AI-penetration-testing  by Mr-Infect

AI and LLM security toolkit for offensive and defensive analysis

Created 1 year ago
259 stars

Top 97.7% on SourcePulse

GitHubView on GitHub
Project Summary

AI Penetration Testing | ML & LLM Security | Prompt Injection

This repository serves as a comprehensive resource hub for AI, Machine Learning (ML), and Large Language Model (LLM) security, focusing on offensive and defensive penetration testing techniques. It targets cybersecurity professionals, red teamers, and AI/ML researchers, providing essential knowledge and tools to address the growing critical need for securing AI systems against emerging threats like prompt injection and data poisoning.

How It Works

The project curates a wide array of information on AI/LLM security, detailing fundamental concepts, common attack vectors, and the OWASP LLM Top 10 risks. It categorizes threats such as prompt injection, sensitive data leakage, supply chain risks, and model poisoning, offering insights into their mechanisms and impact. The repository acts as a central point for discovering and accessing numerous offensive tools, frameworks, payload libraries, and research papers, facilitating hands-on exploration and defense strategy development.

Quick Start & Requirements

To begin, clone the repository using git clone https://github.com/Mr-Infect/AI-penetration-testing and navigate into the directory. Effective use requires a solid understanding of the AI/ML lifecycle, familiarity with LLMs, core penetration testing skills (e.g., XSS, SQLi, RCE), and proficiency in Python scripting.

Highlighted Details

  • Comprehensive coverage of AI/LLM attack categories including Prompt Injection, Sensitive Information Leakage, Supply Chain Risk, Data/Model Poisoning, Improper Output Handling, Excessive Agency, System Prompt Leakage, Vector Store Vulnerabilities, Misinformation, and Unbounded Resource Consumption.
  • Detailed breakdown of the OWASP LLM Top 10 (2024 Version) risks and associated SEO keywords.
  • Curated list of Offensive AI Pentesting Tools & Frameworks such as MITRE ATLAS, AI Goat, PromptTrace, and Lakera Gandalf.
  • Extensive collection of Prompt Injection Payload Libraries and links to research papers on various adversarial AI techniques.

Maintenance & Community

The repository welcomes community contributions via standard GitHub pull request workflows. While a GitHub profile link is provided, there are no explicit links to community channels like Discord or Slack, nor a public roadmap.

Licensing & Compatibility

The README does not specify a formal open-source license. A disclaimer states the project is intended solely for educational, research, and authorized ethical hacking purposes, with unauthorized use being illegal. This suggests restrictive usage terms rather than a permissive or copyleft license, potentially limiting commercial adoption or integration into closed-source projects without explicit permission.

Limitations & Caveats

The project's disclaimer explicitly limits its use to educational, research, and authorized ethical hacking contexts, prohibiting unauthorized use. No specific technical limitations, alpha/beta status, or known bugs are detailed within the README.

Health Check
Last Commit

4 months ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
0
Star History
13 stars in the last 30 days

Explore Similar Projects

Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), Michele Castata Michele Castata(President of Replit), and
3 more.

rebuff by protectai

0.1%
2k
SDK for LLM prompt injection detection
Created 3 years ago
Updated 1 year ago
Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), and
3 more.

llm-guard by protectai

0.6%
3k
Security toolkit for LLM interactions
Created 3 years ago
Updated 2 days ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits), Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), and
5 more.

PurpleLlama by meta-llama

0.3%
4k
LLM security toolkit for assessing/improving generative AI models
Created 2 years ago
Updated 1 week ago
Feedback? Help us improve.