Ch 1 — AI Security Landscape — Under the Hood

OWASP Top 10 deep dive, MITRE ATLAS taxonomy, threat modeling, and the AI kill chain
Index← High Level
Under the Hood
-
Click play or press Space to begin...
Step- / 10
AOWASP Top 10 for LLM Applications 2025Released Nov 18, 2024
1
edit_note
LLM01Prompt
Injection
visibility_off
LLM02Sensitive Info
Disclosure
inventory_2
LLM03Supply
Chain
2
science
LLM04Data & Model
Poisoning
output
LLM05Improper
Output
3
arrow_downward LLM06–LLM10: Agency, Leakage, Vectors, Misinfo, Cost
BOWASP LLM06–LLM10Agency, leakage, vectors, misinformation, consumption
precision_manufacturing
LLM06Excessive
Agency
lock_open
LLM07System Prompt
Leakage
database
LLM08Vector & Embed
Weaknesses
report
LLM09Mis-
information
speed
LLM10Unbounded
Consumption
4
arrow_downward MITRE ATLAS: The ATT&CK for AI
CMITRE ATLAS Taxonomy15 tactics · 66 techniques · 33 case studies
explore
ReconnaissanceGather info
about AI system
5
build
Resource DevBuild adversarial
tools & data
login
Initial AccessGain entry to
AI pipeline
6
pest_control
ML AttackEvasion, poisoning
or extraction
crisis_alert
ImpactData theft,
manipulation
7
arrow_downward Mapping ATLAS to real-world case studies
DATLAS Case Studies & AI Incident DatabaseDocumented real-world attacks
bug_report
ShadowRayRay Jobs API
exploitation
mail
Morris II WormGenAI email
worm attack
8
package_2
PickleRATHuggingFace
supply chain
link
ClinejectionAI bot npm
compromise
9
arrow_downward Defensive frameworks & standards
EDefensive FrameworksNIST AI RMF · EU AI Act · ISO 42001
account_balance
NIST AI RMFGovern, Map
Measure, Manage
gavel
EU AI Act4-tier risk
classification
verified
ISO 42001Certifiable AI
management
10
shield
Defense StackGuardrails + Red
Team + Monitor