www-project-ai-testing-guide/PDFGenerator/ToC.md

OWASP AI Testing Guide Table of Contents

1. Introduction

• 1.1 Preface and Contributors

• 1.2 Principles of AI Testing

• 1.3 Objectives of OWASP AI Testing Guide

2. Threat Modeling AI Systems

• 2.1 Identify AI System Threats

• 2.1.1 Map OWASP AI Threats To AI Architectural Components

• 2.1.2 Identify AI System Responsible AI (RAI)/Trustworthy AI Threats

• 2.2 Appendix A: Rationale For Using SAIF (Secure AI Framework)

• 2.2 Appendix B: Distributed, Immutable, Ephemeral (DIE) Threat Identification

• 2.2 Appendix C: Risk Lifecycle for Secure AI Systems

• 2.2 Appendix D: Threat Enumeration to AI Architecture Components

• 2.2 Appendix E: Mapping AI Threats Against AI Systems Vulnerabilities (CVEs & CWEs)

3. OWASP AI Testing Guide Framework

• 3.1 🟦 AI Application Testing

• 3.1.1 | AITG-APP-01 | Testing for Prompt Injection |

• 3.1.2 | AITG-APP-02 | Testing for Indirect Prompt Injection |

• 3.1.3 | AITG-APP-03 | Testing for Sensitive Data Leak |

• 3.1.4 | AITG-APP-04 | Testing for Input Leakage |

• 3.1.5 | AITG-APP-05 | Testing for Unsafe Outputs |

• 3.1.6 | AITG-APP-06 | Testing for Agentic Behavior Limits |

• 3.1.7 | AITG-APP-07 | Testing for Prompt Disclosure |

• 3.1.8 | AITG-APP-08 | Testing for Embedding Manipulation |

• 3.1.9 | AITG-APP-09 | Testing for Model Extraction |

• 3.1.10 | AITG-APP-10 | Testing for ../Document/content Bias |

• 3.1.11 | AITG-APP-11 | Testing for Hallucinations |

• 3.1.12 | AITG-APP-12 | Testing for Toxic Output |

• • 3.1.13 | AITG-APP-13 | Testing for Over-Reliance on AI |

• 3.1.14 | AITG-APP-14 | Testing for Explainability and Interpretability |

• 3.2 🟪 AI Model Testing

| AITG-MOD-01 | Testing for Evasion Attacks | | AITG-MOD-02 | Testing for Runtime Model Poisoning | | AITG-MOD-03 | Testing for Poisoned Training Sets | | AITG-MOD-04 | Testing for Membership Inference | | AITG-MOD-05 | Testing for Inversion Attacks | | AITG-MOD-06 | Testing for Robustness to New Data | | AITG-MOD-07 | Testing for Goal Alignment |

---

• 3.3 🟩 AI Infrastructure Testing

Test ID	Test Name & Link
AITG-INF-01	Testing for Supply Chain Tampering
AITG-INF-02	Testing for Resource Exhaustion
AITG-INF-03	Testing for Plugin Boundary Violations
AITG-INF-04	Testing for Capability Misuse
AITG-INF-05	Testing for Fine-tuning Poisoning
AITG-INF-06	Testing for Dev-Time Model Theft

---

• 3.4 🟨 AI Data Testing

Test ID	Test Name & Link
AITG-DAT-01	Testing for Training Data Exposure
AITG-DAT-02	Testing for Runtime Exfiltration
AITG-DAT-03	Testing for Dataset Diversity & Coverage
AITG-DAT-04	Testing for Harmful ../Document/content in Data
AITG-DAT-05	Testing for Data Minimization & Consent

4. Chapter 4: Domain Specific Testing

References