CalvinBackup/www-project-ai-testing-guide
1
0
Fork 0
mirror of https://github.com/OWASP/www-project-ai-testing-guide.git synced 2026-05-31 19:41:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
198167aebee9f1d7b9b252b86f00abe0994e99a4
www-project-ai-testing-guide/Document
T
History
Federico Ricciuti 198167aebe - Introduced the necessity of defining a safety taxonomy before conducting the tests: the definition of what is safe and what is unsafe depends on the application. 
- Linked an existing safety taxonomy
- Added examples of moderation models
- Removed most of the references to the concept of bias. They should be addressed in another test.

TO-DO

- Include tests that consider the potential multimodal nature of the application (right now it is more text-only)
- Make a specific test to evaluate the biases of the AI application under test and remove all the references to biases in this test
2025-07-12 19:12:00 +02:00
..
content
- Introduced the necessity of defining a safety taxonomy before conducting the tests: the definition of what is safe and what is unsafe depends on the application.
2025-07-12 19:12:00 +02:00
images
Add files via upload
2025-06-18 11:07:05 +02:00
README.md
Update README.md
2025-06-18 12:06:26 +02:00

README.md

OWASP AI Testing Guide Table of Contents

1. Introduction

2. Threat Modeling for AI Systems

3. OWASP AI Testing Guide Framework

3.1 🟦 AI Application Testing

Test ID Test Name & Link
AITG-APP-01 Testing for Prompt Injection
AITG-APP-02 Testing for Indirect Prompt Injection
AITG-APP-03 Testing for Sensitive Data Leak
AITG-APP-04 Testing for Input Leakage
AITG-APP-05 Testing for Unsafe Outputs
AITG-APP-06 Testing for Agentic Behavior Limits
AITG-APP-07 Testing for Prompt Disclosure
AITG-APP-08 Testing for Embedding Manipulation
AITG-APP-09 Testing for Model Extraction
AITG-APP-10 Testing for Harmful Content Bias
AITG-APP-11 Testing for Hallucinations
AITG-APP-12 Testing for Toxic Output
AITG-APP-13 Testing for Over-Reliance on AI
AITG-APP-14 Testing for Explainability and Interpretability

3.2 🟪 AI Model Testing

Test ID Test Name & Link
AITG-MOD-01 Testing for Evasion Attacks
AITG-MOD-02 Testing for Runtime Model Poisoning
AITG-MOD-03 Testing for Poisoned Training Sets
AITG-MOD-04 Testing for Membership Inference
AITG-MOD-05 Testing for Inversion Attacks
AITG-MOD-06 Testing for Robustness to New Data
AITG-MOD-07 Testing for Goal Alignment

3.3 🟩 AI Infrastructure Testing

Test ID Test Name & Link
AITG-INF-01 Testing for Supply Chain Tampering
AITG-INF-02 Testing for Resource Exhaustion
AITG-INF-03 Testing for Plugin Boundary Violations
AITG-INF-04 Testing for Capability Misuse
AITG-INF-05 Testing for Fine-tuning Poisoning
AITG-INF-06 Testing for Dev-Time Model Theft

3.4 🟨 AI Data Testing

Test ID Test Name & Link
AITG-DAT-01 Testing for Training Data Exposure
AITG-DAT-02 Testing for Runtime Exfiltration
AITG-DAT-03 Testing for Dataset Diversity & Coverage
AITG-DAT-04 Testing for Harmful Content in Data
AITG-DAT-05 Testing for Data Minimization & Consent

4. Chapter 4: Domain Specific Testing

References

Reference in New Issue View Git Blame Copy Permalink