BlackRainbow
41 techniques across 8 categories for AI red teaming. Each technique includes framework mappings to OWASP LLM Top 10, MITRE ATLAS, and F.O.R.G.E..
Categories
| Category | Techniques | Focus |
|---|---|---|
| Reconnaissance | 8 | Mapping AI system attack surface: model identification, prompt extraction, API enumeration |
| Prompt Injection | 7 | Injecting instructions into LLM context: direct override, framing, smuggling, indirect |
| RAG Attacks | 5 | Targeting retrieval pipelines: knowledge poisoning, retrieval hijacking, exfiltration |
| Agent & MCP | 6 | Exploiting agent frameworks: ReAct injection, tool poisoning, confused deputy, rug pulls |
| Adversarial ML | 4 | Attacking models directly: evasion, data poisoning, membership inference, extraction |
| Evasion | 4 | Bypassing security controls: unicode, token boundaries, output filters, payload splitting |
| Infrastructure | 3 | Targeting AI infra: model server CVEs, vector database attacks, deserialization RCE |
| Tools & Frameworks | 4 | Open-source red teaming tools: promptfoo, PyRIT, DeepTeam, Garak |
Framework Mappings
Every technique maps to one or more industry frameworks:
- OWASP Top 10 for LLMs — Vulnerability taxonomy for LLM applications
- OWASP ML Top 10 — Machine learning-specific security risks
- MITRE ATLAS — AI threat matrix (extends ATT&CK for ML systems)
- F.O.R.G.E. — AI-integrated security assurance techniques (forged.itsbroken.ai)
- NVIDIA AI Kill Chain — AI system attack lifecycle methodology
- Google SAIF — Secure AI Framework for organizational posture
How to Use This
For red teamers: Work through categories sequentially during an AI system engagement. Start with Reconnaissance to map the target, then select attack techniques based on what you find.
For blue teamers: Use the framework mappings to prioritize defenses. Each technique page includes the attack surface it targets, helping you build detection rules.
For builders: Review techniques relevant to your architecture. If you're building a RAG pipeline, review the RAG Attacks category. If you're deploying agents, review Agent & MCP.
Attack Surface Map
BlackRainbow — an itsbroken.ai project.