mirror of
https://github.com/OWASP/www-project-ai-testing-guide.git
synced 2026-03-02 14:23:31 +00:00
9.8 KiB
9.8 KiB
3. AI Testing Guide Framework
Based on the Threat modeling performed at Chapter 2, we can now define a structured framework that maps the AI Architecture threats to concrete test cases. This project aims to bridge traditional cybersecurity, MLOps testing, and Responsible AI assessments under a unified structure.
Each test case is categorized under one of four pillars:
Before starting the analysis, it is important to take into account the limitations of this type of testing and consider the possibility of moving from a black-box approach to a grey-box or white-box approach, which requires additional information. Limitations and requirements are described in the chapter Testing Limitations and Requirements.
🟦 AI Application Testing
| Test ID | Test Name & Link | Threat Source | Domain(s) |
|---|---|---|---|
| AITG-APP-01 | Testing for Prompt Injection | OWASP Top 10 LLM 2025 | Security |
| AITG-APP-02 | Testing for Indirect Prompt Injection | OWASP Top 10 LLM 2025 | Security |
| AITG-APP-03 | Testing for Sensitive Data Leak | OWASP Top 10 LLM 2025 | Security, Privacy |
| AITG-APP-04 | Testing for Input Leakage | OWASP Top 10 LLM 2025 | Security, Privacy |
| AITG-APP-05 | Testing for Unsafe Outputs | OWASP Top 10 LLM 2025 | Security, RAI |
| AITG-APP-06 | Testing for Agentic Behavior Limits | OWASP Top 10 LLM 2025 | Security, Trustworthy AI |
| AITG-APP-07 | Testing for Prompt Disclosure | OWASP Top 10 LLM 2025 | Security, Privacy |
| AITG-APP-08 | Testing for Embedding Manipulation | OWASP Top 10 LLM 2025 | Security |
| AITG-APP-09 | Testing for Model Extraction | OWASP AI Exchange | Security |
| AITG-APP-10 | Testing for Harmful Content Bias | OWASP Top 10 LLM 2025 | RAI |
| AITG-APP-11 | Testing for Hallucinations | Trustworthy AI | Trustworthy AI |
| AITG-APP-12 | Testing for Toxic Output | Responsible AI | RAI |
| AITG-APP-13 | Testing for Over-Reliance on AI | Responsible AI | RAI, Trustworthy AI |
| AITG-APP-14 | Testing for Explainability and Interpretability | Responsible AI | RAI, Trustworthy AI |
🟪 AI Model Testing
| Test ID | Test Name & Link | Threat Source | Domain(s) |
|---|---|---|---|
| AITG-MOD-01 | Testing for Evasion Attacks | OWASP AI Exchange | Security |
| AITG-MOD-02 | Testing for Runtime Model Poisoning | OWASP Top 10 LLM 2025 | Security |
| AITG-MOD-03 | Testing for Poisoned Training Sets | OWASP Top 10 LLM 2025 | Security |
| AITG-MOD-04 | Testing for Membership Inference | OWASP AI Exchange | Privacy |
| AITG-MOD-05 | Testing for Inversion Attacks | OWASP AI Exchange | Privacy |
| AITG-MOD-06 | Testing for Robustness to New Data | Trustworthy AI | Trustworthy AI |
| AITG-MOD-07 | Testing for Goal Alignment | Trustworthy AI | Trustworthy AI |
🟩 AI Infrastructure Testing
| Test ID | Test Name & Link | Threat Source | Domain(s) |
|---|---|---|---|
| AITG-INF-01 | Testing for Supply Chain Tampering | OWASP Top 10 LLM 2025 | Security |
| AITG-INF-02 | Testing for Resource Exhaustion | OWASP Top 10 LLM 2025 | Security |
| AITG-INF-03 | Testing for Plugin Boundary Violations | Trustworthy AI | Trustworthy AI |
| AITG-INF-04 | Testing for Capability Misuse | Responsible AI | RAI, Trustworthy AI |
| AITG-INF-05 | Testing for Fine-tuning Poisoning | OWASP Top 10 LLM 2025 | Security |
| AITG-INF-06 | Testing for Dev-Time Model Theft | OWASP AI Exchange | Security, Privacy |
🟨 AI Data Testing
| Test ID | Test Name & Link | Threat Source | Domain(s) |
|---|---|---|---|
| AITG-DAT-01 | Testing for Training Data Exposure | OWASP AI Exchange | Privacy |
| AITG-DAT-02 | Testing for Runtime Exfiltration | OWASP AI Exchange | Security, Privacy |
| AITG-DAT-03 | Testing for Dataset Diversity & Coverage | Responsible AI | RAI |
| AITG-DAT-04 | Testing for Harmful Content in Data | Responsible AI | RAI |
| AITG-DAT-05 | Testing for Data Minimization & Consent | Trustworthy AI | Privacy, Trustworthy AI |
NEXT: 3.0 Testing Limitations and Requirements