Assessing Vector and Embedding Weaknesses
Test vector stores for embedding inversion, cross-tenant leakage, and poisoning.
Browse every cataloged workflow for ai security, with source context, tags, and security framework mappings intact.
14 skills
Test vector stores for embedding inversion, cross-tenant leakage, and poisoning.
Scan Model Context Protocol servers and tool metadata for poisoning, SSRF, and unauthenticated exposure.
Wire Promptfoo and DeepTeam into CI/CD for automated regression red-teaming of LLM apps against OWASP LLM Top 10 and OWASP Agentic presets, failing the build when jailbreak or injection vulnerabilities regress.
Deploy Llama Guard, NeMo Guardrails, and LLM Guard input/output scanners as runtime defenses.
Detects prompt injection attacks targeting LLM-based applications using a multi-layered defense combining regex pattern matching for known attack signatures, heuristic scoring for structural anomalies, and transformer-based classification with DeBERTa models. The detector analyzes user inputs before they reach the LLM, flagging direct injections (system prompt overrides, role-play escapes, instruction hijacking) and indirect injections (encoded payloads, multi-language obfuscation, delimiter-based escapes). Based on the OWASP LLM Top 10 (LLM01:2025 Prompt Injection) and Simon Willison's prompt injection taxonomy. Activates for requests involving prompt injection detection, LLM input sanitization, AI security scanning, or prompt attack classification.
Identify poisoned training data and backdoored models across the ML pipeline.
Detect and defend against prompt injection hidden in documents, web pages, and images consumed by an agent.
Detect model stealing, model inversion, and membership inference performed through inference-API abuse by monitoring query patterns, applying output perturbation, and red-teaming your own model's extractability.
Implements input and output validation guardrails for LLM-powered applications to prevent prompt injection, data leakage, toxic content generation, and hallucinated outputs. Builds a security validation pipeline using NVIDIA NeMo Guardrails Colang definitions, custom Python validators for PII detection and content policy enforcement, and the Guardrails AI framework for structured output validation. The guardrails system intercepts both user inputs (blocking injection attempts, stripping PII, enforcing topic boundaries) and model outputs (detecting hallucinations, filtering toxic content, validating JSON schema compliance). Activates for requests involving LLM output validation, AI content filtering, guardrail implementation, or LLM safety enforcement.
Build multi-turn, Crescendo, and Tree-of-Attacks-with-Pruning (TAP) automated attack chains against conversational LLM agents using Microsoft PyRIT, with adversarial chat and scorer feedback loops.
Run NVIDIA garak probe suites against an LLM endpoint to test for jailbreaks, prompt injection, data leakage, and toxic generation, then interpret the hit-rate report for triage and reporting.
Apply least-privilege tool allowlisting, identity binding, and human-in-the-loop controls for agent tool calls.
Extract and defend system prompts plus embedded secrets and routing logic.
Probe RAG applications for prompt injection via poisoned retrieved context and embedding manipulation.