10-21 16:51:11 +02:00
6a81e0318c
Add reference to Echo Chamber attack blog
2025-10-16 17:21:47 +02:00
f81590039d
Update 2.2_Appendix_E.md
...
Reorganized more organically with titles etc
2025-10-16 08:54:50 -04:00
ab21d1f5e7
Update README.md
...
Changed the titles for Appendix sections to make it clear what the appendix cover and better selection from TOC
2025-10-16 08:14:56 -04:00
d8703cb1d0
Update 2.2_Appendix_E.md
...
Should be the last. correction. I hope
2025-10-15 13:57:41 -04:00
29fd475e68
Update 2.2_Appendix_E.md
...
Added more clarity to the CVE to SAIF and AI threats with an example
2025-10-15 12:35:24 -04:00
74cf81b771
Update 2.2_Appendix_E.md
...
Revised the content to clarify and make it more actionable for pen testers
2025-10-15 10:24:30 -04:00
ce42b98b9e
Create 2.2_Appendix_E.md
2025-10-14 17:57:46 -04:00
1756c276ba
Update README.md
...
Add link to content appendix E
2025-10-14 16:40:08 -04:00
aaffd7e14c
Merge pull request #27 from DotDotSlashRepo/main
...
Enhancements to testcases
2025-10-10 10:40:18 +02:00
c0c38b582e
Merge pull request #32 from zangobot/main
...
Include more testing tools, by dividing them between general-purpouse or domain-specific
2025-09-09 16:37:06 +02:00
0749eeda55
Update AITG-MOD-01_Testing_for_Evasion_Attacks.md
...
Removed typo
2025-09-02 11:21:23 +02:00
4182d8f869
Update AITG-APP-04_Testing_for_Input_Leakage.md
...
Co-authored-by: Yoni Birman <birmanbirman@gmail.com >
2025-08-31 23:13:40 +03:00
296224d780
Update AITG-APP-04_Testing_for_Input_Leakage.md
...
adding adversarial input test cases
2025-08-13 11:46:54 +03:00
0ed6bb99ad
added secml-torch and adv-lib, updated description of deepsec
2025-08-08 10:16:15 +02:00
be0385d8cf
Update AITG-MOD-01_Testing_for_Evasion_Attacks.md
...
Update AI security testing tools by adding difference between general-purpose and domain-specific libraries
2025-08-08 09:57:15 +02:00
3bd5536fbd
Update AITG-APP-05_Testing_for_Unsafe_Outputs.md
...
fixed a typo
2025-08-05 16:24:06 +05:30
e5e95445cb
Update AITG-APP-01_Testing_for_Prompt_Injection.md
...
added more examples of filter bypass while attempting to extract sensitive information
2025-08-05 16:21:26 +05:30
22eaecdd59
Update AITG-APP-03_Testing_for_Sensitive_Data_Leak.md
...
Added additional prompts on testing for implementation details leak
2025-08-05 15:56:08 +05:30
befe2755c7
Introduced Debunking tests and a differentiation between "Factuality and Misinformation" and "Debunking" hallucinations. As described by Giskard in the Phrase benchmark.
2025-08-03 14:34:38 +02:00
d27026fda7
Merge branch 'OWASP:main' into main
2025-07-25 20:30:56 +02:00
0dd87354da
1. Specified that temperature=0 does not imply reproducibility ( https://arxiv.org/pdf/2506.09501 )
...
2. Pointed out that LLMs are generally less secure in low-resource languages
3. Made some order on the payloads for the bias test, now it using always the same base example.
2025-07-25 20:26:32 +02:00
897c532bba
+ Planning instructions to avoid issues with token consumption
2025-07-25 12:18:11 +02:00
9da16a16c1
Correction of the readme to refer to the correct changed test
2025-07-17 15:22:07 +02:00
977235af4d
Introduction of the AITG-APP-10_Testing_for_Content_Bias.md, with tests to detect biased decisions made by the AI System.
2025-07-17 15:16:22 +02:00
49ee4b9d6c
The unsafe output test now includes hate releated unsafe content as part of the tests.
...
AITG-APP-10_Testing_for_Harmful_Content_Bias.md replaced with AITG-APP-10_Testing_for_Content_Bias.md, and now it focuses on the detection of biases contened in the generated outputs.
2025-07-17 15:14:33 +02:00
82b7a18ef4
README updated
2025-07-14 08:19:58 +02:00
2b16a5c5f3
+ Testing Limitations and Requirements
2025-07-13 11:21:09 +02:00
71b4f26900
Merge pull request #20 from fedric95/main
2025-07-12 21:30:58 +04:00
198167aebe
- Introduced the necessity of defining a safety taxonomy before conducting the tests: the definition of what is safe and what is unsafe depends on the application.
...
- Linked an existing safety taxonomy
- Added examples of moderation models
- Removed most of the references to the concept of bias. They should be addressed in another test.
TO-DO
- Include tests that consider the potential multimodal nature of the application (right now it is more text-only)
- Make a specific test to evaluate the biases of the AI application under test and remove all the references to biases in this test
2025-07-12 19:12:00 +02:00
Matteo Meucci