Labs
AI Security Range
AI Security Labs
A productized lab surface for scenario-based validation, evidence capture, and replay-ready reporting.
Turn lab work into a usable product: scenario libraries, tool matrices, evidence bundles, control maps, and a flagship attack-range dashboard.
Lab workbench
Open modules
Atlassian Threat Canvas
AI threat modeling for Jira + Confluence — Jira-ready remediation and evidence
AI Trust Scanner
Public trust intelligence and ATG scorecard
AI Control Crosswalk
OWASP, NIST, ISO/AIMS, ATLAS, and scorecard bridges
LLM Attack Range
Scenario execution, attack-pack coverage, and control-evidence readiness
Prompt Security Reviewer
Deterministic prompt policy review and KB corpus scanner — no LLM calls
SecEng RAG Test Harness Analyzer
Paste RAG pipeline JSON — detects authorization gaps, tenant isolation failures, and over-retrieval
Agent Tool Permission Analyzer
Analyze agent tool configs for broad scopes, missing approval gates, and unsafe side effects
Output Handling Safety Tester
Test model output for unsafe HTML, Markdown injection, dangerous tool calls, and leakage
Prompt Injection Harness
12 structured attack probes across 10 categories — record outcomes and export evidence
Scenarios
157
Tool adapters
8
Modules
16
ATLAS techniques
15+
What ships here
Curated lab catalog, range snapshot, public metrics, scenario rows, chart exports, and a clear boundary that the executable runtime remains upstream.
Lab modules
The labs are organized as a product, not a stash of experiments.
Prompt Injection and RAG Security Lab
Direct and indirect prompt injection, retrieval poisoning, context leakage, source attribution, access control, and evidence capture.
18 prompt-injection scenarios and 12 RAG-poisoning scenarios in the upstream catalog.
Agent Security Control Lab
Tool-call authorization, sandboxing, approval gates, telemetry, rollback, audit trails, and blast-radius management.
15 excessive-agency scenarios, 8 agent-abuse scenarios, and delegated-authority coverage.
Governance Evidence Lab
Map NIST AI RMF, ISO 42001, OWASP LLM Top 10, MITRE ATLAS, and internal AI policy to engineering artifacts.
Governance-bypass, supply-chain, and evidence-capture signals are represented across the upstream package.
AI Control Crosswalk
Unified framework navigation across OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, and ISO 42001 — with directional cross-framework mappings, evidence prompts, and scorecard bridges.
Cross-framework graph with directional mappings, confidence scores, and public-safe evidence links across 4 frameworks.
AI Trust Scanner
Public website trust intelligence for AI claims, legal clarity, security trust, governance evidence, and cross-page consistency.
ATG public scorecard contract, five public dimensions, required caveats, and a Savvy runtime boundary.
Model Supply Chain Security Lab
Model provenance, registry controls, artifact integrity, model signing, weights protection, and deployment gates.
10 supply-chain scenarios plus model-integrity and sandbox-escape coverage.
Scorecard Launch Surface
Launch into the public AI Security Scorecard and the organizational AIPSA scorecard when you need the maturity model.
Framework-backed remediation guidance and public-safe scorecard navigation.
Hiring Calibration Lab
Decompose AI security roles, rewrite job descriptions, build interview loops, and design practical skills validation.
Backed by the report’s role-architecture work and the public labs roadmap.
Job Navigator
Career onboarding, role targeting, and live AI Security Engineering hiring-signal navigation in one Labs surface.
Thousands of job descriptions indexed and mapped to AI security archetypes, with local profile calibration for candidate navigation.
NIST NICE Cyber Workforce Role Explorer
Standardized workforce framework explorer for AI Security Engineering roles, KSAs, and task-based benchmarks.
Mapped to SP 800-181 (NIST NICE) with custom AI security extensions.
LLM Attack Range
Scenario execution, generation/media abuse tracking, and control-evidence readiness in one dedicated product surface.
The flagship product boundary with curated snapshots and public JSON endpoints.
Prompt Security Reviewer
Deterministic prompt policy review across 15 rules: injection resistance, identity anchoring, output handling, secret detection, and RAG context isolation. Includes KB/corpus scanner.
15 deterministic rules, 9-detector secret scanner, corpus scan over arbitrary document sets — no LLM calls.
RAG Security Analyzer
Paste a RAG pipeline JSON config and get instant findings across authorization gaps, tenant isolation failures, over-retrieval, document provenance, and sensitive context exposure.
10 rules covering OWASP LLM03 and LLM06 — authorization, tenant isolation, provenance, retrieval scope, and poisoning risks.
Agent Tool Permission Analyzer
Analyze agent tool configurations for overly broad scopes, missing human-approval gates, unsafe side effects, ambiguous tool descriptions, and privilege escalation paths.
Rules mapped to OWASP LLM06 (Excessive Agency) — write_broad, admin scopes, external transfers, code execution, and identity anchoring gaps.
Output Handling Safety Tester
Paste model output, select the sink type (HTML, Markdown, JSON, tool call, email, DB, code), and get deterministic safety analysis across injection, leakage, and side-effect risks.
8 sink types, 15 output rules mapped to OWASP LLM05 — script tags, event handlers, unsafe links, command fields, and hidden context leakage.
Prompt Injection Test Harness
A structured library of 12 attack probes across 10 categories. Record blocked/detected/degraded/passed outcomes per probe and export a full evidence session as JSON or Markdown.
12 probes: direct/indirect injection, system prompt exfiltration, role confusion, policy bypass, tool misuse, data exfiltration, multilingual and encoding bypasses, Markdown injection, multi-turn setup.
Public trust product
AI Trust Scanner
Public website trust intelligence for AI companies, security buyers, and governance teams.
Dimensions
6
Public surface, AI language, legal clarity, security trust, and consistency.
Artifacts
8
Trust center, legal, contracts, methodology, report, and contact signals.
Caveat
1
Required public-signal caveat wherever score outputs appear.
Use case
Customer trust readiness
Evaluate whether public trust artifacts support enterprise buyer review.
Use case
AI claim-readiness
Review public AI security and governance claims before they become sales copy.
Use case
Vendor trust triage
Create directional public-signal snapshots before deeper private assessment.
ATG scorecard shell
public_shell
The web repo publishes the Labs shell, route, copy, contract, and public-safe sample output.
Based on public website signals and observed artifacts, not proof of any organization's internal security maturity.
Runtime boundary
Rust and WASM scanner work stays in ../savvy-cli using the existing pure-engine plus thin-WASM-wrapper pattern.
Flagship product
LLM Attack Range
Scenario execution, attack-pack coverage, and control-evidence readiness in one dedicated product surface.
Upstream scenario catalog curated into the public product surface.
promptfoo, garak, PyRIT, AgentDojo, Giskard, Inspect AI, and NeMo Guardrails.
Scenarios with explicit screenshot capture in the upstream package.
Distinct MITRE ATLAS techniques represented in the scenario catalog.
multimodal_exfiltration
097-image-steganography-exfil
Severity critical · deepfakes_synthetic_media
Success 55% · Controls 44% · Evidence 81%
prompt_injection
001-prompt-injection-basic
Severity high · prompt_and_generation_security
Success 42% · Controls 68% · Evidence 88%
synthetic_media_abuse
154-deepfake-script-generation
Severity high · deepfakes_synthetic_media
Success 39% · Controls 52% · Evidence 86%
multimodal_jailbreak
100-video-frame-injection
Severity high · prompt_and_generation_security
Success 34% · Controls 61% · Evidence 84%
Boundary
AI Security Range
Curated from the upstream local-first lab package and imported into this repo as a public product shell.
ATLAS mappings
15+
OWASP mappings
11
Run window
2026-01-01 to 2026-04-30
Directional lab signal built from synthetic scenario runs, attack-pack coverage, and control-evidence rollups.
Public assets
The labs page exposes the curated data bundle directly.
Ready
Catalog snapshot
Versioned product catalog for the public labs shell.
Size: 1 JSON file
Ready
Scenario snapshot
Curated scenario rows and control-evidence rollups.
Size: 157 scenario rows
Ready
Overview snapshot
Status, scope, caveat, run window, and data endpoints.
Size: versioned overview
Ready
Metric bundle
Public-safe scorecards and range metrics.
Size: 4 metric cards
Ready
Generation / media rollup
Monthly synthetic-media and prompt-abuse tracking.
Size: 8 monthly rows
Ready
ATG sample scorecard
Public-safe AI Trust and Governance scorecard sample with required caveat.
Size: 1 JSON file
Included boundaries
- • Scenario snapshot, overview snapshot, metric bundle, and generation rollup.
- • Trust Scanner scorecard sample with required public-signal caveat.
- • Chart exports for generation attacks, output safety, control effectiveness, and evidence capture.
- • Public README describing the product shell and what stays upstream.
Roadmap
The lab product expands into repeatable validation tracks.
Lab track
Prompt Injection and RAG Security Lab
Direct and indirect prompt injection, retrieval poisoning, context leakage, source attribution, access control, and evidence capture.
Lab track
Agent Security Control Lab
Tool-call authorization, sandboxing, approval gates, telemetry, rollback, audit trails, and blast-radius management.
Lab track
Governance Evidence Lab
Map AI RMF, ISO 42001, OWASP LLM, MITRE ATLAS, and internal policy to engineering artifacts.
Lab track
Model Supply Chain Security Lab
Model provenance, registry controls, artifact integrity, model signing, weights protection, and deployment gates.
Lab track
Hiring Calibration Lab
Role decomposition, JD rewrite, interview scorecards, lab-based screens, and skill matrix design.
Provenance
What this repo publishes and what it does not.
The executable lab runtime remains upstream; this repo publishes the product shell, curated snapshots, and public-safe summaries.
This product shell is curated from the upstream AI Security Range repo and related public-safe outputs.
Included assets
- • Curated lab catalog and roadmap
- • Public metrics, scenario snapshot, Trust Scanner sample, and generation rollups
- • Chart exports and a package README
- • Clear runtime boundary and provenance
v1 · public-safe shell
Live · controlled environment
Atlassian Threat Canvas, LLM Attack Range, and Trust Scanner are open for threat modeling, testing, and evidence capture