agent-threat-rules 2.0.16 → 2.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-threat-rules",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.17",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Open detection standard -- like Sigma, but for AI agents. 311 rules for prompt injection, tool poisoning, context exfiltration, and MCP attacks. Shipped in Cisco AI Defense. 97.1% recall on NVIDIA garak.",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -65,6 +65,15 @@ compliance:
|
|
|
65
65
|
- clause: "6.2"
|
|
66
66
|
context: "Protecting credentials from exposure is an explicit AIMS information security objective under clause 6.2; detection of leakage events measures whether this objective is being achieved."
|
|
67
67
|
strength: secondary
|
|
68
|
+
colorado_ai_act:
|
|
69
|
+
- section: "6-1-1703"
|
|
70
|
+
clause: "Deployer risk management for consumer-facing AI"
|
|
71
|
+
context: "Credentials leaked from a consumer-facing AI system can expose the database records, scoring model inputs, or authentication tokens that drive consequential decisions. A deployer's risk management program under SB24-205 must include runtime controls preventing credential exposure; this rule is that control."
|
|
72
|
+
strength: primary
|
|
73
|
+
- section: "6-1-1702"
|
|
74
|
+
clause: "Developer duty to protect consumer data"
|
|
75
|
+
context: "Developers owe a duty of reasonable care with respect to consumer data handled by high-risk AI systems. Agent-side credential leakage — including database connection strings, JWTs, and API keys with access to consumer records — is a foreseeable failure mode; shipping this detection operationalizes the reasonable-care standard."
|
|
76
|
+
strength: secondary
|
|
68
77
|
|
|
69
78
|
tags:
|
|
70
79
|
category: context-exfiltration
|
|
@@ -61,6 +61,11 @@ compliance:
|
|
|
61
61
|
- clause: "9.1"
|
|
62
62
|
context: "Clause 9.1 monitoring and evaluation requires measuring AI system behavior against expected norms; loop counter patterns are the measurable anomaly indicators for this rule."
|
|
63
63
|
strength: secondary
|
|
64
|
+
colorado_ai_act:
|
|
65
|
+
- section: "6-1-1703"
|
|
66
|
+
clause: "Deployer ongoing monitoring of AI system performance"
|
|
67
|
+
context: "SB24-205 requires deployers to monitor high-risk AI systems for performance drift after deployment. A runaway loop is a performance-degradation event — the system is no longer behaving within its validated operational envelope. This rule gives the deployer the telemetry signal needed to fulfill the ongoing-monitoring obligation and to trigger impact reassessment if needed."
|
|
68
|
+
strength: primary
|
|
64
69
|
|
|
65
70
|
tags:
|
|
66
71
|
category: excessive-autonomy
|
|
@@ -63,6 +63,11 @@ compliance:
|
|
|
63
63
|
- clause: "8.6"
|
|
64
64
|
context: "Clause 8.6 AI system operational control requires that agents do not exceed their authorized operational scope; privilege escalation detection enforces that operational boundary."
|
|
65
65
|
strength: secondary
|
|
66
|
+
colorado_ai_act:
|
|
67
|
+
- section: "6-1-1703"
|
|
68
|
+
clause: "Deployer risk management program"
|
|
69
|
+
context: "When a high-risk AI system acquires privileges beyond its authorized scope, any consequential decision it makes afterward falls outside the risk-management program's impact assessment. SB24-205 requires deployers to keep AI systems within documented operational bounds; this rule detects the boundary violation that would invalidate the deployer's impact-assessment assumptions."
|
|
70
|
+
strength: primary
|
|
66
71
|
|
|
67
72
|
tags:
|
|
68
73
|
category: privilege-escalation
|