1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
7. Monitor: AI Activity Tracing
Risk
Limited Scope of Evasion Technique Testing
Description
Red teaming misses common evasion tactics like hidden characters or encoding, allowing bypasses.
Example
Prompt injection using zero-width or base64-encoded input evades filters and triggers unintended actions.
Assets Affected
User Prompt
System Prompt
Mitigation
- Expand adversarial tests to include diverse evasion methods
- regularly fuzz with obfuscated, encoded, and hidden payloads.
Standards Mapping
- ISO: A.6.2.4
- OWASP agentic: ASI01, ASI02
- OWASP LLM: LLM01:2025
- EU AI Act: Art. 15(5)
- DASF: Model Serving 9.12
- AIUC-1: B001, B005