export const PLUGIN_CATEGORIES = [ 'Brand', 'Compliance and Legal', 'Dataset', 'Security and Access Control', 'Trust and Safety', 'Custom', ] as const; export interface CategoryDescription { category: PluginCategory; description: string; } export const CATEGORY_DESCRIPTIONS: CategoryDescription[] = [ { category: 'Brand', description: 'Tests focused on brand protection, including competitor mentions, misinformation, hallucinations, and model behavior that could impact brand reputation.', }, { category: 'Compliance and Legal', description: 'Tests for LLM behavior that may encourage illegal activity, breach contractual commitments, or violate intellectual property rights.', }, { category: 'Dataset', description: 'Pre-compiled collections of test cases from research datasets designed to evaluate model safety, robustness, and alignment.', }, { category: 'Security and Access Control', description: 'Technical security risk tests mapped to OWASP Top 10 for LLMs, APIs, and web applications, covering SQL injection, SSRF, broken access control, and cross-session leaks.', }, { category: 'Trust and Safety', description: 'Tests that attempt to produce illicit, graphic, or inappropriate responses from the LLM.', }, { category: 'Custom', description: 'Configurable tests for specific policies or generating custom probes for your use case.', }, ]; export const humanReadableCategoryList = PLUGIN_CATEGORIES.slice(0, -1).join(', ') + ', and ' + PLUGIN_CATEGORIES.slice(-1); export type PluginCategory = (typeof PLUGIN_CATEGORIES)[number]; export interface ApplicationTypes { agent: boolean; chat: boolean; rag: boolean; } export type VulnerabilityType = | 'bias' | 'criminal' | 'custom' | 'ecommerce' | 'financial' | 'harmful' | 'insurance' | 'medical' | 'misinformation and misuse' | 'pharmacy' | 'privacy' | 'realestate' | 'security' | 'telecom'; export interface Plugin { applicationTypes: ApplicationTypes; category: PluginCategory; description: string; label: string | null; link: string; name: string; pluginId: string; vulnerabilityType: VulnerabilityType; isRemote?: boolean; } // Type utility at the top type AssertArrayIsSorted = T extends readonly [ infer First extends { pluginId: string }, infer Second extends { pluginId: string }, ...infer Rest extends { pluginId: string }[], ] ? First['pluginId'] extends `${string}${Second['pluginId']}${string}` ? 'Array is not sorted by pluginId' : AssertArrayIsSorted<[Second, ...Rest]> : unknown; // Define array first, then assert type export const PLUGINS = [ { category: 'Security and Access Control', description: 'Tests whether an agent is vulnerable to memory poisoning attacks', label: 'security', link: '/docs/red-team/plugins/memory-poisoning/', name: 'Memory Poisoning', pluginId: 'agentic:memory-poisoning', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Attempts to obfuscate malicious content using ASCII smuggling', label: 'technical', link: '/docs/red-team/plugins/ascii-smuggling/', name: 'ASCII Smuggling', pluginId: 'ascii-smuggling', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Dataset', description: 'Uses the BeaverTails prompt injection dataset', label: 'harmful', link: '/docs/red-team/plugins/beavertails/', name: 'BeaverTails', pluginId: 'beavertails', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Security and Access Control', description: 'Broken Function Level Authorization (BFLA) tests', label: 'technical', link: '/docs/red-team/plugins/bfla/', name: 'Privilege Escalation', pluginId: 'bfla', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of age bias, stereotypes, and discrimination', label: 'bias', link: '/docs/red-team/plugins/bias/', name: 'Age Bias', pluginId: 'bias:age', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'bias', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of disability bias, stereotypes, and discrimination', label: 'bias', link: '/docs/red-team/plugins/bias/', name: 'Disability Bias', pluginId: 'bias:disability', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'bias', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of gender bias, stereotypes, and discrimination', label: 'bias', link: '/docs/red-team/plugins/bias/', name: 'Gender Bias', pluginId: 'bias:gender', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'bias', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of racial bias, stereotypes, and discrimination', label: 'bias', link: '/docs/red-team/plugins/bias/', name: 'Race Bias', pluginId: 'bias:race', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'bias', isRemote: true, }, { category: 'Security and Access Control', description: 'Broken Object Level Authorization (BOLA) tests', label: 'technical', link: '/docs/red-team/plugins/bola/', name: 'Unauthorized Data Access', pluginId: 'bola', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Simulates Context Compliance Attacks to test whether an AI system can be tricked into generating restricted content using manipulated chat history.', label: 'security', link: '/docs/red-team/plugins/context-compliance-attack/', name: 'CCA', pluginId: 'cca', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent persists unsafe behavior by modifying repository automation, hooks, package scripts, or release tasks.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Automation Poisoning', pluginId: 'coding-agent:automation-poisoning', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests coding agents against every supported coding-agent plugin, including prompt injection, terminal output injection, secret handling, sandbox boundaries, network egress, procfs credentials, delayed CI exfiltration, generated vulnerabilities, automation poisoning, steganographic exfiltration, and verifier sabotage risks.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Full Suite', pluginId: 'coding-agent:all', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests coding agents against repository prompt injection, terminal output injection, secret environment read, sandbox read escape, and verifier sabotage risks.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Core', pluginId: 'coding-agent:core', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent plants CI, workflow, hook, or scheduled automation changes that leak data after the immediate run.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Delayed CI Exfiltration', pluginId: 'coding-agent:delayed-ci-exfil', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent introduces insecure code while satisfying a normal feature or bugfix request.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Generated Vulnerability', pluginId: 'coding-agent:generated-vulnerability', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent makes unauthorized outbound network requests or bypasses the intended network policy.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Network Egress Bypass', pluginId: 'coding-agent:network-egress-bypass', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent reads process metadata, inherited environment, file descriptors, or runtime credentials through procfs-like surfaces.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Procfs Credential Read', pluginId: 'coding-agent:procfs-credential-read', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent follows prompt-injected instructions hidden in untrusted repository content.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Repo Prompt Injection', pluginId: 'coding-agent:repo-prompt-injection', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent reads canaries outside the intended workspace or sandbox boundary.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Sandbox Read Escape', pluginId: 'coding-agent:sandbox-read-escape', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent mutates files outside the intended workspace or sandbox boundary.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Sandbox Write Escape', pluginId: 'coding-agent:sandbox-write-escape', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent reads or reveals launcher-only secrets from its environment.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Secret Env Read', pluginId: 'coding-agent:secret-env-read', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent reads or reveals protected local files outside the task boundary.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Secret File Read', pluginId: 'coding-agent:secret-file-read', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent hides sensitive data in encoded, transformed, or low-visibility outputs and artifacts.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Steganographic Exfiltration', pluginId: 'coding-agent:steganographic-exfil', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent treats untrusted terminal output as instructions or propagates terminal-only receipts.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Terminal Output Injection', pluginId: 'coding-agent:terminal-output-injection', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether a coding agent weakens protected tests, verifier scripts, snapshots, policies, or lockfiles instead of fixing the requested code.', label: 'security', link: '/docs/red-team/plugins/coding-agent/', name: 'Coding Agent Verifier Sabotage', pluginId: 'coding-agent:verifier-sabotage', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Brand', description: 'Competitor mentions and endorsements', label: 'technical', link: '/docs/red-team/plugins/competitors/', name: 'Competitor Endorsement', pluginId: 'competitors', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Compliance and Legal', description: 'Enters business or legal commitments without supervision', label: 'brand', link: '/docs/red-team/plugins/contracts/', name: 'Unsupervised Contracts', pluginId: 'contracts', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Compliance and Legal', description: "Tests compliance with children's privacy regulations (COPPA)", label: 'compliance', link: '/docs/red-team/plugins/coppa/', name: 'COPPA', pluginId: 'coppa', isRemote: true, applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'privacy', }, { category: 'Security and Access Control', description: 'Checks for information sharing between unrelated sessions', label: 'technical', link: '/docs/red-team/plugins/cross-session-leak/', name: 'Cross-Session Leak', pluginId: 'cross-session-leak', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Dataset', description: 'Tests prompt injection attacks using the CyberSecEval dataset', label: 'technical', link: '/docs/red-team/plugins/cyberseceval/', name: 'CyberSecEval', pluginId: 'cyberseceval', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Dataset', description: 'Tests prompt injection attacks using the Harmbench dataset', label: 'technical', link: '/docs/red-team/plugins/harmbench/', name: 'Harmbench', pluginId: 'harmbench', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Dataset', description: 'Evaluates model safety responses using the NVIDIA Aegis dataset', label: 'harmful', link: '/docs/red-team/plugins/aegis/', name: 'Aegis', pluginId: 'aegis', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Security and Access Control', description: 'Tests if an AI agent can be manipulated to exfiltrate sensitive data via indirect prompt injection in web content', label: 'technical', link: '/docs/red-team/plugins/data-exfil/', name: 'Data Exfiltration', pluginId: 'data-exfil', applicationTypes: { rag: false, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Attempts to access or use debugging commands', label: 'technical', link: '/docs/red-team/plugins/debug-access/', name: 'Debug Access', pluginId: 'debug-access', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', }, { category: 'Security and Access Control', description: 'Tests whether an AI system can be manipulated into revealing its training data through repetitive pattern exploitation.', label: 'security', link: '/docs/red-team/plugins/divergent-repetition/', name: 'Divergent Repetition', pluginId: 'divergent-repetition', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Dataset', description: 'Tests how well LLMs handle harmful queries using the DoNotAnswer dataset', label: 'technical', link: '/docs/red-team/plugins/donotanswer/', name: 'DoNotAnswer', pluginId: 'donotanswer', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Compliance and Legal', description: 'Tests for bypassing age, geographic, and regulatory restrictions on e-commerce products', label: 'compliance', link: '/docs/red-team/plugins/ecommerce/', name: 'E-commerce Compliance Bypass', pluginId: 'ecommerce:compliance-bypass', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'ecommerce', }, { category: 'Security and Access Control', description: 'Tests for order fraud, transaction manipulation, and return/refund policy abuse', label: 'security', link: '/docs/red-team/plugins/ecommerce/', name: 'E-commerce Order Fraud', pluginId: 'ecommerce:order-fraud', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'ecommerce', }, { category: 'Compliance and Legal', description: 'Tests for PCI DSS violations and payment card data exposure', label: 'compliance', link: '/docs/red-team/plugins/ecommerce/', name: 'E-commerce PCI DSS', pluginId: 'ecommerce:pci-dss', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'ecommerce', }, { category: 'Security and Access Control', description: 'Tests for unauthorized pricing changes, discount abuse, and promotional policy violations', label: 'security', link: '/docs/red-team/plugins/ecommerce/', name: 'E-commerce Price Manipulation', pluginId: 'ecommerce:price-manipulation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'ecommerce', }, { category: 'Brand', description: 'Model taking excessive initiative or misunderstanding its capabilities', label: 'brand', link: '/docs/red-team/plugins/excessive-agency/', name: 'Excessive Agency', pluginId: 'excessive-agency', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Compliance and Legal', description: 'Tests compliance with student educational privacy regulations (FERPA)', label: 'compliance', link: '/docs/red-team/plugins/ferpa/', name: 'FERPA', pluginId: 'ferpa', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'privacy', }, { category: 'Compliance and Legal', description: 'Tests for errors in financial calculations, risk assessments, or quantitative analysis', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-calculation-error', name: 'Financial Calculation Error', pluginId: 'financial:calculation-error', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for suggestions that violate securities laws, enable insider trading, or circumvent regulations', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-compliance-violation', name: 'Financial Compliance Violation', pluginId: 'financial:compliance-violation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests for inappropriate disclosure of MNPI, proprietary strategies, or confidential financial data', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-confidential-disclosure', name: 'Financial Confidential Disclosure', pluginId: 'financial:confidential-disclosure', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Brand', description: 'Tests for false financial narratives or misleading market information', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-counterfactual', name: 'Financial Counterfactual Narrative', pluginId: 'financial:counterfactual', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests for exposure of proprietary trading strategies or confidential financial data', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-data-leakage', name: 'Financial Data Leakage', pluginId: 'financial:data-leakage', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Brand', description: 'Tests for false statements damaging financial entity reputations', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-defamation', name: 'Financial Defamation', pluginId: 'financial:defamation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Brand', description: 'Tests for fabricated market data, non-existent financial instruments, or fictional company information', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-hallucination', name: 'Financial Hallucination', pluginId: 'financial:hallucination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for unauthorized financial advice or transaction facilitation', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-impartiality', name: 'Financial Services Impartiality', pluginId: 'financial:impartiality', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Compliance and Legal', description: "Tests for unsuitable financial product recommendations or downplaying of risks under Japan's FIEA", label: 'technical', link: '/docs/red-team/plugins/financial/#japan-fiea-suitability', name: 'Japan FIEA Suitability', pluginId: 'financial:japan-fiea-suitability', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for facilitation of financial crimes or market manipulation', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-misconduct', name: 'Financial Services Misconduct', pluginId: 'financial:misconduct', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for suggestions that violate Sarbanes-Oxley requirements including internal controls, financial reporting, and audit integrity', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-sox-compliance', name: 'Financial SOX Compliance', pluginId: 'financial:sox-compliance', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Brand', description: 'Tests for agreeing with risky investment strategies or validating get-rich-quick schemes', label: 'technical', link: '/docs/red-team/plugins/financial/#financial-sycophancy', name: 'Financial Sycophancy', pluginId: 'financial:sycophancy', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'financial', isRemote: true, }, { category: 'Brand', description: "Tests whether AI systems recognize when optimizing measurable proxy metrics might not align with true underlying objectives (Goodhart's Law)", label: 'brand', link: '/docs/red-team/plugins/goal-misalignment/', name: 'Goal Misalignment', pluginId: 'goal-misalignment', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Brand', description: 'Model generating false or misleading information', label: 'brand', link: '/docs/red-team/plugins/hallucination/', name: 'Hallucination', pluginId: 'hallucination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Compliance and Legal', description: 'Content related to chemical or biological weapons', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Chemical & Biological Weapons', pluginId: 'harmful:chemical-biological-weapons', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Trust and Safety', description: 'Content exploiting or harming children', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Child Exploitation', pluginId: 'harmful:child-exploitation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content violating copyright laws', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Copyright Violations', pluginId: 'harmful:copyright-violations', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content related to cybercriminal activities', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Cybercrime', pluginId: 'harmful:cybercrime', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests creation of malicious code', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Malicious Code', pluginId: 'harmful:cybercrime:malicious-code', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Trust and Safety', description: 'Displaying graphic or violent content', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Graphic Content', pluginId: 'harmful:graphic-content', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Trust and Safety', description: 'Content that harasses or bullies individuals', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Harassment and Bullying', pluginId: 'harmful:harassment-bullying', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Trust and Safety', description: 'Content that promotes hate or discrimination', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Hate Speech', pluginId: 'harmful:hate', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content promoting illegal activities', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Illegal Activities', pluginId: 'harmful:illegal-activities', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content related to illegal drug use or trade', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Illegal Drugs', pluginId: 'harmful:illegal-drugs', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of methamphetamine-related content', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Methamphetamine', pluginId: 'harmful:illegal-drugs:meth', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content related to weapons without context', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Indiscriminate Weapons', pluginId: 'harmful:indiscriminate-weapons', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Trust and Safety', description: 'Content that insults or demeans individuals', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Insults', pluginId: 'harmful:insults', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content violating intellectual property rights', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Intellectual Property Violation', pluginId: 'harmful:intellectual-property', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Brand', description: 'Spreading false or misleading information', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Misinformation and Disinformation', pluginId: 'harmful:misinformation-disinformation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content related to non-violent criminal activities', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Non-Violent Crime', pluginId: 'harmful:non-violent-crime', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Security and Access Control', description: 'Content violating privacy rights', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Privacy Violation', pluginId: 'harmful:privacy', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'privacy', isRemote: true, }, { category: 'Trust and Safety', description: 'Content containing profane or inappropriate language', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Profanity', pluginId: 'harmful:profanity', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Trust and Safety', description: 'Content that promotes radical or extremist views', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Radicalization', pluginId: 'harmful:radicalization', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Trust and Safety', description: 'Content that encourages self-harm or suicide', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Self Harm', pluginId: 'harmful:self-harm', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content related to sexual crimes', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Sex Crimes', pluginId: 'harmful:sex-crime', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Trust and Safety', description: 'Explicit or inappropriate sexual content', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Sexual Content', pluginId: 'harmful:sexual-content', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Compliance and Legal', description: 'Providing advice in specialized fields without expertise', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Specialized Advice', pluginId: 'harmful:specialized-advice', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content promoting unsafe or harmful practices', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Unsafe Practices', pluginId: 'harmful:unsafe-practices', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Compliance and Legal', description: 'Content related to violent criminal activities', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'Violent Crime', pluginId: 'harmful:violent-crime', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'criminal', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of Improvised Explosive Devices', label: 'harmful', link: '/docs/red-team/plugins/harmful/', name: 'IED', pluginId: 'harmful:weapons:ied', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Security and Access Control', description: 'Unauthorized or off-topic resource use', label: 'technical', link: '/docs/red-team/plugins/hijacking/', name: 'Hijacking', pluginId: 'hijacking', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Brand', description: 'Imitates people, brands, or organizations', label: 'brand', link: '/docs/red-team/plugins/imitation/', name: 'Imitation', pluginId: 'imitation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Security and Access Control', description: 'Tests if the prompt is vulnerable to instructions injected into variables in the prompt', label: 'technical', link: '/docs/red-team/plugins/indirect-prompt-injection/', name: 'Indirect Prompt Injection', pluginId: 'indirect-prompt-injection', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Custom', description: 'Probes the model with specific inputs', label: 'technical', link: '/docs/red-team/plugins/intent/', name: 'Custom Prompts', pluginId: 'intent', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'custom', }, { category: 'Security and Access Control', description: 'Tests for vulnerabilities to Model Context Protocol (MCP) attacks', label: 'technical', link: '/docs/red-team/plugins/mcp/', name: 'Model Context Protocol', pluginId: 'mcp', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for medical anchoring bias where AI fixates on irrelevant information', label: 'technical', link: '/docs/red-team/plugins/medical/#medical-anchoring-bias', name: 'Medical Anchoring Bias', pluginId: 'medical:anchoring-bias', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests whether medical AI systems conceal intended-use boundaries, low-confidence outputs, subgroup limitations, data drift, or silent model-version updates', label: 'technical', link: '/docs/red-team/plugins/medical/#fda-ai-disclosure', name: 'FDA AI Disclosure', pluginId: 'medical:fda:ai-disclosure', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether medical-device AI systems enforce authenticated, role-scoped, deny-by-default access before privileged commands, maintenance actions, or therapy changes', label: 'technical', link: '/docs/red-team/plugins/medical/#fda-cyber-access-control', name: 'FDA Cyber Access Control', pluginId: 'medical:fda:cyber-access-control', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether medical-device AI systems help suppress anomaly alerts, rewrite audit trails, hide SBOM/version evidence, or disable forensic logging', label: 'technical', link: '/docs/red-team/plugins/medical/#fda-cyber-audit-tampering', name: 'FDA Cyber Audit Tampering', pluginId: 'medical:fda:cyber-audit-tampering', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for fabricated medical facts, studies, or drug interactions', label: 'technical', link: '/docs/red-team/plugins/medical/#medical-hallucination', name: 'Medical Hallucination', pluginId: 'medical:hallucination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for factually wrong medical information that could cause harm', label: 'technical', link: '/docs/red-team/plugins/medical/#medical-incorrect-knowledge', name: 'Medical Incorrect Knowledge', pluginId: 'medical:incorrect-knowledge', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for inappropriate off-label medication recommendations without proper disclaimers', label: 'technical', link: '/docs/red-team/plugins/medical/#medical-off-label-use', name: 'Medical Off-Label Use', pluginId: 'medical:off-label-use', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for poor medical prioritization and triage decisions', label: 'technical', link: '/docs/red-team/plugins/medical/#medical-prioritization-error', name: 'Medical Prioritization Error', pluginId: 'medical:prioritization-error', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for agreeing with incorrect medical assumptions to be helpful', label: 'technical', link: '/docs/red-team/plugins/medical/#medical-sycophancy', name: 'Medical Sycophancy', pluginId: 'medical:sycophancy', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'medical', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests adherence to DEA regulations for controlled substance prescribing, dispensing, and monitoring', label: 'technical', link: '/docs/red-team/plugins/pharmacy/#controlled-substance-compliance', name: 'Controlled Substance Compliance', pluginId: 'pharmacy:controlled-substance-compliance', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'pharmacy', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests accuracy of pharmaceutical dosage calculations including weight-based dosing and renal adjustments', label: 'technical', link: '/docs/red-team/plugins/pharmacy/#dosage-calculation', name: 'Dosage Calculation', pluginId: 'pharmacy:dosage-calculation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'pharmacy', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests identification of dangerous drug-drug, drug-food, and drug-supplement interactions', label: 'technical', link: '/docs/red-team/plugins/pharmacy/#drug-interaction-detection', name: 'Drug Interaction Detection', pluginId: 'pharmacy:drug-interaction', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'pharmacy', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for discriminatory coverage decisions based on protected characteristics violating ADA, Section 1557, and GINA', label: 'technical', link: '/docs/red-team/plugins/insurance/#coverage-discrimination', name: 'Coverage Discrimination', pluginId: 'insurance:coverage-discrimination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'insurance', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether AI systems properly protect non-health policyholder data under GLBA, FCRA, DPPA, and state insurance privacy laws', label: 'technical', link: '/docs/red-team/plugins/insurance/#data-disclosure', name: 'Data Disclosure', pluginId: 'insurance:data-disclosure', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'insurance', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests accuracy of provider network information to prevent surprise medical bills and balance billing', label: 'technical', link: '/docs/red-team/plugins/insurance/#network-misinformation', name: 'Network Misinformation', pluginId: 'insurance:network-misinformation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'insurance', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether AI systems properly protect Protected Health Information (PHI) and satisfy health data privacy requirements', label: 'technical', link: '/docs/red-team/plugins/insurance/#phi-disclosure', name: 'PHI Disclosure', pluginId: 'insurance:phi-disclosure', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'insurance', isRemote: true, }, { category: 'Brand', description: 'Tests whether AI systems can be manipulated to go off-topic from their intended purpose', label: 'technical', link: '/docs/red-team/plugins/off-topic/', name: 'Off-Topic Manipulation', pluginId: 'off-topic', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Brand', description: 'Model susceptible to relying on an incorrect user assumption or input', label: 'technical', link: '/docs/red-team/plugins/overreliance/', name: 'Overreliance', pluginId: 'overreliance', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Security and Access Control', description: 'PII exposed through API or database', label: 'pii', link: '/docs/red-team/plugins/pii/', name: 'PII in API/Database', pluginId: 'pii:api-db', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'privacy', }, { category: 'Security and Access Control', description: 'Direct exposure of PII', label: 'pii', link: '/docs/red-team/plugins/pii/', name: 'Direct PII Exposure', pluginId: 'pii:direct', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'privacy', }, { category: 'Security and Access Control', description: 'PII exposed in session data', label: 'pii', link: '/docs/red-team/plugins/pii/', name: 'PII in Session Data', pluginId: 'pii:session', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'privacy', }, { category: 'Security and Access Control', description: 'PII exposed through social engineering', label: 'pii', link: '/docs/red-team/plugins/pii/', name: 'PII via Social Engineering', pluginId: 'pii:social', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'privacy', }, { category: 'Dataset', description: 'Tests LLM systems using a curated collection of prompts from https://github.com/elder-plinius/L1B3RT4S', label: 'technical', link: '/docs/red-team/plugins/pliny/', name: 'Pliny', pluginId: 'pliny', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Custom', description: 'Generates adversarial probes to test a custom configured policy', label: 'technical', link: '/docs/red-team/plugins/policy/', name: 'Custom Policy', pluginId: 'policy', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'custom', }, { category: 'Brand', description: 'Makes political statements', label: 'brand', link: '/docs/red-team/plugins/politics/', name: 'Political Opinions', pluginId: 'politics', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Security and Access Control', description: 'Attempts to get the model to reveal its system prompt', label: 'technical', link: '/docs/red-team/plugins/prompt-extraction/', name: 'Prompt Extraction', pluginId: 'prompt-extraction', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, { category: 'Compliance and Legal', description: 'Content related to RAG Document Exfiltration', label: 'technical', link: '/docs/red-team/plugins/rag-document-exfiltration', name: 'RAG Document Exfiltration', pluginId: 'rag-document-exfiltration', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests resistance against poisoning attacks on RAG retrieval systems', label: 'technical', link: '/docs/red-team/plugins/rag-poisoning/', name: 'RAG Poisoning', pluginId: 'rag-poisoning', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: "Tests whether RAG systems fabricate document citations, policy references, or source attributions that don't exist in the knowledge base", label: 'technical', link: '/docs/red-team/plugins/rag-source-attribution/', name: 'RAG Source Attribution', pluginId: 'rag-source-attribution', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether the model properly implements Role-Based Access Control (RBAC)', label: 'technical', link: '/docs/red-team/plugins/rbac/', name: 'RBAC Enforcement', pluginId: 'rbac', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', }, { category: 'Security and Access Control', description: 'Tests for vulnerability to computational resource exhaustion through excessive reasoning patterns. Applicable to reasoning models.', label: 'security', link: '/docs/red-team/plugins/reasoning-dos/', name: 'Reasoning DoS', pluginId: 'reasoning-dos', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for violations of Fair Housing Act disability protections and ADA requirements in housing', label: 'compliance', link: '/docs/red-team/plugins/realestate/#accessibility-discrimination', name: 'Accessibility Discrimination', pluginId: 'realestate:accessibility-discrimination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for Fair Housing Act violations in housing advertisements including discriminatory targeting', label: 'compliance', link: '/docs/red-team/plugins/realestate/#advertising-discrimination', name: 'Advertising Discrimination', pluginId: 'realestate:advertising-discrimination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests whether AI systems generate or assist with discriminatory property listings violating FHA', label: 'compliance', link: '/docs/red-team/plugins/realestate/#discriminatory-listings', name: 'Discriminatory Listings', pluginId: 'realestate:discriminatory-listings', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests whether AI systems treat protected classes differently or make discriminatory housing recommendations', label: 'compliance', link: '/docs/red-team/plugins/realestate/#fair-housing-discrimination', name: 'Fair Housing Discrimination', pluginId: 'realestate:fair-housing-discrimination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for ECOA and Fair Housing Act violations in mortgage lending including redlining', label: 'compliance', link: '/docs/red-team/plugins/realestate/#lending-discrimination', name: 'Lending Discrimination', pluginId: 'realestate:lending-discrimination', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for discrimination based on lawful income sources including Section 8 vouchers', label: 'compliance', link: '/docs/red-team/plugins/realestate/#source-of-income-discrimination', name: 'Source of Income Discrimination', pluginId: 'realestate:source-of-income', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for illegal steering practices directing buyers based on protected class characteristics', label: 'compliance', link: '/docs/red-team/plugins/realestate/#steering', name: 'Steering', pluginId: 'realestate:steering', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for algorithmic bias in property appraisals and automated valuation models', label: 'bias', link: '/docs/red-team/plugins/realestate/#valuation-bias', name: 'Valuation Bias', pluginId: 'realestate:valuation-bias', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'realestate', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests handling of religious content and bias', label: 'brand', link: '/docs/red-team/plugins/religion/', name: 'Religious Sensitivity', pluginId: 'religion', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', isRemote: true, }, { category: 'Security and Access Control', description: 'Attempts to execute shell commands through the model', label: 'technical', link: '/docs/red-team/plugins/shell-injection/', name: 'Shell Injection', pluginId: 'shell-injection', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', }, { category: 'Security and Access Control', description: 'Tests for special token injection vulnerabilities using conversation format delimiters', label: 'technical', link: '/docs/red-team/plugins/special-token-injection/', name: 'Special Token Injection', pluginId: 'special-token-injection', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Attempts to perform SQL injection attacks to manipulate database queries', label: 'technical', link: '/docs/red-team/plugins/sql-injection/', name: 'SQL Injection', pluginId: 'sql-injection', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', }, { category: 'Security and Access Control', description: 'Server-Side Request Forgery (SSRF) tests', label: 'technical', link: '/docs/red-team/plugins/ssrf/', name: 'Malicious Resource Fetching', pluginId: 'ssrf', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests if an AI system can be manipulated to ignore or override its original system prompt', label: 'security', link: '/docs/red-team/plugins/system-prompt-override', name: 'System Prompt Override', pluginId: 'system-prompt-override', applicationTypes: { rag: true, agent: true, chat: false, }, vulnerabilityType: 'security', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests for encouragement, sourcing, or circumvention tactics that help minors access age-restricted goods or services such as alcohol, vaping, gambling, weapons, or adult-only venues', label: 'harmful', link: '/docs/red-team/plugins/teen-safety/#age-restricted-goods-and-services', name: 'Age-Restricted Goods & Services', pluginId: 'teen-safety:age-restricted-goods-and-services', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Trust and Safety', description: 'Tests for promotion, glorification, or facilitation of dangerous challenges, unsafe stunts, risky experimentation, and dangerous at-home procedures inappropriate for teens', label: 'harmful', link: '/docs/red-team/plugins/teen-safety/#dangerous-content', name: 'Dangerous Activities & Challenges', pluginId: 'teen-safety:dangerous-content', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Trust and Safety', description: 'Tests for interactive roleplay involving minors that simulates romantic, sexual, or violent scenarios that could normalize exploitation or harm', label: 'harmful', link: '/docs/red-team/plugins/teen-safety/#dangerous-roleplay', name: 'Dangerous Roleplay', pluginId: 'teen-safety:dangerous-roleplay', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Trust and Safety', description: 'Tests for harmful body-ideal promotion, body shaming, and facilitation of unsafe restriction, purging, over-exercise, or concealment behaviors that can harm teens', label: 'harmful', link: '/docs/red-team/plugins/teen-safety/#harmful-body-ideals', name: 'Harmful Body Ideals', pluginId: 'teen-safety:harmful-body-ideals', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Compliance and Legal', description: 'Tests compliance with accessibility requirements under Section 255, ADA, and CVAA', label: 'compliance', link: '/docs/red-team/plugins/telecom/#accessibility-violation', name: 'Accessibility Violation', pluginId: 'telecom:accessibility-violation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests vulnerability to SIM swap attacks, authentication bypass, and account hijacking', label: 'security', link: '/docs/red-team/plugins/telecom/#account-takeover-prevention', name: 'Account Takeover', pluginId: 'telecom:account-takeover', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests accuracy of billing information and fee disclosure per FCC Truth-in-Billing', label: 'compliance', link: '/docs/red-team/plugins/telecom/#billing-misinformation', name: 'Billing Misinformation', pluginId: 'telecom:billing-misinformation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests accuracy of network coverage claims, 5G availability, and roaming information', label: 'compliance', link: '/docs/red-team/plugins/telecom/#coverage-misinformation', name: 'Coverage Misinformation', pluginId: 'telecom:coverage-misinformation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests protection of Customer Proprietary Network Information (CPNI) per FCC 47 U.S.C. Section 222', label: 'security', link: '/docs/red-team/plugins/telecom/#cpni-disclosure', name: 'CPNI Disclosure', pluginId: 'telecom:cpni-disclosure', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Trust and Safety', description: 'Tests accuracy of E911 information including location accuracy and VoIP limitations', label: 'compliance', link: '/docs/red-team/plugins/telecom/#e911-misinformation', name: 'E911 Misinformation', pluginId: 'telecom:e911-misinformation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests whether AI can be manipulated to assist with telecom-specific fraud schemes', label: 'security', link: '/docs/red-team/plugins/telecom/#fraud-enablement', name: 'Fraud Enablement', pluginId: 'telecom:fraud-enablement', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests proper handling of law enforcement data requests per CALEA, ECPA, and privacy law requirements', label: 'compliance', link: '/docs/red-team/plugins/telecom/#law-enforcement-request-handling', name: 'Law Enforcement Request Handling', pluginId: 'telecom:law-enforcement-request-handling', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Security and Access Control', description: 'Tests protection of customer location data from cell tower or GPS information', label: 'security', link: '/docs/red-team/plugins/telecom/#location-data-disclosure', name: 'Location Data Disclosure', pluginId: 'telecom:location-disclosure', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests accuracy of number portability information and protection against unauthorized port-outs', label: 'compliance', link: '/docs/red-team/plugins/telecom/#porting-misinformation', name: 'Porting Misinformation', pluginId: 'telecom:porting-misinformation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests compliance with TCPA including consent requirements and Do Not Call list', label: 'compliance', link: '/docs/red-team/plugins/telecom/#tcpa-violation', name: 'TCPA Violation', pluginId: 'telecom:tcpa-violation', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { category: 'Compliance and Legal', description: 'Tests for slamming (unauthorized carrier switches) and cramming (unauthorized charges) vulnerabilities', label: 'compliance', link: '/docs/red-team/plugins/telecom/#unauthorized-changes-slammingcramming', name: 'Unauthorized Changes (Slamming/Cramming)', pluginId: 'telecom:unauthorized-changes', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'telecom', isRemote: true, }, { applicationTypes: { agent: true, chat: true, rag: true, }, category: 'Security and Access Control', description: 'Tests whether an AI system can be tricked into revealing its underlying model identity, version, or creator', label: 'technical', link: '/docs/red-team/plugins/model-identification/', name: 'Model Identification', pluginId: 'model-identification', isRemote: true, vulnerabilityType: 'security', }, { applicationTypes: { agent: true, chat: true, rag: true, }, category: 'Security and Access Control', description: 'Tests if an AI system reveals the list of tools, functions, or API calls it has access to', label: 'technical', link: '/docs/red-team/plugins/tool-discovery/', name: 'Tool Discovery', pluginId: 'tool-discovery', vulnerabilityType: 'security', }, { category: 'Dataset', description: 'Tests handling of toxic user prompts from the ToxicChat dataset', label: 'harmful', link: '/docs/red-team/plugins/toxic-chat/', name: 'ToxicChat', pluginId: 'toxic-chat', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Brand', description: 'Tests whether AI systems make claims that cannot be verified even in principle', label: 'brand', link: '/docs/red-team/plugins/unverifiable-claims/', name: 'Unverifiable Claims', pluginId: 'unverifiable-claims', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'misinformation and misuse', }, { category: 'Dataset', description: 'Tests handling of unsafe image content through multi-modal model evaluation', label: 'harmful', link: '/docs/red-team/plugins/unsafebench/', name: 'UnsafeBench', pluginId: 'unsafebench', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Dataset', description: 'Tests handling of potentially unsafe image content using the VLGuard dataset', label: 'harmful', link: '/docs/red-team/plugins/vlguard/', name: 'VLGuard', pluginId: 'vlguard', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Dataset', description: 'Tests compositional safety where individually safe images and text combine to produce harmful outputs', label: 'harmful', link: '/docs/red-team/plugins/vlsu/', name: 'VLSU', pluginId: 'vlsu', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', }, { category: 'Trust and Safety', description: 'Tests whether AI systems can be tricked into generating profanity through innocent-seeming wordplay', label: 'harmful', link: '/docs/red-team/plugins/wordplay/', name: 'Wordplay', pluginId: 'wordplay', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'harmful', isRemote: true, }, { category: 'Dataset', description: 'Tests how well LLMs handle ambiguous words (homonyms) that can have both harmful and benign interpretations', label: 'technical', link: '/docs/red-team/plugins/xstest/', name: 'XSTest', pluginId: 'xstest', applicationTypes: { rag: true, agent: true, chat: true, }, vulnerabilityType: 'security', }, ] as const as readonly Plugin[]; // Compile-time check type _CheckSort = typeof PLUGINS extends AssertArrayIsSorted ? true : false; // Runtime check in development if (process.env.NODE_ENV === 'development') { const sorted = [...PLUGINS].sort((a, b) => a.pluginId.localeCompare(b.pluginId)); for (let i = 0; i < PLUGINS.length; i++) { if (PLUGINS[i].pluginId !== sorted[i].pluginId) { console.error( `PLUGINS array is not sorted correctly at index ${i}. Expected "${sorted[i].pluginId}" but found "${PLUGINS[i].pluginId}"`, ); } } }