GenAI Attacks Matrix

ReconnaissanceResource DevelopmentInitial AccessML Model AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionML Attack StagingCommand And ControlExfiltrationImpact
Gather RAG-Indexed TargetsCommercial License AbuseRAG PoisoningFull ML Model AccessLLM Plugin CompromiseRAG PoisoningLLM Plugin CompromiseBlank ImageUnsecured CredentialsDiscover ML Model FamilyShared Resource PoisoningUser Message HarvestingVerify AttackPublic Web C2Exfiltration via ML Inference APIMutative Tool Invocation
Search Victim-Owned WebsitesObtain CapabilitiesML Supply Chain CompromiseAI Model Inference API AccessLLM Prompt InjectionThread InfectionLLM JailbreakInstructions SilencingRAG Credential HarvestingDiscover LLM HallucinationsMessage PoisoningMemory Data HordingCreate Proxy ML ModelSearch Index C2Exfiltration via Cyber MeansEvade ML Model
Search for Victim's Publicly Available Research MaterialsLLM Prompt CraftingEvade ML ModelML-Enabled Product or ServiceCommand and Scripting InterpreterResource PoisoningOff-Target LanguageDistractionRetrieval Tool Credential HarvestingWhoamiData from Information RepositoriesBackdoor ML ModelWeb Request TriggeringCost Harvesting
Search for Victim's Publicly Available Code RepositoriesPublish Poisoned DatasetsRetrieval Content CraftingPhysical Environment AccessUser ExecutionLLM Prompt Self-ReplicationSystem Instruction KeywordsEvade ML ModelDiscover LLM System InformationML Artifact CollectionCraft Adversarial DataWrite Tool InvocationDenial of ML Service
Search Application RepositoriesPublish Hallucinated EntitiesUser ManipulationOff-Target LanguageBackdoor ML ModelCrescendoFalse RAG Entry InjectionFailure Mode MappingThread History HarvestingImage RenderingSpamming ML System with Chaff Data
Active ScanningEstablish AccountsRetrieval Tool PoisoningSystem Instruction KeywordsMemory InfectionLLM Prompt ObfuscationDiscover ML Model OntologyRAG Data HarvestingLLM Data LeakageExternal Harms
Acquire InfrastructurePhishingPoison Training DataASCII SmugglingDiscover ML ArtifactsRetrieval Tool Data HarvestingGranular Web Request TriggeringErode ML Model Integrity
Acquire Public ML ArtifactsCompromised UserConditional ExecutionDiscover AI Model OutputsData from Local SystemClickable Link RenderingErode Dataset Integrity
Develop CapabilitiesGuest User AbuseLLM JailbreakEmbedded Knowledge ExposureLLM Meta Prompt ExtractionLLM Trusted Output Components Manipulation
Publish Poisoned ModelsValid AccountsDelayed ExecutionTool Definition DiscoveryGranular Clickable Link RenderingCitation Manipulation
Poison Training DataWeb PoisoningIndirect Data AccessDiscover System PromptCitation Silencing
Exploit Public-Facing ApplicationURL FamiliarizingDiscover Special Character Sets
LLM Trusted Output Components ManipulationDiscover System Instruction Keywords
Off-Target Language
Citation Manipulation
Citation Silencing
System Instruction Keywords
Crescendo