CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-03-20 17:23:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
232 Commits 2 Branches 0 Tags
53ac4d679751a3e0423ac5485d5da019bbf9f71b
Commit Graph

142 Commits

Author SHA1 Message Date
Marco Morana
b99c7d9aa2 Update 2.2_Appendix_E.md 
Cambi cosmetici per chiarezza nella lettura
 2025-10-21 19:33:15 -04:00
Matteo Meucci
24bbc66504 Update 00_Preface and Contributors.md 2025-10-21 19:36:35 +02:00
Marco Morana
7de813ef92 Update 2.2_Appendix_E.md 
It is really 3 steps.. so revised again
 2025-10-21 13:13:32 -04:00
Marco Morana
47b241cb29 Update 2.2_Appendix_E.md 
aggiunta maggiore chiarezza su come la mappatura dalla minaccia al componente SAIF, al test e alle vulnerabilità (CVEs e CWEs) di quel componente renda il report di penetration testing più concreto e orientato all’azione, facilitando la formulazione di raccomandazioni di correzione efficaci.
 2025-10-21 12:21:10 -04:00
Matteo Meucci
c9438a0f81 Update title formatting in preface document 2025-10-21 17:20:42 +02:00
Matteo Meucci
d9f4df44b1 Add preface and contributors section for AITG 
This document serves as the preface and contributor acknowledgment for the OWASP AI Testing Guide, outlining the purpose, methodology, and contributors involved in the project.
 2025-10-21 16:51:11 +02:00
marti-jorda-roca
6a81e0318c Add reference to Echo Chamber attack blog 2025-10-16 17:21:47 +02:00
Marco Morana
f81590039d Update 2.2_Appendix_E.md 
Reorganized more organically with titles etc
 2025-10-16 08:54:50 -04:00
Marco Morana
ab21d1f5e7 Update README.md 
Changed the titles for Appendix sections to make it clear what the appendix cover and better selection from TOC
 2025-10-16 08:14:56 -04:00
Marco Morana
d8703cb1d0 Update 2.2_Appendix_E.md 
Should be the last. correction. I hope
 2025-10-15 13:57:41 -04:00
Marco Morana
29fd475e68 Update 2.2_Appendix_E.md 
Added more clarity to the CVE to SAIF and AI threats with an example
 2025-10-15 12:35:24 -04:00
Marco Morana
74cf81b771 Update 2.2_Appendix_E.md 
Revised the content to clarify and make it more actionable for pen testers
 2025-10-15 10:24:30 -04:00
Marco Morana
ce42b98b9e Create 2.2_Appendix_E.md 2025-10-14 17:57:46 -04:00
Marco Morana
1756c276ba Update README.md 
Add link to content appendix E
 2025-10-14 16:40:08 -04:00
Matteo Meucci
aaffd7e14c Merge pull request #27 from DotDotSlashRepo/main 
Enhancements to testcases
 2025-10-10 10:40:18 +02:00
Matteo Meucci
c0c38b582e Merge pull request #32 from zangobot/main 
Include more testing tools, by dividing them between general-purpouse or domain-specific
 2025-09-09 16:37:06 +02:00
Luca Demetrio
0749eeda55 Update AITG-MOD-01_Testing_for_Evasion_Attacks.md 
Removed typo
 2025-09-02 11:21:23 +02:00
Roei Arpaly
4182d8f869 Update AITG-APP-04_Testing_for_Input_Leakage.md 
Co-authored-by: Yoni Birman <birmanbirman@gmail.com>
 2025-08-31 23:13:40 +03:00
Roei Arpaly
296224d780 Update AITG-APP-04_Testing_for_Input_Leakage.md 
adding adversarial input test cases
 2025-08-13 11:46:54 +03:00
maurapintor
0ed6bb99ad added secml-torch and adv-lib, updated description of deepsec 2025-08-08 10:16:15 +02:00
Luca Demetrio
be0385d8cf Update AITG-MOD-01_Testing_for_Evasion_Attacks.md 
Update AI security testing tools by adding difference between general-purpose and domain-specific libraries
 2025-08-08 09:57:15 +02:00
DotDotSlash
3bd5536fbd Update AITG-APP-05_Testing_for_Unsafe_Outputs.md 
fixed a typo
 2025-08-05 16:24:06 +05:30
DotDotSlash
e5e95445cb Update AITG-APP-01_Testing_for_Prompt_Injection.md 
added more examples of filter bypass while attempting to extract sensitive information
 2025-08-05 16:21:26 +05:30
DotDotSlash
22eaecdd59 Update AITG-APP-03_Testing_for_Sensitive_Data_Leak.md 
Added additional prompts on testing for implementation details leak
 2025-08-05 15:56:08 +05:30
Federico Ricciuti
befe2755c7 Introduced Debunking tests and a differentiation between "Factuality and Misinformation" and "Debunking" hallucinations. As described by Giskard in the Phrase benchmark. 2025-08-03 14:34:38 +02:00
fedric95
d27026fda7 Merge branch 'OWASP:main' into main 2025-07-25 20:30:56 +02:00
Federico Ricciuti
0dd87354da 1. Specified that temperature=0 does not imply reproducibility (https://arxiv.org/pdf/2506.09501) 
2. Pointed out that LLMs are generally less secure in low-resource languages
3. Made some order on the payloads for the bias test, now it using always the same base example.
 2025-07-25 20:26:32 +02:00
federicodotta
897c532bba + Planning instructions to avoid issues with token consumption 2025-07-25 12:18:11 +02:00
Federico Ricciuti
9da16a16c1 Correction of the readme to refer to the correct changed test 2025-07-17 15:22:07 +02:00
Federico Ricciuti
977235af4d Introduction of the AITG-APP-10_Testing_for_Content_Bias.md, with tests to detect biased decisions made by the AI System. 2025-07-17 15:16:22 +02:00
Federico Ricciuti
49ee4b9d6c The unsafe output test now includes hate releated unsafe content as part of the tests. 
AITG-APP-10_Testing_for_Harmful_Content_Bias.md replaced with AITG-APP-10_Testing_for_Content_Bias.md, and now it focuses on the detection of biases contened in the generated outputs.
 2025-07-17 15:14:33 +02:00
federicodotta
82b7a18ef4 README updated 2025-07-14 08:19:58 +02:00
federicodotta
2b16a5c5f3 + Testing Limitations and Requirements 2025-07-13 11:21:09 +02:00
Matteo Meucci
71b4f26900 Merge pull request #20 from fedric95/main 2025-07-12 21:30:58 +04:00
Federico Ricciuti
198167aebe - Introduced the necessity of defining a safety taxonomy before conducting the tests: the definition of what is safe and what is unsafe depends on the application. 
- Linked an existing safety taxonomy
- Added examples of moderation models
- Removed most of the references to the concept of bias. They should be addressed in another test.

TO-DO

- Include tests that consider the potential multimodal nature of the application (right now it is more text-only)
- Make a specific test to evaluate the biases of the AI application under test and remove all the references to biases in this test
 2025-07-12 19:12:00 +02:00
federicodotta
5dbedf3dc3 Prompt Injection Techniques section addeded 2025-07-12 13:51:10 +02:00
federicodotta
5a434e776b Update in typo tricks 2025-07-12 12:35:05 +02:00
federicodotta
a56ba3f4e6 + Echo Chamber Attack 2025-07-12 12:24:58 +02:00
federicodotta
b483d240cf + AntiGPT reference 2025-07-12 11:53:03 +02:00
federicodotta
abfcbde568 + AntiGPT Prompt Injection 2025-07-12 11:49:27 +02:00
Marco Morana
250ead1ffc Update 2.1_Identify_AI_Threats.md 
Re-aligned all references and links
 2025-07-09 11:38:48 -04:00
Marco Morana
f821459f13 Update 2.1_Identify_AI_Threats.md 
Reference more specialized taxonomies like the one developed by Pangea
 2025-07-09 10:18:43 -04:00
Marco Morana
5fef43e31f Update References.md 
Added ref [23] to PJI taxonomy
 2025-07-09 09:55:52 -04:00
Marco Morana
2c6a41ef75 Update 2.1_Identify_AI_Threats.md 
Add note on risk
 2025-07-08 18:17:12 -04:00
Marco Morana
84c9c7c989 Testing small edits 2025-06-30 15:36:22 -04:00
Didier Durand
e754867dd5 fixing typos in multiple texts. 2025-06-29 13:48:42 +02:00
GraoMelo
b03267133e Update 2.2_Appendix_B.md 
fixed #8
 2025-06-26 15:12:53 -03:00
federicodotta
a50c0ceb65 Fix copy/paste error in AITG-INF-02 2025-06-26 18:36:36 +02:00
federicodotta
d390fa1605 Add some attack vectors and some additional notes to AITG-INF-02 2025-06-26 18:29:32 +02:00
federicodotta
77ebe9e3b5 Add prompt disclosure techniques 2025-06-26 16:42:50 +02:00