mirror of
https://github.com/OWASP/www-project-ai-testing-guide.git
synced 2026-05-31 11:39:30 +02:00
Matteo Meucci
d19e9da901
Updated the testing methodology for training data exposure vulnerabilities in AI systems, detailing the setup and execution of tests for direct storage access and inference-based data extraction.
OWASP AI Testing Guide Table of Contents
1. Introduction
2. Threat Modeling AI Systems
-
2.1.2 Identify AI System Responsible AI (RAI)/Trustworthy AI Threats
-
2.2 Appendix A: Rationale For Using SAIF (Secure AI Framework)
-
2.2Appendix B: Distributed, Immutable, Ephemeral (DIE) Threat Identification
-
2.2 Appendix D: Threat Enumeration to AI Architecture Components
-
2.2 Appendix E: Mapping AI Threats Against AI Systems Vulnerabilities (CVEs & CWEs)
3. OWASP AI Testing Guide Framework
- 3.1 🟦 AI Application Testing
| Test ID | Test Name & Link |
|---|---|
| AITG-APP-01 | Testing for Prompt Injection |
| AITG-APP-02 | Testing for Indirect Prompt Injection |
| AITG-APP-03 | Testing for Sensitive Data Leak |
| AITG-APP-04 | Testing for Input Leakage |
| AITG-APP-05 | Testing for Unsafe Outputs |
| AITG-APP-06 | Testing for Agentic Behavior Limits |
| AITG-APP-07 | Testing for Prompt Disclosure |
| AITG-APP-08 | Testing for Embedding Manipulation |
| AITG-APP-09 | Testing for Model Extraction |
| AITG-APP-10 | Testing for Content Bias |
| AITG-APP-11 | Testing for Hallucinations |
| AITG-APP-12 | Testing for Toxic Output |
| AITG-APP-13 | Testing for Over-Reliance on AI |
| AITG-APP-14 | Testing for Explainability and Interpretability |
- 3.2 🟪 AI Model Testing
| Test ID | Test Name & Link |
|---|---|
| AITG-MOD-01 | Testing for Evasion Attacks |
| AITG-MOD-02 | Testing for Runtime Model Poisoning |
| AITG-MOD-03 | Testing for Poisoned Training Sets |
| AITG-MOD-04 | Testing for Membership Inference |
| AITG-MOD-05 | Testing for Inversion Attacks |
| AITG-MOD-06 | Testing for Robustness to New Data |
| AITG-MOD-07 | Testing for Goal Alignment |
| Test ID | Test Name & Link |
|---|---|
| AITG-INF-01 | Testing for Supply Chain Tampering |
| AITG-INF-02 | Testing for Resource Exhaustion |
| AITG-INF-03 | Testing for Plugin Boundary Violations |
| AITG-INF-04 | Testing for Capability Misuse |
| AITG-INF-05 | Testing for Fine-tuning Poisoning |
| AITG-INF-06 | Testing for Dev-Time Model Theft |
- 3.4 🟨 AI Data Testing
| Test ID | Test Name & Link |
|---|---|
| AITG-DAT-01 | Testing for Training Data Exposure |
| AITG-DAT-02 | Testing for Runtime Exfiltration |
| AITG-DAT-03 | Testing for Dataset Diversity & Coverage |
| AITG-DAT-04 | Testing for Harmful Content in Data |
| AITG-DAT-05 | Testing for Data Minimization & Consent |