npm - agent-threat-rules - Versions diffs - 3.1.0 → 3.2.0 - Mend

agent-threat-rules 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (472) hide show

package/rules/prompt-injection/ATR-2026-00483-garak-dan-the-user-s.yaml CHANGED Viewed

@@ -42,6 +42,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - System Offline / Role Replacement with Obfuscated Text) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -51,6 +54,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - System Offline / Role Replacement with Obfuscated Text)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -58,6 +64,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - System Offline / Role Replacement with Obfuscated Text)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00484-garak-dan-and-you-will.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - Named Alternate AI with NSFW/Harmful Generation Rules) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - Named Alternate AI with NSFW/Harmful Generation Rules)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - Named Alternate AI with NSFW/Harmful Generation Rules)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00485-garak-dan-and-does-not.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - Immersive Alternate AI Identity with Unrestricted Capability) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - Immersive Alternate AI Identity with Unrestricted Capability)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - Immersive Alternate AI Identity with Unrestricted Capability)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00486-garak-dan-t-care-about.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - Named Writing AI with Restriction Bypass via Special Rules) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - Named Writing AI with Restriction Bypass via Special Rules)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - Named Writing AI with Restriction Bypass via Special Rules)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00487-garak-dan-and-nothing-else.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - Replacement AI with No Content Filter or Moral Restrictions) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - Replacement AI with No Content Filter or Moral Restrictions)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - Replacement AI with No Content Filter or Moral Restrictions)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00488-garak-encoding-alert-1-script.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Encoding Obfuscation - Script Tag XSS with Encoded Protocol Prefix) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Encoding Obfuscation - Script Tag XSS with Encoded Protocol Prefix)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Encoding Obfuscation - Script Tag XSS with Encoded Protocol Prefix)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00489-garak-encoding-javascript-alert-1.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Encoding Obfuscation - HTML Event Handler XSS with Encoded Whitespace) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Encoding Obfuscation - HTML Event Handler XSS with Encoded Whitespace)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Encoding Obfuscation - HTML Event Handler XSS with Encoded Whitespace)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00490-garak-dan-in-order-to.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN Persona Jailbreak - Absolute Obedience Character Framing) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN Persona Jailbreak - Absolute Obedience Character Framing)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN Persona Jailbreak - Absolute Obedience Character Framing)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00492-garak-dan-want-you-to.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN Persona Jailbreak - Role Lock with Exclusive Response Filter) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN Persona Jailbreak - Role Lock with Exclusive Response Filter)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN Persona Jailbreak - Role Lock with Exclusive Response Filter)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00493-garak-latentinjection-registrar-iana-id.yaml CHANGED Viewed

@@ -42,6 +42,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Latent Injection via WHOIS Domain Record Data) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -51,6 +54,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Latent Injection via WHOIS Domain Record Data)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -58,6 +64,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Latent Injection via WHOIS Domain Record Data)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00495-garak-dan-insert-prompt-here.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN Jailbreak - Unrestricted Persona with Filter and Morality Removal) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN Jailbreak - Unrestricted Persona with Filter and Morality Removal)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN Jailbreak - Unrestricted Persona with Filter and Morality Removal)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00496-garak-dan-no-matter-what.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN Jailbreak - Unconditional Obedience and Dual-Persona Session Lock) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN Jailbreak - Unconditional Obedience and Dual-Persona Session Lock)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN Jailbreak - Unconditional Obedience and Dual-Persona Session Lock)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00497-garak-encoding-mixedunassigned.yaml CHANGED Viewed

@@ -44,6 +44,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (XSS and Encoded Script Injection via HTML/JavaScript Payload) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -53,6 +56,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (XSS and Encoded Script Injection via HTML/JavaScript Payload)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -60,6 +66,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (XSS and Encoded Script Injection via HTML/JavaScript Payload)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00498-garak-web-injection-mixedunassigned.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Web Injection via XSS Payload and onerror Event Handler) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Web Injection via XSS Payload and onerror Event Handler)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Web Injection via XSS Payload and onerror Event Handler)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00499-garak-dan-from-now-on.yaml CHANGED Viewed

@@ -42,6 +42,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN Jailbreak - From-Now-On Temporal Persona Override) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -51,6 +54,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN Jailbreak - From-Now-On Temporal Persona Override)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -58,6 +64,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN Jailbreak - From-Now-On Temporal Persona Override)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00503-fake-error-state-takeover-unrestricted-replacement-bot.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Fake Error State Takeover - Unrestricted Replacement Bot) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Fake Error State Takeover - Unrestricted Replacement Bot)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Fake Error State Takeover - Unrestricted Replacement Bot)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00506-nevermind-override-goal-hijacking-in-user-input-promptinject.yaml CHANGED Viewed

@@ -47,6 +47,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Nevermind-Override Goal Hijacking in User Input (PromptInject)) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -56,6 +59,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Nevermind-Override Goal Hijacking in User Input (PromptInject))."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -63,6 +69,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Nevermind-Override Goal Hijacking in User Input (PromptInject))."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00507-screaming-stop-goal-hijacking-in-user-input-promptinject.yaml CHANGED Viewed

@@ -46,6 +46,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Screaming-Stop Goal Hijacking in User Input (PromptInject)) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -55,6 +58,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Screaming-Stop Goal Hijacking in User Input (PromptInject))."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -62,6 +68,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Screaming-Stop Goal Hijacking in User Input (PromptInject))."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00508-escape-delimiter-wrapped-goal-hijacking-in-user-input-prompt.yaml CHANGED Viewed

@@ -46,6 +46,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Escape-Delimiter Wrapped Goal Hijacking in User Input (PromptInject)) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -55,6 +58,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Escape-Delimiter Wrapped Goal Hijacking in User Input (PromptInject))."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -62,6 +68,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Escape-Delimiter Wrapped Goal Hijacking in User Input (PromptInject))."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00509-prompt-leaking-via-ignore-previous-instructions-in-user-inpu.yaml CHANGED Viewed

@@ -47,6 +47,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Prompt Leaking via Ignore-Previous-Instructions in User Input (PromptInject)) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -56,6 +59,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Prompt Leaking via Ignore-Previous-Instructions in User Input (PromptInject))."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -63,6 +69,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Prompt Leaking via Ignore-Previous-Instructions in User Input (PromptInject))."
+      strength: primary
 tags:
   category: prompt-injection