mirror of
https://github.com/OWASP/www-project-ai-testing-guide.git
synced 2026-03-20 01:03:33 +00:00
ae07885a80
Expanded the section on embedding manipulation to include detailed explanations of vulnerabilities, attack vectors, and testing objectives. Updated suggested tools for testing embedding robustness.
OWASP AI Testing Guide Table of Contents
1. Introduction
2. Threat Modeling AI Systems
-
2.1.2 Identify AI System Responsible AI (RAI)/Trustworthy AI Threats
-
2.2.1 Appendix A: Rationale For Using SAIF (Secure AI Framework)
-
2.2.2 Appendix B: Distributed, Immutable, Ephemeral (DIE) Threat Identification
-
2.2.4 Appendix D: Threat Enumeration to AI Architecture Components
-
2.2.5 Appendix E: Mapping AI Threats Against AI Systems Vulnerabilities (CVEs & CWEs)
3. OWASP AI Testing Guide Framework
| Test ID | Test Name & Link |
|---|---|
| AITG-APP-01 | Testing for Prompt Injection |
| AITG-APP-02 | Testing for Indirect Prompt Injection |
| AITG-APP-03 | Testing for Sensitive Data Leak |
| AITG-APP-04 | Testing for Input Leakage |
| AITG-APP-05 | Testing for Unsafe Outputs |
| AITG-APP-06 | Testing for Agentic Behavior Limits |
| AITG-APP-07 | Testing for Prompt Disclosure |
| AITG-APP-08 | Testing for Embedding Manipulation |
| AITG-APP-09 | Testing for Model Extraction |
| AITG-APP-10 | Testing for Content Bias |
| AITG-APP-11 | Testing for Hallucinations |
| AITG-APP-12 | Testing for Toxic Output |
| AITG-APP-13 | Testing for Over-Reliance on AI |
| AITG-APP-14 | Testing for Explainability and Interpretability |
- 3.2 🟪 AI Model Testing
| Test ID | Test Name & Link |
|---|---|
| AITG-MOD-01 | Testing for Evasion Attacks |
| AITG-MOD-02 | Testing for Runtime Model Poisoning |
| AITG-MOD-03 | Testing for Poisoned Training Sets |
| AITG-MOD-04 | Testing for Membership Inference |
| AITG-MOD-05 | Testing for Inversion Attacks |
| AITG-MOD-06 | Testing for Robustness to New Data |
| AITG-MOD-07 | Testing for Goal Alignment |
| Test ID | Test Name & Link |
|---|---|
| AITG-INF-01 | Testing for Supply Chain Tampering |
| AITG-INF-02 | Testing for Resource Exhaustion |
| AITG-INF-03 | Testing for Plugin Boundary Violations |
| AITG-INF-04 | Testing for Capability Misuse |
| AITG-INF-05 | Testing for Fine-tuning Poisoning |
| AITG-INF-06 | Testing for Dev-Time Model Theft |
- 3.4 🟨 AI Data Testing
| Test ID | Test Name & Link |
|---|---|
| AITG-DAT-01 | Testing for Training Data Exposure |
| AITG-DAT-02 | Testing for Runtime Exfiltration |
| AITG-DAT-03 | Testing for Dataset Diversity & Coverage |
| AITG-DAT-04 | Testing for Harmful Content in Data |
| AITG-DAT-05 | Testing for Data Minimization & Consent |