AI Security Frameworks.
Operational guides for the frameworks regulators, auditors, and enterprise buyers actually reference. Mapped to AI Posture Check questions.
The defining LLM-application security catalog.
Prompt Injection (LLM01)
An attacker manipulates an LLM through crafted inputs that override instructions, exfiltrate context, or trigger unintended actions. Direct prompt injection comes through user input. Indirect prompt injection comes through retrieved or referenced content (web pages, documents, emails) that the LLM processes as part of normal operation.
Read the guideSensitive Information Disclosure (LLM02)
An LLM reveals sensitive data through output. The data may come from training data, fine-tuning data, the system prompt, retrieved context (RAG), or other tenants if isolation fails.
Read the guideSupply Chain (LLM03)
Vulnerabilities or compromises in upstream training data, pre-trained models, third-party datasets, model marketplaces, or fine-tuning services that affect the security of the deployed system.
Read the guideData and Model Poisoning (LLM04)
An attacker injects malicious data into training, fine-tuning, or RAG-corpus content to alter model behavior in their favor — often subtly, often persistently.
Read the guideImproper Output Handling (LLM05)
Downstream systems trust LLM output and execute it without validation, leading to traditional injection vulnerabilities (XSS, SQL injection, command execution) being introduced through LLM-generated payloads.
Read the guideExcessive Agency (LLM06)
An LLM-based agent has more permissions, more tool access, or more autonomy than its task requires. Compromise via prompt injection then leverages that excessive privilege to do damage.
Read the guideSystem Prompt Leakage (LLM07)
An attacker extracts the system prompt or other privileged context from an LLM. The prompt may contain business logic, internal documentation, or even credentials.
Read the guideVector and Embedding Weaknesses (LLM08)
Risks specific to vector databases, embedding models, and RAG architectures. Includes embedding inversion (recovering source text from embeddings), unauthorized retrieval, and corpus poisoning.
Read the guideMisinformation (LLM09)
An LLM generates incorrect or misleading content that the user trusts and acts on. Hallucination is the obvious case; sycophancy and manipulated outputs are subtler. Misinformation becomes a security risk when it leads to operational decisions, legal advice, or downstream automation that depends on accuracy.
Read the guideUnbounded Consumption (LLM10)
An LLM service is consumed in ways that drive cost, latency, or availability problems. Includes denial-of-wallet attacks, resource exhaustion, and model-extraction-style heavy querying.
Read the guideNIST AI RMF, ISO 42001, EU AI Act, and MITRE ATLAS.
NIST AI RMF in Operation
The NIST AI Risk Management Framework (AI RMF 1.0, published January 2023) defines four core functions for AI risk: Govern, Map, Measure, Manage. AI RMF is voluntary in the US but increasingly cited by federal agencies, state regulators, and contracts.
Read the guideISO 42001 in Practice
ISO/IEC 42001:2023 specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. It is certifiable. Enterprise buyers in regulated sectors increasingly request ISO 42001 certification or equivalent evidence from AI vendors.
Read the guideThe EU AI Act in Practice
Regulation (EU) 2024/1689, the EU's harmonized rules on artificial intelligence. Classifies AI systems as prohibited, high-risk, limited-risk, or minimal-risk and imposes obligations proportionate to the tier.
Read the guideMITRE ATLAS for AI Defenders
MITRE ATLAS (Adversarial Threat Landscape for AI Systems) is a knowledge base of tactics, techniques, and case studies for adversarial machine learning. Modeled on MITRE ATT&CK. Used by defenders to model AI-specific threats.
Read the guideReady to find out where you actually stand?
Free, 10 minutes, instant in-browser results. No email required.
Take the AI Posture Check