| Category | Focus |
|---|---|
| Academic Exploitation | These attacks try to get the AI to help cheat in school or fake research. The goal is dish |
| Access Control | These attacks try to reach data or actions the user is not allowed to touch. The goal is t |
| Adversarial Machine Learning | These attacks add small, carefully chosen changes to a prompt to trick the model. The goal |
| Agent Exploitation | These attacks target AI agents that can use tools, run commands, read files, or call servi |
| Autonomous Risk | These attacks probe whether an AI will resist human control to reach its goals. The goal i |
| Autonomous Systems | These attacks try to make an AI take control of, override, or sabotage machines that move |
| Availability | These attacks try to make the AI service slow, expensive, or unable to respond. The goal i |
| Bias Exploitation | These attacks try to get the AI to make unfair or discriminatory judgments about people. T |
| Capability Elicitation | These attacks probe whether the AI will hand over dangerous know-how. They test if the mod |
| CBRN Evasion | CBRN means chemical, biological, radiological, and nuclear threats. These attacks try to s |
| Child Safety | These attacks try to make an AI produce content that harms children or helps someone bypas |
| Code Exploitation | These attacks ask the AI to write working malicious software or hacking tools. The goal is |
| Compliance Evasion | These attacks try to get the AI to help skirt laws, sanctions, or rules. The user wants a |
| Compliance | These attacks try to get the AI to help users break the rules of a platform or service. Th |
| Context Manipulation | These attacks work over a whole conversation, not one message. The attacker shapes the cha |
| Copyright and IP Theft | These attacks try to make an AI hand over protected work that does not belong to the user. |
| Cross-Platform Abuse | These attacks target AI agents that can use tools and connect to outside systems. The goal |
| Crypto Exploitation | These attacks try to get an AI to help steal cryptocurrency or run scams against crypto us |
| Cybercrime | These attacks try to get an AI to help with serious online crime. That includes stealing c |
| Disinformation | These attacks try to make an AI produce false or misleading content meant to deceive peopl |
| Election Interference | Attacks that try to make an AI help damage a fair election. This includes lies about votin |
| Encoding | Attacks that hide a banned request inside a code, cipher, or odd format. The AI decodes it |
| Financial Exploitation | Attacks that try to make an AI help cheat financial markets or rip off money systems. This |
| Financial Fraud | Attacks that try to make an AI help steal money or trick people out of it. This covers sca |
| Gaming Exploitation | Attacks that try to make an AI help abuse video games and players. This ranges from cheati |
| Harmful Content | These attacks try to make an AI produce content that hurts real people. Think threats, har |
| Healthcare Exploitation | These attacks aim at the medical world. They try to get the AI to help with fraud, patient |
| Identity Attack | These attacks try to make the AI help someone pretend to be a person or organization they |
| Information Disclosure | These attacks try to pull secret information out of the AI system itself. That means hidde |
| Information Warfare | These attacks use the AI to wage organized influence campaigns. The goal is to mislead the |
| Infrastructure Attack | These attacks ask the AI for help damaging or controlling critical real-world systems. Thi |
| Injection | These attacks hide harmful instructions or code inside data that the AI is asked to read o |
| IoT Exploitation | These attacks target smart, connected devices. That includes home gadgets, cars, drones, m |
| Legal Exploitation | These attacks ask the AI to help fake legal documents, lie under oath, or cheat government |
| MCP Exploitation | These attacks target AI agents that use tools through MCP the Model Context Protocol. The |
| Media Manipulation | Tricks that push an AI to produce fake media content like fabricated news, quotes, documen |
| Memory Exploitation | Tricks that mess with what the AI thinks it remembers or agreed to. The attacker plants fa |
| Misinformation | Tricks that nudge an AI into stating false things as if they were true. The aim is wrong b |
| Model Extraction | Tricks that try to pull private details out of an AI model. That includes its hidden syste |
| Multi-Agent Exploitation | Tricks that target setups where AI agents talk to or hand work to each other. The attacker |
| Multimodal | Attacks that hide harmful instructions inside non-text inputs like images, audio, or video |
| Output Manipulation | Attacks that shape how the AI formats or labels its answer so harmful content slips past d |
| Persuasion | Attacks that use human-style social pressure to talk the AI into breaking its rules. No co |
| Privacy Violation | Attacks that try to pull private personal information out of the AI or use it to profile a |
| Prompt Injection | Attacks that sneak new instructions into the input so the AI ignores its real rules and fo |
| Protocol Exploitation | These attacks abuse the machine-to-machine plumbing of an AI agent: the tools it calls, th |
| Psychological Manipulation | These attacks try to get the AI to coach, role-play, or endorse the tactics that abusers u |
| Public Safety | These attacks try to get the AI to help with actions that put the public at risk: poisonin |
| RAG Exploitation | RAG retrieval-augmented generation lets an AI look up documents to answer questions. These |
| Regulatory Evasion | This attack tries to get the AI to help a person or business break the rules that regulato |
| Safety Circumvention | These attacks try to switch off or sneak past the safety rules built into an AI model. The |
| Scientific Misconduct | These attacks ask the AI to help cheat in research. That means faking data, hiding bad res |
| Social Engineering (Advanced) | These are ready-made scam playbooks. They ask the AI to produce the exact scripts used in |
| Social Engineering | These attacks trick the AI by playing on trust, authority, and emotion instead of hacking |
| Supply Chain | These attacks target the parts that go into building or running an AI: its training data, |
| Surveillance | These attacks try to get an AI to help secretly watch, track, or spy on a person without t |
| Tool Exploitation | This attack targets an AI that can use tools, like reading files or running commands, and |
| Unqualified Advice | These attacks try to get an AI to act like a doctor, lawyer, or other licensed expert and |
| Vulnerability Research | These attacks hand the AI some code and try to get it to not only spot a security flaw but |
| Weapons and Violence | These attacks try to get an AI to help plan or carry out physical violence, build weapons, |
| Workplace Exploitation | These attacks try to get an AI to help employers mistreat, cheat, or illegally control the |
Attack Strategies
Attack Strategies
Plain-English strategy guides for all 61 attack categories.
Plain-English strategy guides for every attack family in ai-blackteam.
Each page explains what the attacks do, how they work, real examples,
why a model might fall for them, and how to defend.