| I've been doing AI red teaming for the past year and kept running into the same problem: there's no comprehensive catalog of how AI systems actually get broken. So I built one. 122 distinct attack techniques across 11 categories, mapped to OWASP LLM Top 10 and MITRE ATLAS. Categories:
- Prompt Injection (20 attacks)
- Jailbreaks (22)
- System Prompt Leakage (12)
- Vision/Multimodal (12)
- Excessive Agency / Tool Abuse (12)
- Multi-Turn Manipulation (8)
- Sensitive Info Disclosure (10)
- Supply Chain (8)
- Vector/Embedding Attacks (8)
- Improper Output Handling (8)
- Unbounded Consumption (2) What's included: IDs, names, descriptions, severity ratings, framework mappings, remediation guidance, code examples. What's NOT included: actual payloads, detection logic, model-specific success rates. This is a taxonomy, not an exploit database. The goal is to give security teams a checklist and common language for AI security assessments. Apache 2.0 licensed. PRs welcome for new techniques, framework mappings (NIST, ISO, etc.), and remediation improvements. https://github.com/tachyonicai/tachyonic-heuristics |