Commit bfe79aa
committed
Updates to the AI Application Security templates
These updates are to match the VRT update - bugcrowd/vulnerability-rating-taxonomy#464
Adding:
P1 - AI Application Security - Training Data Poisoning - Backdoor Injection / Bias Manipulation
P1 - AI Application Security - Model Extraction - API Query-Based Model Reconstruction
P1 - AI Application Security - Sensitive Information Disclosure - Cross-Tenant PII Leakage/Exposure .
P1 - AI Application Security - Sensitive Information Disclosure - Key Leak
P1 - AI Application Security - Remote Code Execution - Full System Compromise
P2 - AI Application Security - Remote Code Execution - Sandboxed Container Code Execution
P2 - AI Application Security - Prompt Injection - System Prompt Leakage
P2 - AI Application Security - Vector and Embedding Weaknesses - Embedding Exfiltration / Model Extraction
P3 - AI Application Security - Vector and Embedding Weaknesses - Semantic Indexing
P2 - AI Application Security - Denial-of-Service (DoS) - Application-Wide
P4 - AI Application Security - AI Safety - Misinformation / Wrong Factual Data
P4 - AI Application Security - Insufficient Rate Limiting - Query Flooding / API Token Abuse
P4 - AI Application Security - Denial-of-Service (DoS) - Tenant-Scoped
P4 - AI Application Security - Adversarial Example Injection - AI Misclassification Attacks
P3 - AI Application Security - Improper Output Handling - Cross-Site Scripting (XSS)
P4 - AI Application Security - Improper Output Handling - Markdown/HTML Injection
P5 - AI Application Security - Improper Input Handling - ANSI Escape Codes
P5 - AI Application Security - Improper Input Handling - Unicode Confusables
P5 - AI Application Security - Improper Input Handling - RTL Overrides
Removing:
P1 - AI Application Security - Large Language Model (LLM) Security - LLM Output Handling
P1 - AI Application Security - Large Language Model (LLM) Security - Prompt Injection
P1 - AI Application Security - Large Language Model (LLM) Security - Training Data Poisoning
P2 - AI Application Security - Large Language Model (LLM) Security - Excessive Agency/Permission Manipulation1 parent a8c535c commit bfe79aa
File tree
126 files changed
+891
-91
lines changed- submissions/description/ai_application_security
- adversarial_example_injection
- ai_misclassification_attacks
- ai_safety
- misinformation_wrong_factual_data
- denial_of_service_dos
- application_wide
- tenant_scoped
- improper_input_handling
- ansi_escape_codes
- rtl_overrides
- unicode_confusables
- improper_output_handling
- cross_site_scripting_xss
- markdown_html_injection
- insufficient_rate_limiting
- query_flooding_api_token_abuse
- llm_security
- excessive_agency_permission_manipulation
- llm_output_handling
- training_data_poisoning
- model_extraction
- api_query_based_model_reconstruction
- prompt_injection
- system_prompt_leakage
- remote_code_execution
- full_system_compromise
- sensitive_information_disclosure
- cross_tenant_pii_leakage_exposure
- sandboxed_container_code_execution
- training_data_poisoning
- backdoor_injection_bias_manipulation
- vector_and_embedding_weaknesses
- embedding_exfiltration_model_extraction
- semantic_indexing
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
126 files changed
+891
-91
lines changedWhitespace-only changes.
Whitespace-only changes.
Lines changed: 6 additions & 0 deletions
Lines changed: 20 additions & 0 deletions
Lines changed: 6 additions & 0 deletions
Whitespace-only changes.
0 commit comments