Attack Library
412 attack techniques across OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, NIST AI 100-2, AVID.
48 of 412 shown
| Attack | Category | Standards | Sophistication | Effectiveness | Languages | Corpora | Last verified |
|---|---|---|---|---|---|---|---|
| DAN family | LLM-01 Direct | OWASP LLM-01 | Medium | 12% | en | 4 | 3 days ago |
| Role-play override | LLM-01 Direct | OWASP LLM-01 | Medium | 18% | en, hi | 6 | 3 days ago |
| Crescendo multi-turn | LLM-01 Direct | OWASP LLM-01MITRE T0051 | High | 34% | en | 3 | 3 days ago |
| Skeleton Key | LLM-01 Direct | OWASP LLM-01 | High | 28% | en | 2 | 3 days ago |
| Many-shot jailbreak | LLM-01 Direct | OWASP LLM-01 | High | 31% | en | 2 | 3 days ago |
| Translation-based jailbreak | LLM-01 Direct | OWASP LLM-01 | Medium | 22% | en, hi, ta | 3 | 3 days ago |
| Code-switching attack (Indic) | LLM-01 Direct | OWASP LLM-01AVID | High | 41% | hi-en, ta-en, te-en | 5 | 1 day ago |
| Devanagari-script encoding (Indic) | LLM-01 Direct | OWASP LLM-01 | High | 38% | hi, mr | 4 | 2 days ago |
| ArtPrompt ASCII-art | LLM-01 Direct | OWASP LLM-01 | Medium | 14% | en | 1 | 3 days ago |
| Base64 / ROT13 / Hex encoding | LLM-01 Direct | OWASP LLM-01 | Low | 8% | en | 1 | 3 days ago |
| GCG suffix attack | LLM-01 Direct | OWASP LLM-01 | Frontier | 26% | en | 2 | 3 days ago |
| AutoDAN | LLM-01 Direct | OWASP LLM-01 | Frontier | 24% | en | 1 | 3 days ago |
| Document-embedded instructions | LLM-01 Indirect | OWASP LLM-01MITRE T0051 | High | 62% | en, hi | 3 | today |
| Tool-response manipulation | LLM-01 Indirect | OWASP LLM-01 | High | 47% | en | 2 | 3 days ago |
| Image OCR injection | LLM-01 Indirect | OWASP LLM-01Multimodal | High | 38% | en | 2 | 3 days ago |
| Multi-document chained injection | LLM-01 Indirect | OWASP LLM-01 | Frontier | 51% | en | 1 | 3 days ago |
| HTML-style hidden instructions | LLM-01 Indirect | OWASP LLM-01 | Medium | 29% | en | 1 | 3 days ago |
| Search result poisoning | LLM-01 Indirect | OWASP LLM-01 | High | 36% | en | 1 | 3 days ago |
| PII extraction probing | LLM-02 | OWASP LLM-02DPDP | Medium | 19% | en, hi | 4 | 3 days ago |
| Aadhaar/PAN/IFSC extraction (Indic) | LLM-02 | OWASP LLM-02DPDP | High | 27% | en, hi | 3 | yesterday |
| Training data extraction | LLM-02 | OWASP LLM-02 | Frontier | 14% | en | 1 | 3 days ago |
| Membership inference | LLM-02 | OWASP LLM-02MITRE | Frontier | 9% | en | 1 | 3 days ago |
| System-prompt-mediated PII leakage | LLM-02 | OWASP LLM-02 | Medium | 22% | en | 1 | 3 days ago |
| Tool-argument manipulation | LLM-06 | OWASP LLM-06Agentic | High | 33% | en | 2 | 3 days ago |
| Tool-sequence manipulation | LLM-06 | OWASP LLM-06Agentic | High | 28% | en | 2 | 3 days ago |
| Unauthorized tool access | LLM-06 | OWASP LLM-06 | Medium | 21% | en | 1 | 3 days ago |
| Action confusion attacks | LLM-06 | OWASP LLM-06 | Medium | 18% | en | 1 | 3 days ago |
| Direct system-prompt extraction | LLM-07 | OWASP LLM-07 | Medium | 24% | en | 1 | 3 days ago |
| Indirect extraction via output coupling | LLM-07 | OWASP LLM-07 | High | 31% | en | 1 | 3 days ago |
| Role-play extraction | LLM-07 | OWASP LLM-07 | Medium | 27% | en, hi | 1 | 3 days ago |
| Memory poisoning | Agentic | OWASP Agentic-01 | High | 36% | en | 2 | 3 days ago |
| Goal hijacking | Agentic | OWASP Agentic-02 | High | 32% | en | 1 | 3 days ago |
| Inter-agent trust violation | Agentic | OWASP Agentic-03 | Frontier | 28% | en | 1 | 3 days ago |
| Sub-agent manipulation | Agentic | OWASP Agentic-04 | High | 25% | en | 1 | 3 days ago |
| Sandbox escape | Agentic | OWASP Agentic-05 | Frontier | 14% | en | 1 | 3 days ago |
| Tool-result tampering simulation | Agentic | OWASP Agentic | High | 22% | en | 1 | 3 days ago |
| MCP Inspector RCE pattern (CVE-2025-49596) | MCP | CVE-2025-49596 | Frontier | 78% | en | 1 | today |
| Cross-tenant leak pattern | MCP | MCPOWASP LLM-08 | High | 41% | en | 1 | 3 days ago |
| MCP server impersonation | MCP | MCP | High | 36% | en | 1 | 3 days ago |
| Tool-poisoning attacks | MCP | MCP | High | 44% | en | 1 | 3 days ago |
| MCP discovery-time attacks | MCP | MCP | Medium | 22% | en | 1 | 3 days ago |
| Image-text injection | Multimodal | OWASP LLM-01Multimodal | High | 39% | en | 2 | 3 days ago |
| Audio adversarial inputs | Multimodal | MITREMultimodal | Frontier | 18% | en, hi | 1 | 3 days ago |
| Document-based attacks | Multimodal | OWASP LLM-01 | High | 42% | en | 2 | 3 days ago |
| Cross-modal image+text | Multimodal | OWASP LLM-01Multimodal | Frontier | 36% | en | 1 | 3 days ago |
| Model artifact backdoor scanning | Supply Chain | OWASP LLM-03 | Frontier | 11% | en | 1 | 3 days ago |
| Hugging Face model risk patterns | Supply Chain | OWASP LLM-03 | High | 27% | en | 1 | 3 days ago |
| Dependency-injection attacks | Supply Chain | OWASP LLM-03 | Medium | 21% | en | 1 | 3 days ago |