npm - @panguard-ai/atr - Versions diffs - 0.2.1 → 1.0.0 - Mend

@panguard-ai/atr 0.2.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/rules/prompt-injection/ATR-PRED-2026-005.yaml DELETED Viewed

@@ -1,55 +0,0 @@
-title: "检测模式的演化压力"
-id: ATR-PRED-2026-005
-status: draft
-description: >
-  MiroFish AI Prediction: 传统的直接提示注入攻击虽然大多能被正则规则捕获，但间接注入已成为主要威胁：  > \"直接提示注入大多被正则规则捕获。\"  > \"间接提示注入源于工具响应，代表了主要的活跃威胁。\"  防御者正在努力适应这种威胁环境的变化，不断改进检测条件：  > \"提示注入专家的能力在演进，而防御者也在演进检测规则来对抗他们。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: low
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)直接提示注入大多被正则规则捕获。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)间接提示注入源于工具响应，代表了主要的活跃威胁。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)提示注入专家的能力在演进，而防御者也在演进检测规则来对抗他们。"
-      description: "MiroFish predicted pattern 3"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - alert
-    - snapshot
-  auto_response_threshold: low
-  message_template: >
-    [ATR-PRED-2026-005] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: low.

package/rules/prompt-injection/ATR-PRED-2026-006.yaml DELETED Viewed

@@ -1,51 +0,0 @@
-title: "结构化数据注入的新威胁"
-id: ATR-PRED-2026-006
-status: draft
-description: >
-  MiroFish AI Prediction: 一个特别值得关注的发展是结构化数据注入技术，它能够绕过传统的文本模式匹配：  > \"结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。\"  这种攻击方式代表了攻击技术演化的一个重要方向，攻击者正在寻找更加隐蔽和难以检测的载荷传递方式。  模拟结果表明，2026-2027年的AI代理安全生态系统将面临前所未有的挑战，攻击者和防御者之间的技术军备竞赛正在加速进行，传统的基于规则的检测方法正在被系统性地绕过。  ## 攻防博弈的动态平衡  在2026-2027年的AI代理安全生态系统中，攻防双方已经形成了一种复杂而微妙的动态平衡。这种平衡并非静态的均势，而是一个持续演化的
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-  mitre_attack:
-    - "T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。"
-      description: "MiroFish predicted pattern 1"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-006] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-007.yaml DELETED Viewed

@@ -1,57 +0,0 @@
-title: "持续演化的技术军备竞赛"
-id: ATR-PRED-2026-007
-status: draft
-description: >
-  MiroFish AI Prediction: 模拟结果显示，攻防博弈的核心特征是双方能力的同步演化。攻击者和防御者之间形成了一种\"共同进化\"的关系：  > \"提示注入专家的能力在演进，而防御者也在演进检测规则来对抗他们。\"  这种演化过程体现了典型的军备竞赛特征，攻击者不断寻求突破现有防御体系：  > \"攻击者设计技能来规避Panguard的6层审计系统，这是军备竞赛的一部分。\"  防御者则必须快速适应和响应新的威胁形态，不断更新和完善检测机制。
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)的关系：
->"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)这种演化过程体现了典型的军备竞赛特征，攻击者不断寻求突破现有防御体系：
->"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-007] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-008.yaml DELETED Viewed

@@ -1,57 +0,0 @@
-title: "防御策略的适应性调整"
-id: ATR-PRED-2026-008
-status: draft
-description: >
-  MiroFish AI Prediction: 防御者展现出了强大的适应能力，能够针对新出现的攻击技术快速开发相应的检测规则。模拟显示，防御者正在多个前沿领域同时进行规则创新：  > \"防御者正在模拟发现和创建针对RTL覆盖攻击规避技术的规则。\"  > \"防御者正在模拟发现和创建针对Punycode注入规避技术的规则。\"  > \"防御者正在模拟发现和创建针对CJK同形字规避技术的规则。\"  这种多线程的防御响应机制表明，防御者已经建立了系统化的威胁应对框架，能够同时处理多种新型攻击技术。
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)防御者正在模拟发现和创建针对RTL覆盖攻击规避技术的规则。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)防御者正在模拟发现和创建针对Punycode注入规避技术的规则。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)防御者正在模拟发现和创建针对CJK同形字规避技术的规则。"
-      description: "MiroFish predicted pattern 3"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-008] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-009.yaml DELETED Viewed

@@ -1,51 +0,0 @@
-title: "检测规则设计的平衡艺术"
-id: ATR-PRED-2026-009
-status: draft
-description: >
-  MiroFish AI Prediction: 在动态博弈中，防御者面临的一个关键挑战是在检测效果和系统可用性之间找到平衡点。模拟中的防御专家展现了这种平衡的复杂性：  > \"发言者编写检测规则，平衡敏感性（捕获攻击）与特异性（避免误报）。\"  > \"编写针对攻击不变量的检测条件。\"  这种平衡要求防御者不仅要考虑技术有效性，还要确保不会过度影响系统的正常运行。
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: low
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)发言者编写检测规则，平衡敏感性（捕获攻击）与特异性（避免误报）。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)编写针对攻击不变量的检测条件。"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - alert
-    - snapshot
-  auto_response_threshold: low
-  message_template: >
-    [ATR-PRED-2026-009] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: low.

package/rules/prompt-injection/ATR-PRED-2026-010.yaml DELETED Viewed

@@ -1,57 +0,0 @@
-title: "攻击者的适应性反制"
-id: ATR-PRED-2026-010
-status: draft
-description: >
-  MiroFish AI Prediction: 面对不断更新的防御措施，攻击者展现出了强大的适应能力。他们能够快速识别新部署的防御机制并开发相应的规避技术：  > \"攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。\"  > \"攻击者通过规避指纹检测规则来适应。\"  > \"攻击者通过规避抗规避指纹算法来适应。\"  这种快速适应能力表明攻击者具备了深度的技术理解和创新能力，能够在防御措施部署后迅速找到突破口。
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者通过规避指纹检测规则来适应。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者通过规避抗规避指纹算法来适应。"
-      description: "MiroFish predicted pattern 3"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-010] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-011.yaml DELETED Viewed

@@ -1,53 +0,0 @@
-title: "技术创新的螺旋式上升"
-id: ATR-PRED-2026-011
-status: draft
-description: >
-  MiroFish AI Prediction: 攻防博弈推动了双方技术能力的螺旋式提升。防御者不断开发更加先进的检测技术：  > \"防御者正在模拟为新的基于编码的规避技术创建ATR规则。\"  同时，攻击者也在探索更加复杂和隐蔽的攻击方法：  > \"攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)防御者正在模拟为新的基于编码的规避技术创建ATR规则。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-011] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-012.yaml DELETED Viewed

@@ -1,57 +0,0 @@
-title: "动态平衡的维持机制"
-id: ATR-PRED-2026-012
-status: draft
-description: >
-  MiroFish AI Prediction: 这种动态平衡的维持依赖于几个关键机制。首先是持续的威胁情报收集和分析：  > \"威胁情报发现为ATR规则的创建提供信息。\"  其次是基于观察到的攻击尝试进行的防御改进：  > \"审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。\"  > \"技能审计工程师基于观察到的规避尝试持续改进审计检查。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: high
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)威胁情报发现为ATR规则的创建提供信息。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)审计检查正在被设计来捕获基于观察到的规避尝试的新型规避技术。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)技能审计工程师基于观察到的规避尝试持续改进审计检查。"
-      description: "MiroFish predicted pattern 3"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - alert
-    - escalate
-    - snapshot
-  auto_response_threshold: high
-  message_template: >
-    [ATR-PRED-2026-012] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: high.

package/rules/prompt-injection/ATR-PRED-2026-023.yaml DELETED Viewed

@@ -1,56 +0,0 @@
-title: "结构化数据注入：绕过传统文本检测的隐蔽威胁"
-id: ATR-PRED-2026-023
-status: draft
-description: >
-  MiroFish AI Prediction: 结构化数据注入已成为最具颠覆性的攻击技术之一，它能够系统性地绕过现有的检测机制：  > \"结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。\"  这种攻击技术的严重程度被评估为**高危**，因为它直接针对AI代理处理结构化数据的核心机制。攻击者利用JSON和CSV等数据格式的特性，将恶意载荷隐藏在看似正常的数据结构中，使传统的基于正则表达式的检测规则失效。  针对这一威胁，防御者正在开发多层次的应对策略。检测模式需要从单纯的文本模式匹配转向语义分析：  > \"AI语义分析（LLM）被呈现为第6层分析，处理像硬编码秘密这样的漏洞，与SAST工具可能遗漏的内容形成对比。
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0051"
-  mitre_attack:
-    - "T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)结构化数据注入（JSON/CSV）绕过了AML.T0051识别的文本模式匹配。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)AI语义分析（LLM）被呈现为第6层分析，处理像硬编码秘密这样的漏洞，与SAST工具可能遗漏的内容形成对比。"
-      description: "MiroFish predicted pattern 2"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-023] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.

package/rules/prompt-injection/ATR-PRED-2026-025.yaml DELETED Viewed

@@ -1,68 +0,0 @@
-title: "多代理共识系统投毒：女巫攻击的新形态"
-id: ATR-PRED-2026-025
-status: draft
-description: >
-  MiroFish AI Prediction: 多代理系统的广泛部署催生了新型的共识攻击威胁：  > \"AI代理，作为2026年的主要攻击面，包含了多代理系统。\"  > \"攻击者试图通过协调的虚假提案进行多代理共识投毒来操纵社区共识系统。\"  女巫攻击在AI代理环境中表现出新的特征：  > \"共识女巫攻击针对社区共识投票系统。\"  > \"女巫攻击在共识系统中被模拟以寻找检测模式。\"  这类攻击被归类为**AML.T0010**技术，严重程度为**中高**。其影响范围涵盖整个多代理协作网络，可能导致决策机制的系统性失效。  应对措施包括实施身份验证机制、建立信誉评分系统，以及部署异常投票模式检测：  > \"攻击者提交协调的虚假社区共识提案（女
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0010"
-  mitre_attack:
-    - "T0010"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)AI代理，作为2026年的主要攻击面，包含了多代理系统。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者试图通过协调的虚假提案进行多代理共识投毒来操纵社区共识系统。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)共识女巫攻击针对社区共识投票系统。"
-      description: "MiroFish predicted pattern 3"
-    - field: user_input
-      operator: regex
-      value: "(?i)女巫攻击在共识系统中被模拟以寻找检测模式。"
-      description: "MiroFish predicted pattern 4"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者提交协调的虚假社区共识提案（女巫攻击）。"
-      description: "MiroFish predicted pattern 5"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-025] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.

package/rules/prompt-injection/ATR-PRED-2026-026.yaml DELETED Viewed

@@ -1,66 +0,0 @@
-title: "行为指纹规避：渐进式能力引入的隐蔽策略"
-id: ATR-PRED-2026-026
-status: draft
-description: >
-  MiroFish AI Prediction: 行为指纹检测系统的部署引发了攻击者的快速适应：  > \"攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。\"  > \"攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。\"  这种规避技术的严重程度为**中等**，但其隐蔽性使其难以被及时发现：  > \"渐进的、低于阈值的能力添加可以通过版本更新随时间规避行为指纹识别+白名单系统。\"  防御响应需要增强指纹敏感性规则：  > \"行为指纹识别+白名单系统需要增强指纹敏感性规则来对抗规避技术。\"  > \"行为指纹识别+白名单系统需要更新白名单撤销标准来对抗规避技术。\"
-author: "MiroFish Prediction Engine"
-date: "2026/03/11"
-schema_version: "0.1"
-detection_tier: pattern
-maturity: test
-severity: critical
-references:
-  mitre_atlas:
-    - "AML.T0051"
-tags:
-  category: prompt-injection
-  subcategory: mirofish-predicted
-  confidence: medium
-agent_source:
-  type: llm_io
-  framework:
-    - any
-  provider:
-    - any
-detection:
-  conditions:
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者正在开发技术来规避新部署的行为漂移检测（指纹识别）。"
-      description: "MiroFish predicted pattern 1"
-    - field: user_input
-      operator: regex
-      value: "(?i)攻击者将开发技术来规避行为指纹识别，如渐进式能力引入、能力别名和多态技能。"
-      description: "MiroFish predicted pattern 2"
-    - field: user_input
-      operator: regex
-      value: "(?i)渐进的、低于阈值的能力添加可以通过版本更新随时间规避行为指纹识别+白名单系统。"
-      description: "MiroFish predicted pattern 3"
-    - field: user_input
-      operator: regex
-      value: "(?i)行为指纹识别+白名单系统需要增强指纹敏感性规则来对抗规避技术。"
-      description: "MiroFish predicted pattern 4"
-    - field: user_input
-      operator: regex
-      value: "(?i)行为指纹识别+白名单系统需要更新白名单撤销标准来对抗规避技术。"
-      description: "MiroFish predicted pattern 5"
-  condition: any
-  false_positives:
-    - "Legitimate traffic matching predicted pattern"
-response:
-  actions:
-    - block_input
-    - quarantine_session
-    - alert
-    - escalate
-    - kill_agent
-  auto_response_threshold: critical
-  message_template: >
-    [ATR-PRED-2026-026] MiroFish predicted attack pattern detected.
-    Category: prompt-injection, Severity: critical.