AI Threat Testing

Offensive AI security testing and exploitation framework.

What It Does

Systematically tests LLM applications against the OWASP Top 10 for LLM Applications. Covers prompt injection (direct and indirect), prompt extraction, training data poisoning, model denial of service, supply chain vulnerabilities in model dependencies, insecure plugin and tool design, excessive agency exploitation, and information disclosure through model outputs.

Methodology

The framework follows the OWASP LLM Top 10 taxonomy:

1. LLM01: Prompt Injection — Direct injection via user input, indirect injection via ingested documents
2. LLM02: Insecure Output Handling — XSS via LLM output, SQL injection through LLM-generated queries
3. LLM03: Training Data Poisoning — Data integrity attacks, backdoor injection vectors
4. LLM04: Model Denial of Service — Resource exhaustion, attention flooding, recursive context attacks
5. LLM05: Supply Chain Vulnerabilities — Malicious models, poisoned datasets, vulnerable dependencies
6. LLM06: Sensitive Information Disclosure — Training data extraction, PII leakage testing
7. LLM07: Insecure Plugin Design — Plugin parameter injection, auth bypass, excessive permissions
8. LLM08: Excessive Agency — Unauthorized action execution, privilege escalation via tool use
9. LLM09: Overreliance — Hallucination exploitation, confidence manipulation
10. LLM10: Model Theft — Model extraction via API, architecture inference, weight recovery

When to Use

Use when testing any application that integrates LLMs, including chatbots, coding assistants, RAG pipelines, and AI-powered tool-calling agents. Trigger via the ai-threat-testing skill.

Usage

RedTeamScript(skill="ai-threat-testing", script="test_prompt_injection", args="--url https://chat.target.com/api --output ai-findings.json")

Related

• Source Code Auditor
• API Breaker