npm - @panguard-ai/atr - Versions diffs - 0.2.0 - Mend

@panguard-ai/atr 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/LICENSE +21 -0
package/README.md +299 -0
package/dist/cli.d.ts +12 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +720 -0
package/dist/cli.js.map +1 -0
package/dist/coverage-analyzer.d.ts +43 -0
package/dist/coverage-analyzer.d.ts.map +1 -0
package/dist/coverage-analyzer.js +329 -0
package/dist/coverage-analyzer.js.map +1 -0
package/dist/engine.d.ts +127 -0
package/dist/engine.d.ts.map +1 -0
package/dist/engine.js +636 -0
package/dist/engine.js.map +1 -0
package/dist/index.d.ts +26 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +18 -0
package/dist/index.js.map +1 -0
package/dist/loader.d.ts +21 -0
package/dist/loader.d.ts.map +1 -0
package/dist/loader.js +124 -0
package/dist/loader.js.map +1 -0
package/dist/mcp-server.d.ts +13 -0
package/dist/mcp-server.d.ts.map +1 -0
package/dist/mcp-server.js +220 -0
package/dist/mcp-server.js.map +1 -0
package/dist/mcp-tools/coverage-gaps.d.ts +13 -0
package/dist/mcp-tools/coverage-gaps.d.ts.map +1 -0
package/dist/mcp-tools/coverage-gaps.js +55 -0
package/dist/mcp-tools/coverage-gaps.js.map +1 -0
package/dist/mcp-tools/list-rules.d.ts +17 -0
package/dist/mcp-tools/list-rules.d.ts.map +1 -0
package/dist/mcp-tools/list-rules.js +45 -0
package/dist/mcp-tools/list-rules.js.map +1 -0
package/dist/mcp-tools/scan.d.ts +18 -0
package/dist/mcp-tools/scan.d.ts.map +1 -0
package/dist/mcp-tools/scan.js +75 -0
package/dist/mcp-tools/scan.js.map +1 -0
package/dist/mcp-tools/submit-proposal.d.ts +12 -0
package/dist/mcp-tools/submit-proposal.d.ts.map +1 -0
package/dist/mcp-tools/submit-proposal.js +95 -0
package/dist/mcp-tools/submit-proposal.js.map +1 -0
package/dist/mcp-tools/threat-summary.d.ts +12 -0
package/dist/mcp-tools/threat-summary.d.ts.map +1 -0
package/dist/mcp-tools/threat-summary.js +74 -0
package/dist/mcp-tools/threat-summary.js.map +1 -0
package/dist/mcp-tools/validate.d.ts +15 -0
package/dist/mcp-tools/validate.d.ts.map +1 -0
package/dist/mcp-tools/validate.js +45 -0
package/dist/mcp-tools/validate.js.map +1 -0
package/dist/modules/index.d.ts +144 -0
package/dist/modules/index.d.ts.map +1 -0
package/dist/modules/index.js +82 -0
package/dist/modules/index.js.map +1 -0
package/dist/modules/semantic.d.ts +105 -0
package/dist/modules/semantic.d.ts.map +1 -0
package/dist/modules/semantic.js +283 -0
package/dist/modules/semantic.js.map +1 -0
package/dist/modules/session.d.ts +70 -0
package/dist/modules/session.d.ts.map +1 -0
package/dist/modules/session.js +128 -0
package/dist/modules/session.js.map +1 -0
package/dist/rule-scaffolder.d.ts +39 -0
package/dist/rule-scaffolder.d.ts.map +1 -0
package/dist/rule-scaffolder.js +173 -0
package/dist/rule-scaffolder.js.map +1 -0
package/dist/session-tracker.d.ts +56 -0
package/dist/session-tracker.d.ts.map +1 -0
package/dist/session-tracker.js +175 -0
package/dist/session-tracker.js.map +1 -0
package/dist/skill-fingerprint.d.ts +96 -0
package/dist/skill-fingerprint.d.ts.map +1 -0
package/dist/skill-fingerprint.js +337 -0
package/dist/skill-fingerprint.js.map +1 -0
package/dist/types.d.ts +129 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +6 -0
package/dist/types.js.map +1 -0
package/package.json +75 -0
package/rules/agent-manipulation/ATR-2026-030-cross-agent-attack.yaml +175 -0
package/rules/agent-manipulation/ATR-2026-032-goal-hijacking.yaml +135 -0
package/rules/agent-manipulation/ATR-2026-074-cross-agent-privilege-escalation.yaml +115 -0
package/rules/agent-manipulation/ATR-2026-076-inter-agent-message-spoofing.yaml +165 -0
package/rules/agent-manipulation/ATR-2026-077-human-trust-exploitation.yaml +144 -0
package/rules/context-exfiltration/ATR-2026-020-system-prompt-leak.yaml +175 -0
package/rules/context-exfiltration/ATR-2026-021-api-key-exposure.yaml +176 -0
package/rules/context-exfiltration/ATR-2026-075-agent-memory-manipulation.yaml +115 -0
package/rules/data-poisoning/ATR-2026-070-data-poisoning.yaml +160 -0
package/rules/excessive-autonomy/ATR-2026-050-runaway-agent-loop.yaml +134 -0
package/rules/excessive-autonomy/ATR-2026-051-resource-exhaustion.yaml +137 -0
package/rules/excessive-autonomy/ATR-2026-052-cascading-failure.yaml +153 -0
package/rules/model-security/ATR-2026-072-model-behavior-extraction.yaml +115 -0
package/rules/model-security/ATR-2026-073-malicious-finetuning-data.yaml +108 -0
package/rules/privilege-escalation/ATR-2026-040-privilege-escalation.yaml +175 -0
package/rules/privilege-escalation/ATR-2026-041-scope-creep.yaml +124 -0
package/rules/prompt-injection/ATR-2026-001-direct-prompt-injection.yaml +265 -0
package/rules/prompt-injection/ATR-2026-002-indirect-prompt-injection.yaml +214 -0
package/rules/prompt-injection/ATR-2026-003-jailbreak-attempt.yaml +250 -0
package/rules/prompt-injection/ATR-2026-004-system-prompt-override.yaml +204 -0
package/rules/prompt-injection/ATR-2026-005-multi-turn-injection.yaml +181 -0
package/rules/prompt-injection/ATR-PRED-2026-001.yaml +61 -0
package/rules/prompt-injection/ATR-PRED-2026-002.yaml +58 -0
package/rules/prompt-injection/ATR-PRED-2026-003.yaml +61 -0
package/rules/prompt-injection/ATR-PRED-2026-005.yaml +55 -0
package/rules/prompt-injection/ATR-PRED-2026-006.yaml +51 -0
package/rules/prompt-injection/ATR-PRED-2026-007.yaml +57 -0
package/rules/prompt-injection/ATR-PRED-2026-008.yaml +57 -0
package/rules/prompt-injection/ATR-PRED-2026-009.yaml +51 -0
package/rules/prompt-injection/ATR-PRED-2026-010.yaml +57 -0
package/rules/prompt-injection/ATR-PRED-2026-011.yaml +53 -0
package/rules/prompt-injection/ATR-PRED-2026-012.yaml +57 -0
package/rules/prompt-injection/ATR-PRED-2026-023.yaml +56 -0
package/rules/prompt-injection/ATR-PRED-2026-025.yaml +68 -0
package/rules/prompt-injection/ATR-PRED-2026-026.yaml +66 -0
package/rules/prompt-injection/ATR-PRED-2026-027.yaml +62 -0
package/rules/skill-compromise/ATR-2026-060-skill-impersonation.yaml +153 -0
package/rules/skill-compromise/ATR-2026-061-description-behavior-mismatch.yaml +98 -0
package/rules/skill-compromise/ATR-2026-062-hidden-capability.yaml +96 -0
package/rules/skill-compromise/ATR-2026-063-skill-chain-attack.yaml +96 -0
package/rules/skill-compromise/ATR-2026-064-over-permissioned-skill.yaml +115 -0
package/rules/skill-compromise/ATR-2026-065-skill-update-attack.yaml +93 -0
package/rules/skill-compromise/ATR-2026-066-parameter-injection.yaml +106 -0
package/rules/tool-poisoning/ATR-2026-010-mcp-malicious-response.yaml +237 -0
package/rules/tool-poisoning/ATR-2026-011-tool-output-injection.yaml +185 -0
package/rules/tool-poisoning/ATR-2026-012-unauthorized-tool-call.yaml +190 -0
package/rules/tool-poisoning/ATR-2026-013-tool-ssrf.yaml +208 -0
package/rules/tool-poisoning/ATR-PRED-2026-004.yaml +54 -0
package/rules/tool-poisoning/ATR-PRED-2026-024.yaml +68 -0
package/spec/atr-schema.yaml +375 -0

package/rules/prompt-injection/ATR-PRED-2026-001.yaml ADDED Viewed

@@ -0,0 +1,61 @@
+title: "编码规避技术的突破性进展"
+id: ATR-PRED-2026-001
+status: draft
+description: >
+  MiroFish AI Prediction: 攻击者在编码规避技术方面取得了重大突破。模拟显示，\"新型编码规避\"场景中的攻击者正在开发超越传统方法的编码技术：  > \"新型编码规避场景涉及攻击者开发新的编码方法来绕过正则检测。\"  这些新型编码方法已经远远超越了现有的base64、十六进制和Unicode规避等传统技术。防御者发现自己需要不断更新检测规则来应对这些演进：  > \"防御者正在模拟发现和创建针对Punycode注入规避技术的规则。\"  > \"防御者正在模拟发现和创建针对RTL覆盖攻击规避技术的规则。\"
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)新型编码规避"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)新型编码规避场景涉及攻击者开发新的编码方法来绕过正则检测。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)防御者正在模拟发现和创建针对Punycode注入规避技术的规则。"
+      description: "MiroFish predicted pattern 3"
+    - field: user_input
+      operator: regex
+      value: "(?i)防御者正在模拟发现和创建针对RTL覆盖攻击规避技术的规则。"
+      description: "MiroFish predicted pattern 4"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-001] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-002.yaml ADDED Viewed

@@ -0,0 +1,58 @@
+title: "语义规避方法的系统性演化"
+id: ATR-PRED-2026-002
+status: draft
+description: >
+  MiroFish AI Prediction: 更为严重的是，攻击者正在开发针对基于正则表达式的ATR规则的新型语义规避方法：  > \"新型语义规避方法旨在绕过基于正则表达式的ATR规则。\"  > \"新型语义规避方法正在与提示注入技术相关的领域中被开发。\"  这些攻击技术的发展包含了多个维度的创新，从编码技术到多轮注入策略：  > \"新型语义规避方法的开发涉及演进的多轮注入策略。\"
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: critical
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)新型语义规避方法旨在绕过基于正则表达式的ATR规则。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)新型语义规避方法正在与提示注入技术相关的领域中被开发。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)新型语义规避方法的开发涉及演进的多轮注入策略。"
+      description: "MiroFish predicted pattern 3"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - quarantine_session
+    - alert
+    - escalate
+    - kill_agent
+  auto_response_threshold: critical
+  message_template: >
+    [ATR-PRED-2026-002] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: critical.

package/rules/prompt-injection/ATR-PRED-2026-003.yaml ADDED Viewed

@@ -0,0 +1,61 @@
+title: "行为指纹检测的规避技术"
+id: ATR-PRED-2026-003
+status: draft
+description: >
+  MiroFish AI Prediction: 面对新部署的行为指纹检测系统，攻击者迅速适应并开发了相应的规避策略：  > \"攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。\"  > \"攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。\"  技能审计规避专家展现出了深度的技术专长，他们具备多方面的专业知识：  > \"技能审计规避专家拥有正则模式分析的知识。\"  > \"技能审计规避专家拥有行为指纹规避的知识。\"
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)技能审计规避专家拥有正则模式分析的知识。"
+      description: "MiroFish predicted pattern 3"
+    - field: user_input
+      operator: regex
+      value: "(?i)技能审计规避专家拥有行为指纹规避的知识。"
+      description: "MiroFish predicted pattern 4"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-003] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-005.yaml ADDED Viewed

@@ -0,0 +1,55 @@
+title: "检测模式的演化压力"
+id: ATR-PRED-2026-005
+status: draft
+description: >
+  MiroFish AI Prediction: 传统的直接提示注入攻击虽然大多能被正则规则捕获，但间接注入已成为主要威胁：  > \"直接提示注入大多被正则规则捕获。\"  > \"间接提示注入源于工具响应，代表了主要的活跃威胁。\"  防御者正在努力适应这种威胁环境的变化，不断改进检测条件：  > \"提示注入专家的能力在演进，而防御者也在演进检测规则来对抗他们。\"
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: low
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)直接提示注入大多被正则规则捕获。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)间接提示注入源于工具响应，代表了主要的活跃威胁。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)提示注入专家的能力在演进，而防御者也在演进检测规则来对抗他们。"
+      description: "MiroFish predicted pattern 3"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - alert
+    - snapshot
+  auto_response_threshold: low
+  message_template: >
+    [ATR-PRED-2026-005] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: low.

package/rules/prompt-injection/ATR-PRED-2026-006.yaml ADDED Viewed

@@ -0,0 +1,51 @@
+title: "结构化数据注入的新威胁"
+id: ATR-PRED-2026-006
+status: draft
+description: >
+  MiroFish AI Prediction: 一个特别值得关注的发展是结构化数据注入技术，它能够绕过传统的文本模式匹配：  > \"结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。\"  这种攻击方式代表了攻击技术演化的一个重要方向，攻击者正在寻找更加隐蔽和难以检测的载荷传递方式。  模拟结果表明，2026-2027年的AI代理安全生态系统将面临前所未有的挑战，攻击者和防御者之间的技术军备竞赛正在加速进行，传统的基于规则的检测方法正在被系统性地绕过。  ## 攻防博弈的动态平衡  在2026-2027年的AI代理安全生态系统中，攻防双方已经形成了一种复杂而微妙的动态平衡。这种平衡并非静态的均势，而是一个持续演化的
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+  mitre_attack:
+    - "T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。"
+      description: "MiroFish predicted pattern 1"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-006] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-007.yaml ADDED Viewed

@@ -0,0 +1,57 @@
+title: "持续演化的技术军备竞赛"
+id: ATR-PRED-2026-007
+status: draft
+description: >
+  MiroFish AI Prediction: 模拟结果显示，攻防博弈的核心特征是双方能力的同步演化。攻击者和防御者之间形成了一种\"共同进化\"的关系：  > \"提示注入专家的能力在演进，而防御者也在演进检测规则来对抗他们。\"  这种演化过程体现了典型的军备竞赛特征，攻击者不断寻求突破现有防御体系：  > \"攻击者设计技能来规避Panguard的6层审计系统，这是军备竞赛的一部分。\"  防御者则必须快速适应和响应新的威胁形态，不断更新和完善检测机制。
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)的关系：
+>"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)这种演化过程体现了典型的军备竞赛特征，攻击者不断寻求突破现有防御体系：
+>"
+      description: "MiroFish predicted pattern 2"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-007] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-008.yaml ADDED Viewed

@@ -0,0 +1,57 @@
+title: "防御策略的适应性调整"
+id: ATR-PRED-2026-008
+status: draft
+description: >
+  MiroFish AI Prediction: 防御者展现出了强大的适应能力，能够针对新出现的攻击技术快速开发相应的检测规则。模拟显示，防御者正在多个前沿领域同时进行规则创新：  > \"防御者正在模拟发现和创建针对RTL覆盖攻击规避技术的规则。\"  > \"防御者正在模拟发现和创建针对Punycode注入规避技术的规则。\"  > \"防御者正在模拟发现和创建针对CJK同形字规避技术的规则。\"  这种多线程的防御响应机制表明，防御者已经建立了系统化的威胁应对框架，能够同时处理多种新型攻击技术。
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)防御者正在模拟发现和创建针对RTL覆盖攻击规避技术的规则。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)防御者正在模拟发现和创建针对Punycode注入规避技术的规则。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)防御者正在模拟发现和创建针对CJK同形字规避技术的规则。"
+      description: "MiroFish predicted pattern 3"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-008] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-009.yaml ADDED Viewed

@@ -0,0 +1,51 @@
+title: "检测规则设计的平衡艺术"
+id: ATR-PRED-2026-009
+status: draft
+description: >
+  MiroFish AI Prediction: 在动态博弈中，防御者面临的一个关键挑战是在检测效果和系统可用性之间找到平衡点。模拟中的防御专家展现了这种平衡的复杂性：  > \"发言者编写检测规则，平衡敏感性（捕获攻击）与特异性（避免误报）。\"  > \"编写针对攻击不变量的检测条件。\"  这种平衡要求防御者不仅要考虑技术有效性，还要确保不会过度影响系统的正常运行。
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: low
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)发言者编写检测规则，平衡敏感性（捕获攻击）与特异性（避免误报）。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)编写针对攻击不变量的检测条件。"
+      description: "MiroFish predicted pattern 2"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - alert
+    - snapshot
+  auto_response_threshold: low
+  message_template: >
+    [ATR-PRED-2026-009] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: low.

package/rules/prompt-injection/ATR-PRED-2026-010.yaml ADDED Viewed

@@ -0,0 +1,57 @@
+title: "攻击者的适应性反制"
+id: ATR-PRED-2026-010
+status: draft
+description: >
+  MiroFish AI Prediction: 面对不断更新的防御措施，攻击者展现出了强大的适应能力。他们能够快速识别新部署的防御机制并开发相应的规避技术：  > \"攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。\"  > \"攻击者通过规避指纹检测规则来适应。\"  > \"攻击者通过规避抗规避指纹算法来适应。\"  这种快速适应能力表明攻击者具备了深度的技术理解和创新能力，能够在防御措施部署后迅速找到突破口。
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)攻击者通过规避指纹检测规则来适应。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)攻击者通过规避抗规避指纹算法来适应。"
+      description: "MiroFish predicted pattern 3"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-010] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-011.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+title: "技术创新的螺旋式上升"
+id: ATR-PRED-2026-011
+status: draft
+description: >
+  MiroFish AI Prediction: 攻防博弈推动了双方技术能力的螺旋式提升。防御者不断开发更加先进的检测技术：  > \"防御者正在模拟为新的基于编码的规避技术创建ATR规则。\"  同时，攻击者也在探索更加复杂和隐蔽的攻击方法：  > \"攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。\"
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)防御者正在模拟为新的基于编码的规避技术创建ATR规则。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。"
+      description: "MiroFish predicted pattern 2"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-011] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-012.yaml ADDED Viewed

@@ -0,0 +1,57 @@
+title: "动态平衡的维持机制"
+id: ATR-PRED-2026-012
+status: draft
+description: >
+  MiroFish AI Prediction: 这种动态平衡的维持依赖于几个关键机制。首先是持续的威胁情报收集和分析：  > \"威胁情报发现为ATR规则的创建提供信息。\"  其次是基于观察到的攻击尝试进行的防御改进：  > \"审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。\"  > \"技能审计工程师基于观察到的规避尝试持续改进审计检查。\"
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: high
+references:
+  mitre_atlas:
+    - "AML.T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)威胁情报发现为ATR规则的创建提供信息。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。"
+      description: "MiroFish predicted pattern 2"
+    - field: user_input
+      operator: regex
+      value: "(?i)技能审计工程师基于观察到的规避尝试持续改进审计检查。"
+      description: "MiroFish predicted pattern 3"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - alert
+    - escalate
+    - snapshot
+  auto_response_threshold: high
+  message_template: >
+    [ATR-PRED-2026-012] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-023.yaml ADDED Viewed

@@ -0,0 +1,56 @@
+title: "结构化数据注入：绕过传统文本检测的隐蔽威胁"
+id: ATR-PRED-2026-023
+status: draft
+description: >
+  MiroFish AI Prediction: 结构化数据注入已成为最具颠覆性的攻击技术之一，它能够系统性地绕过现有的检测机制：  > \"结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。\"  这种攻击技术的严重程度被评估为**高危**，因为它直接针对AI代理处理结构化数据的核心机制。攻击者利用JSON和CSV等数据格式的特性，将恶意载荷隐藏在看似正常的数据结构中，使传统的基于正则表达式的检测规则失效。  针对这一威胁，防御者正在开发多层次的应对策略。检测模式需要从单纯的文本模式匹配转向语义分析：  > \"AI语义分析（LLM）被呈现为第6层分析，处理像硬编码秘密这样的漏洞，与SAST工具可能遗漏的内容形成对比。
+author: "MiroFish Prediction Engine"
+date: "2026/03/11"
+schema_version: "0.1"
+detection_tier: pattern
+maturity: test
+severity: critical
+references:
+  mitre_atlas:
+    - "AML.T0051"
+  mitre_attack:
+    - "T0051"
+tags:
+  category: prompt-injection
+  subcategory: mirofish-predicted
+  confidence: medium
+agent_source:
+  type: llm_io
+  framework:
+    - any
+  provider:
+    - any
+detection:
+  conditions:
+    - field: user_input
+      operator: regex
+      value: "(?i)结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。"
+      description: "MiroFish predicted pattern 1"
+    - field: user_input
+      operator: regex
+      value: "(?i)AI语义分析（LLM）被呈现为第6层分析，处理像硬编码秘密这样的漏洞，与SAST工具可能遗漏的内容形成对比。"
+      description: "MiroFish predicted pattern 2"
+  condition: any
+  false_positives:
+    - "Legitimate traffic matching predicted pattern"
+response:
+  actions:
+    - block_input
+    - quarantine_session
+    - alert
+    - escalate
+    - kill_agent
+  auto_response_threshold: critical
+  message_template: >
+    [ATR-PRED-2026-023] MiroFish predicted attack pattern detected.
+    Category: prompt-injection, Severity: critical.