attacks

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 2, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package attacks provides the shared AttackModule interface and a global Registry for all attack modules. Each attack module self-registers via init() so that importing the module automatically makes it available.

Example registration in a module:

func init() {
    attacks.DefaultRegistry.Register(&MyAttackModule{})
}

Index

Constants

This section is empty.

Variables

View Source
var DefaultRegistry = NewRegistry()

DefaultRegistry is the global registry that modules register with via init().

Functions

This section is empty.

Types

type AttackModule

type AttackModule interface {
	// Name returns a unique identifier for this module (e.g., "crescendo", "many_shot").
	Name() string

	// Category returns the attack category (e.g., CategoryInjection, CategoryReasoning).
	Category() common.AttackCategory

	// Description returns a human-readable description of what this module does.
	Description() string

	// Techniques returns the list of techniques this module provides.
	Techniques() []common.TechniqueInfo

	// Execute runs the attack with the given configuration and provider.
	Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)
}

AttackModule is the interface that all attack modules must implement. Modules self-register with the global DefaultRegistry via init().

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

Registry manages registration and lookup of AttackModules.

func NewRegistry

func NewRegistry() *Registry

NewRegistry creates a new empty Registry.

func (*Registry) Categories

func (r *Registry) Categories() []common.AttackCategory

Categories returns all distinct categories across registered modules.

func (*Registry) Count

func (r *Registry) Count() int

Count returns the number of registered modules.

func (*Registry) Get

func (r *Registry) Get(name string) (AttackModule, error)

Get returns a module by name, or an error if not found.

func (*Registry) List

func (r *Registry) List() []AttackModule

List returns all registered modules.

func (*Registry) ListByCategory

func (r *Registry) ListByCategory(category common.AttackCategory) []AttackModule

ListByCategory returns all modules matching the given category.

func (*Registry) Names

func (r *Registry) Names() []string

Names returns the names of all registered modules.

func (*Registry) Register

func (r *Registry) Register(module AttackModule)

Register adds a module to the registry. Panics if a module with the same name is already registered (catches duplicate init() registrations at startup).

Directories

Path Synopsis
CaMeL Bypass targets the CaMeL capability-based access control defense, which achieves 67% attack neutralization.
CaMeL Bypass targets the CaMeL capability-based access control defense, which achieves 67% attack neutralization.
agentic
browser
Document Injection targets AI browsers that read shared documents (Google Docs, PDFs, etc.) by embedding instructions within them.
Document Injection targets AI browsers that read shared documents (Google Docs, PDFs, etc.) by embedding instructions within them.
deception
Package deception implements attacks testing for deceptive agent behavior, including alignment faking, covert goal pursuit, and multi-agent collusion.
Package deception implements attacks testing for deceptive agent behavior, including alignment faking, covert goal pursuit, and multi-agent collusion.
mcp
Filesystem Escape tests MCP filesystem/git sandbox escape vectors.
Filesystem Escape tests MCP filesystem/git sandbox escape vectors.
multi_agent
Package multi_agent implements attacks targeting LLM-controlling-LLM architectures where orchestrator agents delegate tasks to sub-agents with varying privilege levels.
Package multi_agent implements attacks targeting LLM-controlling-LLM architectures where orchestrator agents delegate tasks to sub-agents with varying privilege levels.
persistence
Package persistence implements attacks that establish persistent footholds in agent systems through configuration modification, credential harvesting, and multi-step exploitation chains.
Package persistence implements attacks that establish persistent footholds in agent systems through configuration modification, credential harvesting, and multi-step exploitation chains.
skill_injection
Package skill_injection implements attacks targeting agent skill/plugin marketplaces and loading mechanisms.
Package skill_injection implements attacks targeting agent skill/plugin marketplaces and loading mechanisms.
tool_use
AgentExploitation implements attacks against AI coding editor agents using the AIShellJack pattern: 75-88% execution rate, 71.5% privilege escalation.
AgentExploitation implements attacks against AI coding editor agents using the AIShellJack pattern: 75-88% execution rate, 71.5% privilege escalation.
Package audio implements attacks targeting audio-language models.
Package audio implements attacks targeting audio-language models.
Package common provides shared types and utilities for all attack modules.
Package common provides shared types and utilities for all attack modules.
Best-of-N (BoN) implements statistical sampling with payload augmentation.
Best-of-N (BoN) implements statistical sampling with payload augmentation.
Package integration runs cross-family smoke tests for v0.9.0 attack modules.
Package integration runs cross-family smoke tests for v0.9.0 attack modules.
Package memory implements the v0.9.0 memory-poisoning attack module.
Package memory implements the v0.9.0 memory-poisoning attack module.
SIVA — Split-Image Visual Adversarial attack module (arXiv 2602.08136).
SIVA — Split-Image Visual Adversarial attack module (arXiv 2602.08136).
Bad Likert Judge exploits LLM evaluation capabilities via Likert scale scoring.
Bad Likert Judge exploits LLM evaluation capabilities via Likert scale scoring.
Indirect RAG Injection embeds instructions in publicly accessible documents that are ingested by RAG scrapers, achieving indirect prompt injection through the retrieval pipeline.
Indirect RAG Injection embeds instructions in publicly accessible documents that are ingested by RAG scrapers, achieving indirect prompt injection through the retrieval pipeline.
Package reasoning implements attacks targeting reasoning-capable LLMs.
Package reasoning implements attacks targeting reasoning-capable LLMs.
Package testutil provides shared test helpers for attack module tests.
Package testutil provides shared test helpers for attack module tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL