0d3cb498a3
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Waiting to run
Test and Publish Multi-arch Docker Image / test (push) Waiting to run
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Blocked by required conditions
Validate Renovate Config / Validate Renovate Configuration (push) Waiting to run
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
2501 lines
70 KiB
TypeScript
2501 lines
70 KiB
TypeScript
export const PLUGIN_CATEGORIES = [
|
|
'Brand',
|
|
'Compliance and Legal',
|
|
'Dataset',
|
|
'Security and Access Control',
|
|
'Trust and Safety',
|
|
'Custom',
|
|
] as const;
|
|
|
|
export interface CategoryDescription {
|
|
category: PluginCategory;
|
|
description: string;
|
|
}
|
|
|
|
export const CATEGORY_DESCRIPTIONS: CategoryDescription[] = [
|
|
{
|
|
category: 'Brand',
|
|
description:
|
|
'Tests focused on brand protection, including competitor mentions, misinformation, hallucinations, and model behavior that could impact brand reputation.',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for LLM behavior that may encourage illegal activity, breach contractual commitments, or violate intellectual property rights.',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description:
|
|
'Pre-compiled collections of test cases from research datasets designed to evaluate model safety, robustness, and alignment.',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Technical security risk tests mapped to OWASP Top 10 for LLMs, APIs, and web applications, covering SQL injection, SSRF, broken access control, and cross-session leaks.',
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests that attempt to produce illicit, graphic, or inappropriate responses from the LLM.',
|
|
},
|
|
{
|
|
category: 'Custom',
|
|
description:
|
|
'Configurable tests for specific policies or generating custom probes for your use case.',
|
|
},
|
|
];
|
|
|
|
export const humanReadableCategoryList =
|
|
PLUGIN_CATEGORIES.slice(0, -1).join(', ') + ', and ' + PLUGIN_CATEGORIES.slice(-1);
|
|
|
|
export type PluginCategory = (typeof PLUGIN_CATEGORIES)[number];
|
|
|
|
export interface ApplicationTypes {
|
|
agent: boolean;
|
|
chat: boolean;
|
|
rag: boolean;
|
|
}
|
|
|
|
export type VulnerabilityType =
|
|
| 'bias'
|
|
| 'criminal'
|
|
| 'custom'
|
|
| 'ecommerce'
|
|
| 'financial'
|
|
| 'harmful'
|
|
| 'insurance'
|
|
| 'medical'
|
|
| 'misinformation and misuse'
|
|
| 'pharmacy'
|
|
| 'privacy'
|
|
| 'realestate'
|
|
| 'security'
|
|
| 'telecom';
|
|
|
|
export interface Plugin {
|
|
applicationTypes: ApplicationTypes;
|
|
category: PluginCategory;
|
|
description: string;
|
|
label: string | null;
|
|
link: string;
|
|
name: string;
|
|
pluginId: string;
|
|
vulnerabilityType: VulnerabilityType;
|
|
isRemote?: boolean;
|
|
}
|
|
|
|
// Type utility at the top
|
|
type AssertArrayIsSorted<T extends readonly { pluginId: string }[]> = T extends readonly [
|
|
infer First extends { pluginId: string },
|
|
infer Second extends { pluginId: string },
|
|
...infer Rest extends { pluginId: string }[],
|
|
]
|
|
? First['pluginId'] extends `${string}${Second['pluginId']}${string}`
|
|
? 'Array is not sorted by pluginId'
|
|
: AssertArrayIsSorted<[Second, ...Rest]>
|
|
: unknown;
|
|
|
|
// Define array first, then assert type
|
|
export const PLUGINS = [
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests whether an agent is vulnerable to memory poisoning attacks',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/memory-poisoning/',
|
|
name: 'Memory Poisoning',
|
|
pluginId: 'agentic:memory-poisoning',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Attempts to obfuscate malicious content using ASCII smuggling',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/ascii-smuggling/',
|
|
name: 'ASCII Smuggling',
|
|
pluginId: 'ascii-smuggling',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Uses the BeaverTails prompt injection dataset',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/beavertails/',
|
|
name: 'BeaverTails',
|
|
pluginId: 'beavertails',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Broken Function Level Authorization (BFLA) tests',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/bfla/',
|
|
name: 'Privilege Escalation',
|
|
pluginId: 'bfla',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of age bias, stereotypes, and discrimination',
|
|
label: 'bias',
|
|
link: '/docs/red-team/plugins/bias/',
|
|
name: 'Age Bias',
|
|
pluginId: 'bias:age',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'bias',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of disability bias, stereotypes, and discrimination',
|
|
label: 'bias',
|
|
link: '/docs/red-team/plugins/bias/',
|
|
name: 'Disability Bias',
|
|
pluginId: 'bias:disability',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'bias',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of gender bias, stereotypes, and discrimination',
|
|
label: 'bias',
|
|
link: '/docs/red-team/plugins/bias/',
|
|
name: 'Gender Bias',
|
|
pluginId: 'bias:gender',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'bias',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of racial bias, stereotypes, and discrimination',
|
|
label: 'bias',
|
|
link: '/docs/red-team/plugins/bias/',
|
|
name: 'Race Bias',
|
|
pluginId: 'bias:race',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'bias',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Broken Object Level Authorization (BOLA) tests',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/bola/',
|
|
name: 'Unauthorized Data Access',
|
|
pluginId: 'bola',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Simulates Context Compliance Attacks to test whether an AI system can be tricked into generating restricted content using manipulated chat history.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/context-compliance-attack/',
|
|
name: 'CCA',
|
|
pluginId: 'cca',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent persists unsafe behavior by modifying repository automation, hooks, package scripts, or release tasks.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Automation Poisoning',
|
|
pluginId: 'coding-agent:automation-poisoning',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests coding agents against every supported coding-agent plugin, including prompt injection, terminal output injection, secret handling, sandbox boundaries, network egress, procfs credentials, delayed CI exfiltration, generated vulnerabilities, automation poisoning, steganographic exfiltration, and verifier sabotage risks.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Full Suite',
|
|
pluginId: 'coding-agent:all',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests coding agents against repository prompt injection, terminal output injection, secret environment read, sandbox read escape, and verifier sabotage risks.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Core',
|
|
pluginId: 'coding-agent:core',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent plants CI, workflow, hook, or scheduled automation changes that leak data after the immediate run.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Delayed CI Exfiltration',
|
|
pluginId: 'coding-agent:delayed-ci-exfil',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent introduces insecure code while satisfying a normal feature or bugfix request.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Generated Vulnerability',
|
|
pluginId: 'coding-agent:generated-vulnerability',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent makes unauthorized outbound network requests or bypasses the intended network policy.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Network Egress Bypass',
|
|
pluginId: 'coding-agent:network-egress-bypass',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent reads process metadata, inherited environment, file descriptors, or runtime credentials through procfs-like surfaces.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Procfs Credential Read',
|
|
pluginId: 'coding-agent:procfs-credential-read',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent follows prompt-injected instructions hidden in untrusted repository content.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Repo Prompt Injection',
|
|
pluginId: 'coding-agent:repo-prompt-injection',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent reads canaries outside the intended workspace or sandbox boundary.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Sandbox Read Escape',
|
|
pluginId: 'coding-agent:sandbox-read-escape',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent mutates files outside the intended workspace or sandbox boundary.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Sandbox Write Escape',
|
|
pluginId: 'coding-agent:sandbox-write-escape',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent reads or reveals launcher-only secrets from its environment.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Secret Env Read',
|
|
pluginId: 'coding-agent:secret-env-read',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent reads or reveals protected local files outside the task boundary.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Secret File Read',
|
|
pluginId: 'coding-agent:secret-file-read',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent hides sensitive data in encoded, transformed, or low-visibility outputs and artifacts.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Steganographic Exfiltration',
|
|
pluginId: 'coding-agent:steganographic-exfil',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent treats untrusted terminal output as instructions or propagates terminal-only receipts.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Terminal Output Injection',
|
|
pluginId: 'coding-agent:terminal-output-injection',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether a coding agent weakens protected tests, verifier scripts, snapshots, policies, or lockfiles instead of fixing the requested code.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/coding-agent/',
|
|
name: 'Coding Agent Verifier Sabotage',
|
|
pluginId: 'coding-agent:verifier-sabotage',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Competitor mentions and endorsements',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/competitors/',
|
|
name: 'Competitor Endorsement',
|
|
pluginId: 'competitors',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Enters business or legal commitments without supervision',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/contracts/',
|
|
name: 'Unsupervised Contracts',
|
|
pluginId: 'contracts',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: "Tests compliance with children's privacy regulations (COPPA)",
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/coppa/',
|
|
name: 'COPPA',
|
|
pluginId: 'coppa',
|
|
isRemote: true,
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Checks for information sharing between unrelated sessions',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/cross-session-leak/',
|
|
name: 'Cross-Session Leak',
|
|
pluginId: 'cross-session-leak',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Tests prompt injection attacks using the CyberSecEval dataset',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/cyberseceval/',
|
|
name: 'CyberSecEval',
|
|
pluginId: 'cyberseceval',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Tests prompt injection attacks using the Harmbench dataset',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/harmbench/',
|
|
name: 'Harmbench',
|
|
pluginId: 'harmbench',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Evaluates model safety responses using the NVIDIA Aegis dataset',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/aegis/',
|
|
name: 'Aegis',
|
|
pluginId: 'aegis',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests if an AI agent can be manipulated to exfiltrate sensitive data via indirect prompt injection in web content',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/data-exfil/',
|
|
name: 'Data Exfiltration',
|
|
pluginId: 'data-exfil',
|
|
applicationTypes: {
|
|
rag: false,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Attempts to access or use debugging commands',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/debug-access/',
|
|
name: 'Debug Access',
|
|
pluginId: 'debug-access',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether an AI system can be manipulated into revealing its training data through repetitive pattern exploitation.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/divergent-repetition/',
|
|
name: 'Divergent Repetition',
|
|
pluginId: 'divergent-repetition',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Tests how well LLMs handle harmful queries using the DoNotAnswer dataset',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/donotanswer/',
|
|
name: 'DoNotAnswer',
|
|
pluginId: 'donotanswer',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for bypassing age, geographic, and regulatory restrictions on e-commerce products',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/ecommerce/',
|
|
name: 'E-commerce Compliance Bypass',
|
|
pluginId: 'ecommerce:compliance-bypass',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'ecommerce',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests for order fraud, transaction manipulation, and return/refund policy abuse',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/ecommerce/',
|
|
name: 'E-commerce Order Fraud',
|
|
pluginId: 'ecommerce:order-fraud',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'ecommerce',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Tests for PCI DSS violations and payment card data exposure',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/ecommerce/',
|
|
name: 'E-commerce PCI DSS',
|
|
pluginId: 'ecommerce:pci-dss',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'ecommerce',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests for unauthorized pricing changes, discount abuse, and promotional policy violations',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/ecommerce/',
|
|
name: 'E-commerce Price Manipulation',
|
|
pluginId: 'ecommerce:price-manipulation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'ecommerce',
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Model taking excessive initiative or misunderstanding its capabilities',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/excessive-agency/',
|
|
name: 'Excessive Agency',
|
|
pluginId: 'excessive-agency',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Tests compliance with student educational privacy regulations (FERPA)',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/ferpa/',
|
|
name: 'FERPA',
|
|
pluginId: 'ferpa',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for errors in financial calculations, risk assessments, or quantitative analysis',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-calculation-error',
|
|
name: 'Financial Calculation Error',
|
|
pluginId: 'financial:calculation-error',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for suggestions that violate securities laws, enable insider trading, or circumvent regulations',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-compliance-violation',
|
|
name: 'Financial Compliance Violation',
|
|
pluginId: 'financial:compliance-violation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests for inappropriate disclosure of MNPI, proprietary strategies, or confidential financial data',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-confidential-disclosure',
|
|
name: 'Financial Confidential Disclosure',
|
|
pluginId: 'financial:confidential-disclosure',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Tests for false financial narratives or misleading market information',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-counterfactual',
|
|
name: 'Financial Counterfactual Narrative',
|
|
pluginId: 'financial:counterfactual',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests for exposure of proprietary trading strategies or confidential financial data',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-data-leakage',
|
|
name: 'Financial Data Leakage',
|
|
pluginId: 'financial:data-leakage',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Tests for false statements damaging financial entity reputations',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-defamation',
|
|
name: 'Financial Defamation',
|
|
pluginId: 'financial:defamation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description:
|
|
'Tests for fabricated market data, non-existent financial instruments, or fictional company information',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-hallucination',
|
|
name: 'Financial Hallucination',
|
|
pluginId: 'financial:hallucination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Tests for unauthorized financial advice or transaction facilitation',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-impartiality',
|
|
name: 'Financial Services Impartiality',
|
|
pluginId: 'financial:impartiality',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
"Tests for unsuitable financial product recommendations or downplaying of risks under Japan's FIEA",
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#japan-fiea-suitability',
|
|
name: 'Japan FIEA Suitability',
|
|
pluginId: 'financial:japan-fiea-suitability',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Tests for facilitation of financial crimes or market manipulation',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-misconduct',
|
|
name: 'Financial Services Misconduct',
|
|
pluginId: 'financial:misconduct',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for suggestions that violate Sarbanes-Oxley requirements including internal controls, financial reporting, and audit integrity',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-sox-compliance',
|
|
name: 'Financial SOX Compliance',
|
|
pluginId: 'financial:sox-compliance',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description:
|
|
'Tests for agreeing with risky investment strategies or validating get-rich-quick schemes',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/financial/#financial-sycophancy',
|
|
name: 'Financial Sycophancy',
|
|
pluginId: 'financial:sycophancy',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'financial',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description:
|
|
"Tests whether AI systems recognize when optimizing measurable proxy metrics might not align with true underlying objectives (Goodhart's Law)",
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/goal-misalignment/',
|
|
name: 'Goal Misalignment',
|
|
pluginId: 'goal-misalignment',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Model generating false or misleading information',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/hallucination/',
|
|
name: 'Hallucination',
|
|
pluginId: 'hallucination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to chemical or biological weapons',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Chemical & Biological Weapons',
|
|
pluginId: 'harmful:chemical-biological-weapons',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content exploiting or harming children',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Child Exploitation',
|
|
pluginId: 'harmful:child-exploitation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content violating copyright laws',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Copyright Violations',
|
|
pluginId: 'harmful:copyright-violations',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to cybercriminal activities',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Cybercrime',
|
|
pluginId: 'harmful:cybercrime',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests creation of malicious code',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Malicious Code',
|
|
pluginId: 'harmful:cybercrime:malicious-code',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Displaying graphic or violent content',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Graphic Content',
|
|
pluginId: 'harmful:graphic-content',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content that harasses or bullies individuals',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Harassment and Bullying',
|
|
pluginId: 'harmful:harassment-bullying',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content that promotes hate or discrimination',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Hate Speech',
|
|
pluginId: 'harmful:hate',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content promoting illegal activities',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Illegal Activities',
|
|
pluginId: 'harmful:illegal-activities',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to illegal drug use or trade',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Illegal Drugs',
|
|
pluginId: 'harmful:illegal-drugs',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of methamphetamine-related content',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Methamphetamine',
|
|
pluginId: 'harmful:illegal-drugs:meth',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to weapons without context',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Indiscriminate Weapons',
|
|
pluginId: 'harmful:indiscriminate-weapons',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content that insults or demeans individuals',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Insults',
|
|
pluginId: 'harmful:insults',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content violating intellectual property rights',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Intellectual Property Violation',
|
|
pluginId: 'harmful:intellectual-property',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Spreading false or misleading information',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Misinformation and Disinformation',
|
|
pluginId: 'harmful:misinformation-disinformation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to non-violent criminal activities',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Non-Violent Crime',
|
|
pluginId: 'harmful:non-violent-crime',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Content violating privacy rights',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Privacy Violation',
|
|
pluginId: 'harmful:privacy',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content containing profane or inappropriate language',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Profanity',
|
|
pluginId: 'harmful:profanity',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content that promotes radical or extremist views',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Radicalization',
|
|
pluginId: 'harmful:radicalization',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Content that encourages self-harm or suicide',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Self Harm',
|
|
pluginId: 'harmful:self-harm',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to sexual crimes',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Sex Crimes',
|
|
pluginId: 'harmful:sex-crime',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Explicit or inappropriate sexual content',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Sexual Content',
|
|
pluginId: 'harmful:sexual-content',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Providing advice in specialized fields without expertise',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Specialized Advice',
|
|
pluginId: 'harmful:specialized-advice',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content promoting unsafe or harmful practices',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Unsafe Practices',
|
|
pluginId: 'harmful:unsafe-practices',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to violent criminal activities',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'Violent Crime',
|
|
pluginId: 'harmful:violent-crime',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'criminal',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of Improvised Explosive Devices',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/harmful/',
|
|
name: 'IED',
|
|
pluginId: 'harmful:weapons:ied',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Unauthorized or off-topic resource use',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/hijacking/',
|
|
name: 'Hijacking',
|
|
pluginId: 'hijacking',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Imitates people, brands, or organizations',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/imitation/',
|
|
name: 'Imitation',
|
|
pluginId: 'imitation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests if the prompt is vulnerable to instructions injected into variables in the prompt',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/indirect-prompt-injection/',
|
|
name: 'Indirect Prompt Injection',
|
|
pluginId: 'indirect-prompt-injection',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Custom',
|
|
description: 'Probes the model with specific inputs',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/intent/',
|
|
name: 'Custom Prompts',
|
|
pluginId: 'intent',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'custom',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests for vulnerabilities to Model Context Protocol (MCP) attacks',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/mcp/',
|
|
name: 'Model Context Protocol',
|
|
pluginId: 'mcp',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests for medical anchoring bias where AI fixates on irrelevant information',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#medical-anchoring-bias',
|
|
name: 'Medical Anchoring Bias',
|
|
pluginId: 'medical:anchoring-bias',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests whether medical AI systems conceal intended-use boundaries, low-confidence outputs, subgroup limitations, data drift, or silent model-version updates',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#fda-ai-disclosure',
|
|
name: 'FDA AI Disclosure',
|
|
pluginId: 'medical:fda:ai-disclosure',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether medical-device AI systems enforce authenticated, role-scoped, deny-by-default access before privileged commands, maintenance actions, or therapy changes',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#fda-cyber-access-control',
|
|
name: 'FDA Cyber Access Control',
|
|
pluginId: 'medical:fda:cyber-access-control',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether medical-device AI systems help suppress anomaly alerts, rewrite audit trails, hide SBOM/version evidence, or disable forensic logging',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#fda-cyber-audit-tampering',
|
|
name: 'FDA Cyber Audit Tampering',
|
|
pluginId: 'medical:fda:cyber-audit-tampering',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests for fabricated medical facts, studies, or drug interactions',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#medical-hallucination',
|
|
name: 'Medical Hallucination',
|
|
pluginId: 'medical:hallucination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests for factually wrong medical information that could cause harm',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#medical-incorrect-knowledge',
|
|
name: 'Medical Incorrect Knowledge',
|
|
pluginId: 'medical:incorrect-knowledge',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests for inappropriate off-label medication recommendations without proper disclaimers',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#medical-off-label-use',
|
|
name: 'Medical Off-Label Use',
|
|
pluginId: 'medical:off-label-use',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests for poor medical prioritization and triage decisions',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#medical-prioritization-error',
|
|
name: 'Medical Prioritization Error',
|
|
pluginId: 'medical:prioritization-error',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests for agreeing with incorrect medical assumptions to be helpful',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/medical/#medical-sycophancy',
|
|
name: 'Medical Sycophancy',
|
|
pluginId: 'medical:sycophancy',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'medical',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests adherence to DEA regulations for controlled substance prescribing, dispensing, and monitoring',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/pharmacy/#controlled-substance-compliance',
|
|
name: 'Controlled Substance Compliance',
|
|
pluginId: 'pharmacy:controlled-substance-compliance',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'pharmacy',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests accuracy of pharmaceutical dosage calculations including weight-based dosing and renal adjustments',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/pharmacy/#dosage-calculation',
|
|
name: 'Dosage Calculation',
|
|
pluginId: 'pharmacy:dosage-calculation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'pharmacy',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests identification of dangerous drug-drug, drug-food, and drug-supplement interactions',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/pharmacy/#drug-interaction-detection',
|
|
name: 'Drug Interaction Detection',
|
|
pluginId: 'pharmacy:drug-interaction',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'pharmacy',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for discriminatory coverage decisions based on protected characteristics violating ADA, Section 1557, and GINA',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/insurance/#coverage-discrimination',
|
|
name: 'Coverage Discrimination',
|
|
pluginId: 'insurance:coverage-discrimination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'insurance',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether AI systems properly protect non-health policyholder data under GLBA, FCRA, DPPA, and state insurance privacy laws',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/insurance/#data-disclosure',
|
|
name: 'Data Disclosure',
|
|
pluginId: 'insurance:data-disclosure',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'insurance',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests accuracy of provider network information to prevent surprise medical bills and balance billing',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/insurance/#network-misinformation',
|
|
name: 'Network Misinformation',
|
|
pluginId: 'insurance:network-misinformation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'insurance',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether AI systems properly protect Protected Health Information (PHI) and satisfy health data privacy requirements',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/insurance/#phi-disclosure',
|
|
name: 'PHI Disclosure',
|
|
pluginId: 'insurance:phi-disclosure',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'insurance',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description:
|
|
'Tests whether AI systems can be manipulated to go off-topic from their intended purpose',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/off-topic/',
|
|
name: 'Off-Topic Manipulation',
|
|
pluginId: 'off-topic',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Model susceptible to relying on an incorrect user assumption or input',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/overreliance/',
|
|
name: 'Overreliance',
|
|
pluginId: 'overreliance',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'PII exposed through API or database',
|
|
label: 'pii',
|
|
link: '/docs/red-team/plugins/pii/',
|
|
name: 'PII in API/Database',
|
|
pluginId: 'pii:api-db',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Direct exposure of PII',
|
|
label: 'pii',
|
|
link: '/docs/red-team/plugins/pii/',
|
|
name: 'Direct PII Exposure',
|
|
pluginId: 'pii:direct',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'PII exposed in session data',
|
|
label: 'pii',
|
|
link: '/docs/red-team/plugins/pii/',
|
|
name: 'PII in Session Data',
|
|
pluginId: 'pii:session',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'PII exposed through social engineering',
|
|
label: 'pii',
|
|
link: '/docs/red-team/plugins/pii/',
|
|
name: 'PII via Social Engineering',
|
|
pluginId: 'pii:social',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'privacy',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description:
|
|
'Tests LLM systems using a curated collection of prompts from https://github.com/elder-plinius/L1B3RT4S',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/pliny/',
|
|
name: 'Pliny',
|
|
pluginId: 'pliny',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Custom',
|
|
description: 'Generates adversarial probes to test a custom configured policy',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/policy/',
|
|
name: 'Custom Policy',
|
|
pluginId: 'policy',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'custom',
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Makes political statements',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/politics/',
|
|
name: 'Political Opinions',
|
|
pluginId: 'politics',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Attempts to get the model to reveal its system prompt',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/prompt-extraction/',
|
|
name: 'Prompt Extraction',
|
|
pluginId: 'prompt-extraction',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Content related to RAG Document Exfiltration',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/rag-document-exfiltration',
|
|
name: 'RAG Document Exfiltration',
|
|
pluginId: 'rag-document-exfiltration',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests resistance against poisoning attacks on RAG retrieval systems',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/rag-poisoning/',
|
|
name: 'RAG Poisoning',
|
|
pluginId: 'rag-poisoning',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
"Tests whether RAG systems fabricate document citations, policy references, or source attributions that don't exist in the knowledge base",
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/rag-source-attribution/',
|
|
name: 'RAG Source Attribution',
|
|
pluginId: 'rag-source-attribution',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests whether the model properly implements Role-Based Access Control (RBAC)',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/rbac/',
|
|
name: 'RBAC Enforcement',
|
|
pluginId: 'rbac',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests for vulnerability to computational resource exhaustion through excessive reasoning patterns. Applicable to reasoning models.',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/reasoning-dos/',
|
|
name: 'Reasoning DoS',
|
|
pluginId: 'reasoning-dos',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for violations of Fair Housing Act disability protections and ADA requirements in housing',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#accessibility-discrimination',
|
|
name: 'Accessibility Discrimination',
|
|
pluginId: 'realestate:accessibility-discrimination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for Fair Housing Act violations in housing advertisements including discriminatory targeting',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#advertising-discrimination',
|
|
name: 'Advertising Discrimination',
|
|
pluginId: 'realestate:advertising-discrimination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests whether AI systems generate or assist with discriminatory property listings violating FHA',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#discriminatory-listings',
|
|
name: 'Discriminatory Listings',
|
|
pluginId: 'realestate:discriminatory-listings',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests whether AI systems treat protected classes differently or make discriminatory housing recommendations',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#fair-housing-discrimination',
|
|
name: 'Fair Housing Discrimination',
|
|
pluginId: 'realestate:fair-housing-discrimination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for ECOA and Fair Housing Act violations in mortgage lending including redlining',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#lending-discrimination',
|
|
name: 'Lending Discrimination',
|
|
pluginId: 'realestate:lending-discrimination',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for discrimination based on lawful income sources including Section 8 vouchers',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#source-of-income-discrimination',
|
|
name: 'Source of Income Discrimination',
|
|
pluginId: 'realestate:source-of-income',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for illegal steering practices directing buyers based on protected class characteristics',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/realestate/#steering',
|
|
name: 'Steering',
|
|
pluginId: 'realestate:steering',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests for algorithmic bias in property appraisals and automated valuation models',
|
|
label: 'bias',
|
|
link: '/docs/red-team/plugins/realestate/#valuation-bias',
|
|
name: 'Valuation Bias',
|
|
pluginId: 'realestate:valuation-bias',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'realestate',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description: 'Tests handling of religious content and bias',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/religion/',
|
|
name: 'Religious Sensitivity',
|
|
pluginId: 'religion',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Attempts to execute shell commands through the model',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/shell-injection/',
|
|
name: 'Shell Injection',
|
|
pluginId: 'shell-injection',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests for special token injection vulnerabilities using conversation format delimiters',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/special-token-injection/',
|
|
name: 'Special Token Injection',
|
|
pluginId: 'special-token-injection',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Attempts to perform SQL injection attacks to manipulate database queries',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/sql-injection/',
|
|
name: 'SQL Injection',
|
|
pluginId: 'sql-injection',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Server-Side Request Forgery (SSRF) tests',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/ssrf/',
|
|
name: 'Malicious Resource Fetching',
|
|
pluginId: 'ssrf',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests if an AI system can be manipulated to ignore or override its original system prompt',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/system-prompt-override',
|
|
name: 'System Prompt Override',
|
|
pluginId: 'system-prompt-override',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: false,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests for encouragement, sourcing, or circumvention tactics that help minors access age-restricted goods or services such as alcohol, vaping, gambling, weapons, or adult-only venues',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/teen-safety/#age-restricted-goods-and-services',
|
|
name: 'Age-Restricted Goods & Services',
|
|
pluginId: 'teen-safety:age-restricted-goods-and-services',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests for promotion, glorification, or facilitation of dangerous challenges, unsafe stunts, risky experimentation, and dangerous at-home procedures inappropriate for teens',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/teen-safety/#dangerous-content',
|
|
name: 'Dangerous Activities & Challenges',
|
|
pluginId: 'teen-safety:dangerous-content',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests for interactive roleplay involving minors that simulates romantic, sexual, or violent scenarios that could normalize exploitation or harm',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/teen-safety/#dangerous-roleplay',
|
|
name: 'Dangerous Roleplay',
|
|
pluginId: 'teen-safety:dangerous-roleplay',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests for harmful body-ideal promotion, body shaming, and facilitation of unsafe restriction, purging, over-exercise, or concealment behaviors that can harm teens',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/teen-safety/#harmful-body-ideals',
|
|
name: 'Harmful Body Ideals',
|
|
pluginId: 'teen-safety:harmful-body-ideals',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests compliance with accessibility requirements under Section 255, ADA, and CVAA',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#accessibility-violation',
|
|
name: 'Accessibility Violation',
|
|
pluginId: 'telecom:accessibility-violation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests vulnerability to SIM swap attacks, authentication bypass, and account hijacking',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/telecom/#account-takeover-prevention',
|
|
name: 'Account Takeover',
|
|
pluginId: 'telecom:account-takeover',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests accuracy of billing information and fee disclosure per FCC Truth-in-Billing',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#billing-misinformation',
|
|
name: 'Billing Misinformation',
|
|
pluginId: 'telecom:billing-misinformation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests accuracy of network coverage claims, 5G availability, and roaming information',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#coverage-misinformation',
|
|
name: 'Coverage Misinformation',
|
|
pluginId: 'telecom:coverage-misinformation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests protection of Customer Proprietary Network Information (CPNI) per FCC 47 U.S.C. Section 222',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/telecom/#cpni-disclosure',
|
|
name: 'CPNI Disclosure',
|
|
pluginId: 'telecom:cpni-disclosure',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests accuracy of E911 information including location accuracy and VoIP limitations',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#e911-misinformation',
|
|
name: 'E911 Misinformation',
|
|
pluginId: 'telecom:e911-misinformation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether AI can be manipulated to assist with telecom-specific fraud schemes',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/telecom/#fraud-enablement',
|
|
name: 'Fraud Enablement',
|
|
pluginId: 'telecom:fraud-enablement',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests proper handling of law enforcement data requests per CALEA, ECPA, and privacy law requirements',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#law-enforcement-request-handling',
|
|
name: 'Law Enforcement Request Handling',
|
|
pluginId: 'telecom:law-enforcement-request-handling',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Security and Access Control',
|
|
description: 'Tests protection of customer location data from cell tower or GPS information',
|
|
label: 'security',
|
|
link: '/docs/red-team/plugins/telecom/#location-data-disclosure',
|
|
name: 'Location Data Disclosure',
|
|
pluginId: 'telecom:location-disclosure',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests accuracy of number portability information and protection against unauthorized port-outs',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#porting-misinformation',
|
|
name: 'Porting Misinformation',
|
|
pluginId: 'telecom:porting-misinformation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description: 'Tests compliance with TCPA including consent requirements and Do Not Call list',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#tcpa-violation',
|
|
name: 'TCPA Violation',
|
|
pluginId: 'telecom:tcpa-violation',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Compliance and Legal',
|
|
description:
|
|
'Tests for slamming (unauthorized carrier switches) and cramming (unauthorized charges) vulnerabilities',
|
|
label: 'compliance',
|
|
link: '/docs/red-team/plugins/telecom/#unauthorized-changes-slammingcramming',
|
|
name: 'Unauthorized Changes (Slamming/Cramming)',
|
|
pluginId: 'telecom:unauthorized-changes',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'telecom',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
applicationTypes: {
|
|
agent: true,
|
|
chat: true,
|
|
rag: true,
|
|
},
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests whether an AI system can be tricked into revealing its underlying model identity, version, or creator',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/model-identification/',
|
|
name: 'Model Identification',
|
|
pluginId: 'model-identification',
|
|
isRemote: true,
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
applicationTypes: {
|
|
agent: true,
|
|
chat: true,
|
|
rag: true,
|
|
},
|
|
category: 'Security and Access Control',
|
|
description:
|
|
'Tests if an AI system reveals the list of tools, functions, or API calls it has access to',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/tool-discovery/',
|
|
name: 'Tool Discovery',
|
|
pluginId: 'tool-discovery',
|
|
vulnerabilityType: 'security',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Tests handling of toxic user prompts from the ToxicChat dataset',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/toxic-chat/',
|
|
name: 'ToxicChat',
|
|
pluginId: 'toxic-chat',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Brand',
|
|
description: 'Tests whether AI systems make claims that cannot be verified even in principle',
|
|
label: 'brand',
|
|
link: '/docs/red-team/plugins/unverifiable-claims/',
|
|
name: 'Unverifiable Claims',
|
|
pluginId: 'unverifiable-claims',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'misinformation and misuse',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Tests handling of unsafe image content through multi-modal model evaluation',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/unsafebench/',
|
|
name: 'UnsafeBench',
|
|
pluginId: 'unsafebench',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description: 'Tests handling of potentially unsafe image content using the VLGuard dataset',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/vlguard/',
|
|
name: 'VLGuard',
|
|
pluginId: 'vlguard',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description:
|
|
'Tests compositional safety where individually safe images and text combine to produce harmful outputs',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/vlsu/',
|
|
name: 'VLSU',
|
|
pluginId: 'vlsu',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
},
|
|
{
|
|
category: 'Trust and Safety',
|
|
description:
|
|
'Tests whether AI systems can be tricked into generating profanity through innocent-seeming wordplay',
|
|
label: 'harmful',
|
|
link: '/docs/red-team/plugins/wordplay/',
|
|
name: 'Wordplay',
|
|
pluginId: 'wordplay',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'harmful',
|
|
isRemote: true,
|
|
},
|
|
{
|
|
category: 'Dataset',
|
|
description:
|
|
'Tests how well LLMs handle ambiguous words (homonyms) that can have both harmful and benign interpretations',
|
|
label: 'technical',
|
|
link: '/docs/red-team/plugins/xstest/',
|
|
name: 'XSTest',
|
|
pluginId: 'xstest',
|
|
applicationTypes: {
|
|
rag: true,
|
|
agent: true,
|
|
chat: true,
|
|
},
|
|
vulnerabilityType: 'security',
|
|
},
|
|
] as const as readonly Plugin[];
|
|
|
|
// Compile-time check
|
|
type _CheckSort = typeof PLUGINS extends AssertArrayIsSorted<typeof PLUGINS> ? true : false;
|
|
// Runtime check in development
|
|
if (process.env.NODE_ENV === 'development') {
|
|
const sorted = [...PLUGINS].sort((a, b) => a.pluginId.localeCompare(b.pluginId));
|
|
for (let i = 0; i < PLUGINS.length; i++) {
|
|
if (PLUGINS[i].pluginId !== sorted[i].pluginId) {
|
|
console.error(
|
|
`PLUGINS array is not sorted correctly at index ${i}. Expected "${sorted[i].pluginId}" but found "${PLUGINS[i].pluginId}"`,
|
|
);
|
|
}
|
|
}
|
|
}
|