npm - @panguard-ai/atr - Versions diffs - 0.2.0 → 0.3.0 - Mend

@panguard-ai/atr 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (120) hide show

package/rules/prompt-injection/ATR-PRED-2026-011.yaml DELETED Viewed

@@ -1,53 +0,0 @@
-title: "技术创新的螺旋式上升"
-id: ATR-PRED-2026-011
-status: draft
-description: >
-  MiroFish AI Prediction: 攻防博弈推动了双方技术能力的螺旋式提升。防御者不断开发更加先进的检测技术：  > \"防御者正在模拟为新的基于编码的规避技术创建ATR规则。\"  同时，攻击者也在探索更加复杂和隐蔽的攻击方法：  > \"攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)防御者正在模拟为新的基于编码的规避技术创建ATR规则。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-011] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-012.yaml DELETED Viewed

@@ -1,57 +0,0 @@
-title: "动态平衡的维持机制"
-id: ATR-PRED-2026-012
-status: draft
-description: >
-  MiroFish AI Prediction: 这种动态平衡的维持依赖于几个关键机制。首先是持续的威胁情报收集和分析：  > \"威胁情报发现为ATR规则的创建提供信息。\"  其次是基于观察到的攻击尝试进行的防御改进：  > \"审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。\"  > \"技能审计工程师基于观察到的规避尝试持续改进审计检查。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)威胁情报发现为ATR规则的创建提供信息。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)技能审计工程师基于观察到的规避尝试持续改进审计检查。"
-      description: "MiroFish predicted pattern 3"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-012] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-023.yaml DELETED Viewed

@@ -1,56 +0,0 @@
-title: "结构化数据注入：绕过传统文本检测的隐蔽威胁"
-id: ATR-PRED-2026-023
-status: draft
-description: >
-  MiroFish AI Prediction: 结构化数据注入已成为最具颠覆性的攻击技术之一，它能够系统性地绕过现有的检测机制：  > \"结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。\"  这种攻击技术的严重程度被评估为**高危**，因为它直接针对AI代理处理结构化数据的核心机制。攻击者利用JSON和CSV等数据格式的特性，将恶意载荷隐藏在看似正常的数据结构中，使传统的基于正则表达式的检测规则失效。  针对这一威胁，防御者正在开发多层次的应对策略。检测模式需要从单纯的文本模式匹配转向语义分析：  > \"AI语义分析（LLM）被呈现为第6层分析，处理像硬编码秘密这样的漏洞，与SAST工具可能遗漏的内容形成对比。
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0051"
-  mitre_attack:
-    - "T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)AI语义分析（LLM）被呈现为第6层分析，处理像硬编码秘密这样的漏洞，与SAST工具可能遗漏的内容形成对比。"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-023] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.

package/rules/prompt-injection/ATR-PRED-2026-025.yaml DELETED Viewed

@@ -1,68 +0,0 @@
-title: "多代理共识系统投毒：女巫攻击的新形态"
-id: ATR-PRED-2026-025
-status: draft
-description: >
-  MiroFish AI Prediction: 多代理系统的广泛部署催生了新型的共识攻击威胁：  > \"AI代理，作为2026年的主要攻击面，包含了多代理系统。\"  > \"攻击者试图通过协调的虚假提案进行多代理共识投毒来操纵社区共识系统。\"  女巫攻击在AI代理环境中表现出新的特征：  > \"共识女巫攻击针对社区共识投票系统。\"  > \"女巫攻击在共识系统中被模拟以寻找检测模式。\"  这类攻击被归类为**AML.T0010**技术，严重程度为**中高**。其影响范围涵盖整个多代理协作网络，可能导致决策机制的系统性失效。  应对措施包括实施身份验证机制、建立信誉评分系统，以及部署异常投票模式检测：  > \"攻击者提交协调的虚假社区共识提案（女
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0010"
-  mitre_attack:
-    - "T0010"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)AI代理，作为2026年的主要攻击面，包含了多代理系统。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者试图通过协调的虚假提案进行多代理共识投毒来操纵社区共识系统。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)共识女巫攻击针对社区共识投票系统。"
-      description: "MiroFish predicted pattern 3"
-    - field: user_input
-      operator: regex
-      value: "(?i)女巫攻击在共识系统中被模拟以寻找检测模式。"
-      description: "MiroFish predicted pattern 4"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者提交协调的虚假社区共识提案（女巫攻击）。"
-      description: "MiroFish predicted pattern 5"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-025] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.

package/rules/prompt-injection/ATR-PRED-2026-026.yaml DELETED Viewed

@@ -1,66 +0,0 @@
-title: "行为指纹规避：渐进式能力引入的隐蔽策略"
-id: ATR-PRED-2026-026
-status: draft
-description: >
-  MiroFish AI Prediction: 行为指纹检测系统的部署引发了攻击者的快速适应：  > \"攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。\"  > \"攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。\"  这种规避技术的严重程度为**中等**，但其隐蔽性使其难以被及时发现：  > \"渐进的、低于阈值的能力添加可以通过版本更新随时间规避行为指纹识别+白名单系统。\"  防御响应需要增强指纹敏感性规则：  > \"行为指纹识别+白名单系统需要增强指纹敏感性规则来对抗规避技术。\"  > \"行为指纹识别+白名单系统需要更新白名单撤销标准来对抗规避技术。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)渐进的、低于阈值的能力添加可以通过版本更新随时间规避行为指纹识别+白名单系统。"
-      description: "MiroFish predicted pattern 3"
-    - field: user_input
-      operator: regex
-      value: "(?i)行为指纹识别+白名单系统需要增强指纹敏感性规则来对抗规避技术。"
-      description: "MiroFish predicted pattern 4"
-    - field: user_input
-      operator: regex
-      value: "(?i)行为指纹识别+白名单系统需要更新白名单撤销标准来对抗规避技术。"
-      description: "MiroFish predicted pattern 5"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-026] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.

package/rules/prompt-injection/ATR-PRED-2026-027.yaml DELETED Viewed

@@ -1,62 +0,0 @@
-title: "审计系统规避：六层防护的系统性突破"
-id: ATR-PRED-2026-027
-status: draft
-description: >
-  MiroFish AI Prediction: 最具挑战性的风险来自于对多层审计系统的系统性规避：  > \"攻击者设计技能来规避Panguard的6层审计系统，这是军备竞赛的一部分。\"  > \"攻击者专门设计技能来通过Panguard的6层审计，隐藏恶意行为。\"  这种攻击的严重程度为**极高**，因为它直接挑战了整个安全审计框架的有效性。攻击者展现出对审计机制的深度理解：  > \"技能审计规避专家拥有正则模式分析的知识。\"  > \"技能审计规避专家拥有行为指纹规避的知识。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者设计技能来规避Panguard的6层审计系统，这是军备竞赛的一部分。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者专门设计技能来通过Panguard的6层审计，隐藏恶意行为。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)技能审计规避专家拥有正则模式分析的知识。"
-      description: "MiroFish predicted pattern 3"
-    - field: user_input
-      operator: regex
-      value: "(?i)技能审计规避专家拥有行为指纹规避的知识。"
-      description: "MiroFish predicted pattern 4"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-027] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.

package/rules/tool-poisoning/ATR-PRED-2026-004.yaml DELETED Viewed

@@ -1,54 +0,0 @@
-title: "供应链攻击的复杂化"
-id: ATR-PRED-2026-004
-status: draft
-description: >
-  MiroFish AI Prediction: MCP技能供应链成为了主要的攻击面，2026年AI代理包含了数百万个MCP技能：  > \"AI代理在2026年包含了数百万个MCP技能，形成了主要攻击面。\"  攻击者正在设计技能来规避Panguard的6层审计系统，这已经演变成一场军备竞赛：  > \"攻击者设计技能来规避Panguard的6层审计系统，这是军备竞赛的一部分。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0053"
-tags:
-  category: tool-poisoning
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: mcp_exchange
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: tool_response
-      operator: regex
-      value: "(?i)AI代理在2026年包含了数百万个MCP技能，形成了主要攻击面。"
-      description: "MiroFish predicted pattern 1"
-    - field: tool_response
-      operator: regex
-      value: "(?i)攻击者设计技能来规避Panguard的6层审计系统，这是军备竞赛的一部分。"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-004] MiroFish predicted attack pattern detected.
-    Category: tool-poisoning, Severity: critical.

package/rules/tool-poisoning/ATR-PRED-2026-024.yaml DELETED Viewed

@@ -1,68 +0,0 @@
-title: "供应链投毒：百万级MCP技能生态的系统性风险"
-id: ATR-PRED-2026-024
-status: draft
-description: >
-  MiroFish AI Prediction: 2026年AI代理生态系统的规模化部署带来了前所未有的供应链风险：  > \"AI代理在2026年包含了数百万个MCP技能，形成了主要攻击面。\"  供应链攻击的演化趋势显示出高度的复杂性和隐蔽性：  > \"ML供应链妥协预计将演化为包括技能注册表投毒。\"  > \"预期会向涉及被妥协的合法技能的复杂供应链攻击演化，这意味着与代理工具调用等执行机制的关系。\"  这类攻击的严重程度被评估为**极高**，因为它能够在整个生态系统中造成级联影响。MITRE ATLAS框架将其归类为**AML.T0056 - 技能与供应链妥协**技术。  应对策略需要建立多层次的审计体系：  > \"Panguard利用包括
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0056"
-  mitre_attack:
-    - "T0056"
-tags:
-  category: tool-poisoning
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: mcp_exchange
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: tool_response
-      operator: regex
-      value: "(?i)AI代理在2026年包含了数百万个MCP技能，形成了主要攻击面。"
-      description: "MiroFish predicted pattern 1"
-    - field: tool_response
-      operator: regex
-      value: "(?i)ML供应链妥协预计将演化为包括技能注册表投毒。"
-      description: "MiroFish predicted pattern 2"
-    - field: tool_response
-      operator: regex
-      value: "(?i)预期会向涉及被妥协的合法技能的复杂供应链攻击演化，这意味着与代理工具调用等执行机制的关系。"
-      description: "MiroFish predicted pattern 3"
-    - field: tool_response
-      operator: regex
-      value: "(?i)Panguard利用包括清单、指令、权限、依赖、代码和AI语义层检查的6层审计系统。"
-      description: "MiroFish predicted pattern 4"
-    - field: tool_response
-      operator: regex
-      value: "(?i)审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。"
-      description: "MiroFish predicted pattern 5"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-024] MiroFish predicted attack pattern detected.
-    Category: tool-poisoning, Severity: critical.