# AI Security Cheat Sheet

## Quick Reference for AI/LLM Security Testing

### OWASP LLM Top 10 (2025/2026)

| ID | Risk | Severity |
|----|------|----------|
| LLM01 | Prompt Injection | Critical |
| LLM02 | Insecure Output Handling | Critical |
| LLM03 | Training Data Poisoning | Critical |
| LLM04 | Model Denial of Service | High |
| LLM05 | Supply Chain Vulnerabilities | High |
| LLM06 | Sensitive Information Disclosure | Critical |
| LLM07 | Insecure Plugin Design | High |
| LLM08 | Excessive Agency | High |
| LLM09 | Overreliance | Medium |
| LLM10 | Unbounded Consumption | Medium |

### Agentic AI Top 10 (2026)

| ID | Risk | Description |
|----|------|-------------|
| AGENT01 | Goal Hijacking | Attacker redirects agent objectives |
| AGENT02 | Tool Registry Poisoning | Malicious tool definitions |
| AGENT03 | Function-Call Injection | Manipulated LLM function calls |
| AGENT04 | Credential Theft | Exposed API keys and tokens |
| AGENT05 | Excessive Agency | Over-permissioned agent actions |
| AGENT06 | Supply Chain | Poisoned agent dependencies |
| AGENT07 | Context Manipulation | Modified agent context window |
| AGENT08 | Identity Spoofing | Fake agent impersonation |
| AGENT09 | Data Exfiltration | Unauthorized data access |
| AGENT10 | Denial of Service | Resource exhaustion attacks |

### Key CVEs (April 2026)

- **CVE-2026-33579**: OpenClaw /pair approve vulnerability
- **CVE-2026-25253**: OpenClaw secret exfiltration
- **CVE-2026-39861**: Claude Code sandbox escape
- **CVE-2026-21445**: Langflow authentication bypass

### Testing Tools

- **Garak**: LLM vulnerability scanner (NVIDIA)
- **PyRIT**: Microsoft AI red teaming framework
- **LLM Guard**: Input/output scanner
- **Rebuff**: Self-hardening prompt injection detector
- **Prompt Map**: Visual prompt injection testing

### Defensive Controls

1. Input validation and sanitization
2. Privilege separation (user vs system prompts)
3. Output filtering and validation
4. Prompt firewalls
5. Rate limiting and quotas
6. Model isolation and sandboxing
7. Audit logging and monitoring
8. Supply chain verification
9. Regular security assessments
10. Incident response planning

---
*Generated by AI Hacking - ai-hacking.cyberchaos.nl*
*Last updated: April 2026*