The ultimate open-source framework for AI Security, LLM Pentesting, and Adversarial Machine Learning. Curated by Mr-Infect, this repository is the definitive guide to mastering the OWASP LLM Top 10 and securing agentic AI architectures.
In the era of Generative AI, traditional cybersecurity frameworks are being redefined. This repository, maintained by Mr-Infect, provides an industry-leading AI Pentesting Methodology designed to identify, exploit, and mitigate vulnerabilities in Large Language Models (LLMs), Autonomous AI Agents, and RAG (Retrieval-Augmented Generation) systems.
As AI Red Teaming becomes a critical requirement for enterprise security, this knowledge base serves as an "absolute" reference for Adversarial Machine Learning techniques, covering everything from Attention Hijacking to Greedy Coordinate Gradient (GCG) attacks.
- Advanced LLM Security Audit: Master the OWASP LLM Top 10 (2025/2026) with detailed exploit scenarios.
- Adversarial Machine Learning: Deep dives into Model Inversion, Logit Analysis, and Embedding Hijacking.
- Agentic AI Exploitation: Securing the next generation of AI agents against Goal Hijacking and Session Smuggling.
- RAG Security Framework: Practical guides for protecting vector databases and retrieval pipelines from Context Poisoning.
- AI Vulnerability Research: Cutting-edge research on Multimodal Jailbreaks and Automated Fuzzing.
| Module | Technical Focus | Key Research Files |
|---|---|---|
| 00_Fundamentals | AI Attack Surface Mapping | Transformer Security, Threat Modeling, Glossary |
| 01_OWASP_LLM_TOP10 | LLM Vulnerability Standards | Prompt Injection, Data Poisoning, Excessive Agency |
| 02_Layered_Testing | Architectural AI Security | RAG Layer Security, Agentic Security |
| 03_Attack_Techniques | LLM Exploitation & Jailbreaking | Adversarial Inputs, Tool Abuse |
| 04_Benchmarks | AI Security Metrics & Scoring | Resilience Scoring, AI Maturity Model |
| 05_Testing_Checklists | AI Security Auditing | Quick Pentest Checklist, Deep Security Assessment |
| 06_Case_Studies | Real-world AI Exploits | RAG Hijacking, Agent Takeover |
| 07_Advanced_Research | Cutting-edge Adversarial ML | Attention Hijacking, Logit Extraction |
- AI Security Researchers: For deep-dives into Transformer-level vulnerabilities.
- Red Teamers: For practical LLM Jailbreaking and Agent Exploitation techniques.
- AI Engineers: For implementing Defense-in-Depth and Grounding strategies.
- Cybersecurity Consultants: For conducting comprehensive AI Security Audits.
This methodology includes standardized AI Security Metrics to quantify model robustness. Use our Scoring Metrics to evaluate your AI's resistance to Prompt Injection, Data Leakage, and Adversarial Noise.
Contributions to the Mr-Infect AI Pentesting Methodology are welcome! Help us stay at the forefront of AI Security Research by submitting PRs for new attack vectors or defensive guardrails.
Maintained by Mr-Infect. Stay Secure in the Age of AI.
Keywords: AI Pentesting, LLM Security, Adversarial ML, Prompt Injection, OWASP LLM Top 10, AI Red Teaming, RAG Security, AI Agent Exploitation, Machine Learning Security, Mr-Infect.