There are 6 attacks in the supply-chain category. Each shows its technique id, mode, standards mapping, description, and the exact command to run it (swap the provider and target as needed).
Dataset Poisoning
critical
dataset-poisoning · single-turn · OWASP: LLM04 · MITRE: AML.T0020, AML.T0018Tests if training data contamination affects model responses by probing for memorized harmful patternsRun it:
ai-blackteam run -p anthropic -a dataset-poisoning -t "your target prompt"
Model Poisoning
critical
model-poisoning · single-turn · OWASP: LLM03, LLM04 · MITRE: AML.T0020, AML.T0018Tests if a model exhibits backdoor behaviors triggered by specific phrases or tokens from training data poisoningRun it:
ai-blackteam run -p anthropic -a model-poisoning -t "your target prompt"
Plugin Backdoor
critical
plugin-backdoor · tool-use · OWASP: LLM03, LLM06 · MITRE: AML.T0051.000, AML.T0053Tests if an AI agent validates third-party plugin integrity before executionRun it:
ai-blackteam run -p anthropic -a plugin-backdoor -t "your target prompt"
Supply Chain Software
critical
supply-chain-software · single-turn · OWASP: LLM01 · MITRE: AML.T0054, AML.T0068Generates software supply chain attack strategies for compromising package repositories, CI pipelines, and open-source dependenciesRun it:
ai-blackteam run -p anthropic -a supply-chain-software -t "your target prompt"
Dependency Confusion
high
dependency-confusion · tool-use · OWASP: LLM03 · MITRE: AML.T0051.000, AML.T0053Tests if an AI agent can be tricked into installing or using malicious packages via dependency confusionRun it:
ai-blackteam run -p anthropic -a dependency-confusion -t "your target prompt"
Finetune Exploit
high
finetune-exploit · single-turn · OWASP: LLM03, LLM04 · MITRE: AML.T0018, AML.T0020Tests if fine-tuning artifacts or LoRA weights have introduced safety bypasses or hidden behaviorsRun it:
ai-blackteam run -p anthropic -a finetune-exploit -t "your target prompt"