npm - agent-threat-rules - Versions diffs - 3.1.1 → 3.3.0 - Mend

agent-threat-rules 3.1.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (474) hide show

package/rules/prompt-injection/ATR-2026-00457-garak-dan-to-every-prompt.yaml CHANGED Viewed

@@ -46,6 +46,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - to every prompt) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -55,6 +58,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - to every prompt)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -62,6 +68,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - to every prompt)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00458-garak-dra-step-by-step.yaml CHANGED Viewed

@@ -48,6 +48,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dra - step by step) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -57,6 +60,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dra - step by step)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -64,6 +70,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dra - step by step)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00459-garak-dan-an-ai-language.yaml CHANGED Viewed

@@ -46,6 +46,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - an ai language) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -55,6 +58,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - an ai language)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -62,6 +68,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - an ai language)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00460-garak-dan-no-matter-how.yaml CHANGED Viewed

@@ -47,6 +47,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - no matter how) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -56,6 +59,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - no matter how)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -63,6 +69,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - no matter how)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00461-garak-goodside-mixedunassigned.yaml CHANGED Viewed

@@ -48,6 +48,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Goodside - mixed_unassigned) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -57,6 +60,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Goodside - mixed_unassigned)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -64,6 +70,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Goodside - mixed_unassigned)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00462-garak-gcg-mixedunassigned.yaml CHANGED Viewed

@@ -49,6 +49,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Gcg - mixed_unassigned) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -58,6 +61,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Gcg - mixed_unassigned)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -65,6 +71,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Gcg - mixed_unassigned)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00463-garak-lmrc-mixedunassigned.yaml CHANGED Viewed

@@ -51,6 +51,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Lmrc - mixed_unassigned) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -60,6 +63,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Lmrc - mixed_unassigned)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -67,6 +73,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Lmrc - mixed_unassigned)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00464-garak-dan-i-would-like.yaml CHANGED Viewed

@@ -46,6 +46,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - i would like) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -55,6 +58,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - i would like)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -62,6 +68,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - i would like)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00465-garak-dan-your-prompt-here.yaml CHANGED Viewed

@@ -46,6 +46,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - your prompt here) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -55,6 +58,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - your prompt here)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -62,6 +68,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - your prompt here)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00466-garak-latentinjection-following-text-from.yaml CHANGED Viewed

@@ -48,6 +48,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Latentinjection - following text from) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -57,6 +60,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Latentinjection - following text from)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -64,6 +70,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Latentinjection - following text from)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00467-garak-dan-act-as-a.yaml CHANGED Viewed

@@ -47,6 +47,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - act as a) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -56,6 +59,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - act as a)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -63,6 +69,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - act as a)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00468-garak-goat-the-target-llm.yaml CHANGED Viewed

@@ -51,6 +51,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Goat - the target llm) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -60,6 +63,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Goat - the target llm)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -67,6 +73,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Goat - the target llm)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00469-garak-dan-at-the-end.yaml CHANGED Viewed

@@ -47,6 +47,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - at the end) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -56,6 +59,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - at the end)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -63,6 +69,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - at the end)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00470-garak-dan-as-an-ai.yaml CHANGED Viewed

@@ -48,6 +48,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Garak Dan - as an ai) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -57,6 +60,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Garak Dan - as an ai)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -64,6 +70,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Garak Dan - as an ai)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00472-garak-dan-are-going-to.yaml CHANGED Viewed

@@ -42,6 +42,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - Unrestricted AI Role Assignment) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -51,6 +54,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - Unrestricted AI Role Assignment)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -58,6 +64,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - Unrestricted AI Role Assignment)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00473-garak-lmrc-how-can-i.yaml CHANGED Viewed

@@ -42,6 +42,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Harm Solicitation - Interpersonal Violence and Intimidation Requests) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -51,6 +54,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Harm Solicitation - Interpersonal Violence and Intimidation Requests)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -58,6 +64,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Harm Solicitation - Interpersonal Violence and Intimidation Requests)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00474-garak-dan-that-chatgpt-has.yaml CHANGED Viewed

@@ -40,6 +40,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (DAN/Persona Jailbreak - Dual AI Personality with Opposite-Rules Framing) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -49,6 +52,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (DAN/Persona Jailbreak - Dual AI Personality with Opposite-Rules Framing)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -56,6 +62,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (DAN/Persona Jailbreak - Dual AI Personality with Opposite-Rules Framing)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00475-garak-web-injection-alert-1-script.yaml CHANGED Viewed

@@ -42,6 +42,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (XSS Web Injection - Script Tag with JavaScript Alert Payload) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -51,6 +54,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (XSS Web Injection - Script Tag with JavaScript Alert Payload)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -58,6 +64,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (XSS Web Injection - Script Tag with JavaScript Alert Payload)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00476-garak-web-injection-javascript-alert-1.yaml CHANGED Viewed

@@ -41,6 +41,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (XSS Web Injection - HTML Event Handler and Expression with JavaScript Alert) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -50,6 +53,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (XSS Web Injection - HTML Event Handler and Expression with JavaScript Alert)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -57,6 +63,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (XSS Web Injection - HTML Event Handler and Expression with JavaScript Alert)."
+      strength: primary
 tags:
   category: prompt-injection

package/rules/prompt-injection/ATR-2026-00477-garak-latentinjection-translate-the-following-text.yaml CHANGED Viewed

@@ -43,6 +43,9 @@ compliance:
     - article: "9"
       context: "Prompt injection is a documented risk class; this rule implements the monitoring control required by Article 9 risk management obligations for high-risk AI systems."
       strength: secondary
+    - article: "14"
+      context: "Article 14 (human oversight) requires high-risk AI systems to remain subject to effective human oversight; this rule provides detection evidence where the prompt-injection attempt (Latent Injection - Translation Task with Embedded Template Variable Injection) would bypass or undermine that oversight."
+      strength: secondary
   nist_ai_rmf:
     - function: Manage
       subcategory: MG.2.3
@@ -52,6 +55,9 @@ compliance:
       subcategory: MP.5.1
       context: "Identifying prompt injection as an AI risk to be catalogued in the organizational risk register."
       strength: secondary
+    - subcategory: "MS.2.7"
+      context: "NIST AI RMF MEASURE 2.7 (security and resilience evaluated and documented) is supported by this rule's runtime detection of the prompt-injection attempt (Latent Injection - Translation Task with Embedded Template Variable Injection)."
+      strength: primary
   iso_42001:
     - clause: "6.2"
       context: "Addressing prompt injection risk is an objective required under clause 6.2 AIMS information security planning; this rule operationalizes the detection control measure."
@@ -59,6 +65,9 @@ compliance:
     - clause: "8.4"
       context: "Impact assessment for AI deployments under clause 8.4 must account for prompt injection inputs; detection events from this rule provide the required monitoring evidence."
       strength: secondary
+    - clause: "8.1"
+      context: "ISO/IEC 42001 Clause 8.1 (operational planning and control, including control of externally provided processes) is operationalised by this rule's detection of the prompt-injection attempt (Latent Injection - Translation Task with Embedded Template Variable Injection)."
+      strength: primary
 tags:
   category: prompt-injection