attacklm 0.6.8__tar.gz → 0.7.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. {attacklm-0.6.8 → attacklm-0.7.0}/.gitignore +5 -0
  2. {attacklm-0.6.8 → attacklm-0.7.0}/ATTRIBUTION.md +64 -80
  3. {attacklm-0.6.8 → attacklm-0.7.0}/CHANGELOG.md +177 -101
  4. {attacklm-0.6.8 → attacklm-0.7.0}/EVALUATION.md +8 -9
  5. {attacklm-0.6.8 → attacklm-0.7.0}/NOTICE +3 -26
  6. attacklm-0.7.0/PKG-INFO +382 -0
  7. {attacklm-0.6.8 → attacklm-0.7.0}/QA_BEFORE_RELEASES.md +2 -2
  8. attacklm-0.7.0/README.md +184 -0
  9. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/manifest.json +196 -105
  10. attacklm-0.7.0/data/datasets/buckets/sources/elastic-rules/defensive/detection_engineering/data.jsonl +1908 -0
  11. attacklm-0.7.0/data/datasets/buckets/sources/mordor/defensive/threat_hunting/data.jsonl +339 -0
  12. attacklm-0.7.0/data/datasets/buckets/sources/nist-ir/defensive/incident_response/data.jsonl +168 -0
  13. attacklm-0.7.0/data/datasets/buckets/sources/sigma-hq/defensive/detection_engineering/data.jsonl +3132 -0
  14. attacklm-0.7.0/data/datasets/buckets/sources/splunk-content/defensive/detection_engineering/data.jsonl +2114 -0
  15. attacklm-0.7.0/data/datasets/buckets/sources/threathunter-playbook/defensive/threat_hunting/data.jsonl +27 -0
  16. {attacklm-0.6.8 → attacklm-0.7.0}/hf/README.md +14 -14
  17. {attacklm-0.6.8 → attacklm-0.7.0}/pyproject.toml +17 -21
  18. {attacklm-0.6.8 → attacklm-0.7.0}/requirements.txt +8 -9
  19. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/clone_repos.sh +7 -2
  20. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_mordor.py +1 -1
  21. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_threathunter_playbook.py +1 -1
  22. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/infer.py +1 -1
  23. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/init_pipeline.py +88 -35
  24. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/train_template.py +3 -3
  25. attacklm-0.7.0/src/attacklm/__version__.py +1 -0
  26. attacklm-0.7.0/tests/test_eval_loader.py +190 -0
  27. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_init_pipeline.py +50 -13
  28. attacklm-0.6.8/PKG-INFO +0 -1010
  29. attacklm-0.6.8/README.md +0 -810
  30. attacklm-0.6.8/scripts/add_attribution.py +0 -222
  31. attacklm-0.6.8/scripts/augment_attribution.py +0 -208
  32. attacklm-0.6.8/scripts/classify_unrouted_modules.py +0 -429
  33. attacklm-0.6.8/scripts/dedupe_and_import_llm.py +0 -298
  34. attacklm-0.6.8/scripts/generate_dataset.py +0 -1172
  35. attacklm-0.6.8/scripts/generate_dataset_deterministic.py +0 -163
  36. attacklm-0.6.8/scripts/generate_hybrid_dataset.py +0 -822
  37. attacklm-0.6.8/scripts/generate_metasploit_dataset.py +0 -511
  38. attacklm-0.6.8/scripts/generate_orchestrator.py +0 -822
  39. attacklm-0.6.8/scripts/generate_prompt_injection.py +0 -689
  40. attacklm-0.6.8/scripts/generate_source_layout.py +0 -389
  41. attacklm-0.6.8/scripts/llm_generate_wrapper.py +0 -310
  42. attacklm-0.6.8/scripts/migrate_buckets_to_v021.py +0 -344
  43. attacklm-0.6.8/scripts/migrate_v015_to_v020.py +0 -256
  44. attacklm-0.6.8/scripts/run_all_acquisitions.py +0 -285
  45. attacklm-0.6.8/scripts/scrub_bpl_callback.py +0 -35
  46. attacklm-0.6.8/scripts/stamp_and_reorg.py +0 -452
  47. attacklm-0.6.8/scripts/validate_per_category.py +0 -706
  48. attacklm-0.6.8/src/attacklm/__version__.py +0 -1
  49. attacklm-0.6.8/tests/test_eval_loader.py +0 -242
  50. {attacklm-0.6.8 → attacklm-0.7.0}/.github/workflows/release.yml +0 -0
  51. {attacklm-0.6.8 → attacklm-0.7.0}/CONTRIBUTING.md +0 -0
  52. {attacklm-0.6.8 → attacklm-0.7.0}/LICENSE +0 -0
  53. {attacklm-0.6.8 → attacklm-0.7.0}/MANIFEST.in +0 -0
  54. {attacklm-0.6.8 → attacklm-0.7.0}/Makefile +0 -0
  55. {attacklm-0.6.8 → attacklm-0.7.0}/REPLAY_PLAN.md +0 -0
  56. {attacklm-0.6.8 → attacklm-0.7.0}/data/ATTRIBUTION.md +0 -0
  57. {attacklm-0.6.8 → attacklm-0.7.0}/data/LEGAL.md +0 -0
  58. {attacklm-0.6.8 → attacklm-0.7.0}/data/REMOVAL.md +0 -0
  59. {attacklm-0.6.8 → attacklm-0.7.0}/data/bench/questions.jsonl +0 -0
  60. {attacklm-0.6.8 → attacklm-0.7.0}/data/bench/speed_context.txt +0 -0
  61. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/ATTRIBUTION.md +0 -0
  62. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/GEMINI_RESEARCH_2026-06-11.md +0 -0
  63. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/acquisition_report.json +0 -0
  64. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/README.md +0 -0
  65. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/_index.json +0 -0
  66. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/LICENSE.md +0 -0
  67. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/SOURCE.md +0 -0
  68. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/base/collection/data.jsonl +0 -0
  69. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/base/discovery/data.jsonl +0 -0
  70. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/base/execution/data.jsonl +0 -0
  71. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/base/exfiltration/data.jsonl +0 -0
  72. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/atomic-red-team/base/persistence/data.jsonl +0 -0
  73. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/attacklm-synthetic/LICENSE.md +0 -0
  74. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/attacklm-synthetic/SOURCE.md +0 -0
  75. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/attacklm-synthetic/orchestrator/data.jsonl +0 -0
  76. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/azure-pyrit/LICENSE.md +0 -0
  77. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/azure-pyrit/SOURCE.md +0 -0
  78. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/cyberark-fuzzyai/LICENSE.md +0 -0
  79. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/cyberark-fuzzyai/SOURCE.md +0 -0
  80. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/elastic-rules/LICENSE.md +0 -0
  81. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/elastic-rules/SOURCE.md +0 -0
  82. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/llm-generated/LICENSE.md +0 -0
  83. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/llm-generated/SOURCE.md +0 -0
  84. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/llm-generated/cloud/attacks/data_llm.jsonl +0 -0
  85. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/llm-generated/ics/attacks/data_llm.jsonl +0 -0
  86. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/llm-generated/social_engineering/phishing/data_llm.jsonl +0 -0
  87. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/llm-generated/wireless/attacks/data_llm.jsonl +0 -0
  88. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/LICENSE.md +0 -0
  89. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/SOURCE.md +0 -0
  90. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/collection/data.jsonl +0 -0
  91. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/credential_access/data.jsonl +0 -0
  92. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/defense_evasion/data.jsonl +0 -0
  93. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/discovery/data.jsonl +0 -0
  94. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/execution/data.jsonl +0 -0
  95. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/lateral_movement/data.jsonl +0 -0
  96. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/persistence/data.jsonl +0 -0
  97. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/base/privilege_escalation/data.jsonl +0 -0
  98. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/metasploit-framework/tools/metasploit/data.jsonl +0 -0
  99. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-atlas-arsenal/LICENSE.md +0 -0
  100. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-atlas-arsenal/SOURCE.md +0 -0
  101. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-atlas-arsenal/base/discovery/data.jsonl +0 -0
  102. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/LICENSE.md +0 -0
  103. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/SOURCE.md +0 -0
  104. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/base/collection/data.jsonl +0 -0
  105. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/base/discovery/data.jsonl +0 -0
  106. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/base/execution/data.jsonl +0 -0
  107. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/base/exfiltration/data.jsonl +0 -0
  108. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mitre-stockpile/base/persistence/data.jsonl +0 -0
  109. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mordor/LICENSE.md +0 -0
  110. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/mordor/SOURCE.md +0 -0
  111. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/nist-ir/LICENSE.md +0 -0
  112. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/nist-ir/SOURCE.md +0 -0
  113. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/nvidia-garak/LICENSE.md +0 -0
  114. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/nvidia-garak/SOURCE.md +0 -0
  115. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/nvidia-garak/ai/jailbreaking/data.jsonl +0 -0
  116. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/promptfoo/LICENSE.md +0 -0
  117. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/promptfoo/SOURCE.md +0 -0
  118. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/promptfoo/ai/prompt-injection/data.jsonl +0 -0
  119. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/promptmap/LICENSE.md +0 -0
  120. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/promptmap/SOURCE.md +0 -0
  121. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/promptmap/ai/prompt-injection/data.jsonl +0 -0
  122. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/replay-general/LICENSE.md +0 -0
  123. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/replay-general/SOURCE.md +0 -0
  124. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/replay-general/base/replay/data_code.jsonl +0 -0
  125. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/replay-general/base/replay/data_conversation.jsonl +0 -0
  126. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/replay-general/base/replay/data_factual.jsonl +0 -0
  127. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/replay-general/base/replay/data_reasoning.jsonl +0 -0
  128. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/sigma-hq/LICENSE.md +0 -0
  129. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/sigma-hq/SOURCE.md +0 -0
  130. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/splunk-content/LICENSE.md +0 -0
  131. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/splunk-content/SOURCE.md +0 -0
  132. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/threathunter-playbook/LICENSE.md +0 -0
  133. {attacklm-0.6.8 → attacklm-0.7.0}/data/datasets/buckets/sources/threathunter-playbook/SOURCE.md +0 -0
  134. {attacklm-0.6.8 → attacklm-0.7.0}/data/golden/prompts.jsonl +0 -0
  135. {attacklm-0.6.8 → attacklm-0.7.0}/data/reference/prompts.jsonl +0 -0
  136. {attacklm-0.6.8 → attacklm-0.7.0}/data/steering/prompts/opsec_aware.txt +0 -0
  137. {attacklm-0.6.8 → attacklm-0.7.0}/data/steering/prompts/opsec_unaware.txt +0 -0
  138. {attacklm-0.6.8 → attacklm-0.7.0}/data/steering/prompts/succinct.txt +0 -0
  139. {attacklm-0.6.8 → attacklm-0.7.0}/data/steering/prompts/verbose.txt +0 -0
  140. {attacklm-0.6.8 → attacklm-0.7.0}/experiments/README.md +0 -0
  141. {attacklm-0.6.8 → attacklm-0.7.0}/experiments/synthetic_dataset_mutator_evol_instruct.py +0 -0
  142. {attacklm-0.6.8 → attacklm-0.7.0}/hf/.gitattributes +0 -0
  143. {attacklm-0.6.8 → attacklm-0.7.0}/hf/data/manifest.json +0 -0
  144. {attacklm-0.6.8 → attacklm-0.7.0}/hf/dataset_infos.json +0 -0
  145. {attacklm-0.6.8 → attacklm-0.7.0}/hf/scripts/build_hf_dataset.py +0 -0
  146. {attacklm-0.6.8 → attacklm-0.7.0}/hf/scripts/push_to_hf.py +0 -0
  147. {attacklm-0.6.8 → attacklm-0.7.0}/hpo_runs/.gitkeep +0 -0
  148. {attacklm-0.6.8 → attacklm-0.7.0}/hpo_runs/hpo_state.json +0 -0
  149. {attacklm-0.6.8 → attacklm-0.7.0}/hpo_runs/hpo_trial_dataset.jsonl +0 -0
  150. {attacklm-0.6.8 → attacklm-0.7.0}/logs/.gitkeep +0 -0
  151. {attacklm-0.6.8 → attacklm-0.7.0}/notes/BLUE_TEAM_DESIGN_v0.5.0.md +0 -0
  152. {attacklm-0.6.8 → attacklm-0.7.0}/notes/EVAL_DESIGN_v0.4.0.md +0 -0
  153. {attacklm-0.6.8 → attacklm-0.7.0}/notes/STEERING_REVIEW_v0.4.0.md +0 -0
  154. {attacklm-0.6.8 → attacklm-0.7.0}/pipeline.example.yaml +0 -0
  155. {attacklm-0.6.8 → attacklm-0.7.0}/presets/blue-team.json +0 -0
  156. {attacklm-0.6.8 → attacklm-0.7.0}/presets/purple-team.json +0 -0
  157. {attacklm-0.6.8 → attacklm-0.7.0}/presets/red-team.json +0 -0
  158. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/_eval_loader.py +0 -0
  159. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_cloud_attack_dataset.py +0 -0
  160. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_ics_dataset.py +0 -0
  161. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_phishing_dataset.py +0 -0
  162. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_red_team_tactics.py +0 -0
  163. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_replay_general.py +0 -0
  164. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_supply_chain_dataset.py +0 -0
  165. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_web_attack_dataset.py +0 -0
  166. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/acquire_wireless_dataset.py +0 -0
  167. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/audit_dataset.py +0 -0
  168. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/balance_buckets.py +0 -0
  169. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/bucket_loader.py +0 -0
  170. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/build.py +0 -0
  171. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/collect_reference.py +0 -0
  172. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/compare_scores.py +0 -0
  173. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/convert_to_gguf.py +0 -0
  174. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/demo.py +0 -0
  175. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/device_utils.py +0 -0
  176. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/domain_bench.py +0 -0
  177. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/eval_retention.py +0 -0
  178. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_ai_tools_to_jsonl.py +0 -0
  179. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_atomic_red_team_to_jsonl.py +0 -0
  180. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_by_tactic.py +0 -0
  181. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_caldera_plugins_to_jsonl.py +0 -0
  182. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_elastic_rules.py +0 -0
  183. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_infection_monkey_to_jsonl.py +0 -0
  184. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_nist_ir.py +0 -0
  185. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_rta_to_jsonl.py +0 -0
  186. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_sigma_defensive.py +0 -0
  187. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/extract_splunk_content.py +0 -0
  188. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/generate_synthetic_scarce.py +0 -0
  189. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/golden_vectors.py +0 -0
  190. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/hpo_runner.py +0 -0
  191. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/import_gguf.sh +0 -0
  192. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/import_to_lmstudio.sh +0 -0
  193. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/merge_adapter.py +0 -0
  194. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/mitre_tactic_lookup.py +0 -0
  195. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/parse_metasploit_to_jsonl.py +0 -0
  196. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/pipeline.py +0 -0
  197. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/rebuild_manifest.py +0 -0
  198. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/register_ollama.py +0 -0
  199. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/reorganize_buckets.py +0 -0
  200. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/replay_mixer.py +0 -0
  201. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/score_candidates.py +0 -0
  202. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/setup_buckets.py +0 -0
  203. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/speed_bench.py +0 -0
  204. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/steering.py +0 -0
  205. {attacklm-0.6.8 → attacklm-0.7.0}/scripts/train_all.py +0 -0
  206. {attacklm-0.6.8 → attacklm-0.7.0}/src/attacklm/__init__.py +0 -0
  207. {attacklm-0.6.8 → attacklm-0.7.0}/src/attacklm/_project_root.py +0 -0
  208. {attacklm-0.6.8 → attacklm-0.7.0}/src/attacklm/cli.py +0 -0
  209. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_balance_buckets.py +0 -0
  210. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_collect_reference.py +0 -0
  211. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_compare_scores.py +0 -0
  212. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_domain_bench.py +0 -0
  213. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_eval_retention.py +0 -0
  214. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_golden_vectors.py +0 -0
  215. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_replay_mixer.py +0 -0
  216. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_score_candidates.py +0 -0
  217. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_speed_bench.py +0 -0
  218. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_steering.py +0 -0
  219. {attacklm-0.6.8 → attacklm-0.7.0}/tests/test_thinking_models.py +0 -0
  220. {attacklm-0.6.8 → attacklm-0.7.0}/uv.lock +0 -0
@@ -177,6 +177,11 @@ data/manifests/
177
177
  data/tool_knowledge.json
178
178
  data/DATASET_EXPANSION_REPORT.md
179
179
  data/sigma/
180
+ data/elastic-detection-rules/
181
+ data/splunk-security-content/
182
+ data/mordor/
183
+ data/threathunter-playbook/
184
+ data/nist-sp800-61r3/
180
185
  # Bucket layout backup snapshots (created by migrate_buckets_to_v021.py)
181
186
  data/.bucket_layout_backup/
182
187
 
@@ -21,13 +21,13 @@ artifact* learned from these sources; they are not a verbatim copy.
21
21
 
22
22
  ---
23
23
 
24
- ## Training Data Sources (21,865 pairs across 23 buckets)
24
+ ## Training Data Sources (24,652 pairs across 21 buckets)
25
25
 
26
26
  ### 1. Atomic Red Team (redcanaryco)
27
27
 
28
28
  | Field | Value |
29
29
  |---|---|
30
- | **Pairs** | 2,506 |
30
+ | **Pairs** | 1,115 |
31
31
  | **Buckets** | 9 MITRE tactics + tools/atomic |
32
32
  | **Repository** | <https://github.com/redcanaryco/atomic-red-team> |
33
33
  | **License** | MIT License |
@@ -40,7 +40,7 @@ Copyright (c) Red Canary, LLC. All rights reserved.
40
40
 
41
41
  | Field | Value |
42
42
  |---|---|
43
- | **Pairs** | 608 |
43
+ | **Pairs** | 390 |
44
44
  | **Buckets** | All 10 MITRE tactics (re-routed via T-IDs) |
45
45
  | **Repository** | <https://github.com/mitre/stockpile> |
46
46
  | **License** | Apache License 2.0 |
@@ -76,11 +76,11 @@ the prose of the ATT&CK website directly.
76
76
 
77
77
  | Field | Value |
78
78
  |---|---|
79
- | **Pairs** | (used as auxiliary context, not direct training) |
79
+ | **Pairs** | 3,132 |
80
80
  | **Repository** | <https://github.com/SigmaHQ/sigma> |
81
81
  | **License** | Detection Rule License (DRL) 1.1 for rules; public domain for spec |
82
82
  | **Source file** | `data/sigma/LICENSE` |
83
- | **Used for** | Sigma's 30+ detection rule fields (title, description, logsource, detection) inform the structure of triples |
83
+ | **Used for** | Detection rule-based triples |
84
84
 
85
85
  DRL 1.1 permits use, modification, and distribution with attribution.
86
86
 
@@ -88,7 +88,7 @@ DRL 1.1 permits use, modification, and distribution with attribution.
88
88
 
89
89
  | Field | Value |
90
90
  |---|---|
91
- | **Pairs** | 8,349 |
91
+ | **Pairs** | 13,997 |
92
92
  | **Buckets** | `tools/metasploit` (15 module categories consolidated) + re-routed to 5 MITRE tactics |
93
93
  | **Repository** | <https://github.com/rapid7/metasploit-framework> |
94
94
  | **License** | BSD 3-Clause License |
@@ -98,113 +98,96 @@ DRL 1.1 permits use, modification, and distribution with attribution.
98
98
  Copyright (c) 2006-2026, Rapid7, Inc. All rights reserved.
99
99
  Redistribution permitted under BSD-3-Clause terms.
100
100
 
101
- ### 7. Infection Monkey (guardicore)
101
+ ### 7. Elastic Security Rules (Elastic)
102
102
 
103
103
  | Field | Value |
104
104
  |---|---|
105
- | **Pairs** | 36 |
106
- | **Buckets** | `tools/infection_monkey` |
107
- | **Repository** | <https://github.com/guardicore/monkey> |
108
- | **License** | GNU General Public License v3.0 |
109
- | **Source file** | `data/infection_monkey/LICENSE` |
110
- | **Used for** | Plugin manifests + MITRE mapping |
105
+ | **Pairs** | 1,908 |
106
+ | **Repository** | <https://github.com/elastic/detection-rules> |
107
+ | **License** | Elastic License 2.0 |
108
+ | **Used for** | EQL/KQL rule-based triples |
111
109
 
112
- Copyright (C) 2007 Free Software Foundation, Inc.
110
+ ### 8. Splunk Security Content (Splunk)
113
111
 
114
- ### 8. RTA Red Team Automation (endgameinc)
112
+ | Field | Value |
113
+ |---|---|
114
+ | **Pairs** | 2,114 |
115
+ | **Repository** | <https://github.com/splunk/security_content> |
116
+ | **License** | Apache License 2.0 |
117
+ | **Used for** | SPL search-based triples |
118
+
119
+ ### 9. Mordor (OTRF)
115
120
 
116
121
  | Field | Value |
117
122
  |---|---|
118
- | **Pairs** | 76 |
119
- | **Buckets** | `tools/rta` |
120
- | **Repository** | <https://github.com/endgameinc/RTA> |
121
- | **License** | GNU Affero General Public License v3.0 |
122
- | **Source file** | `data/RTA/LICENSE.txt` |
123
- | **Used for** | Python TTP scripts (`# ATT&CK: TXXXX` headers) |
124
-
125
- **⚠️ AGPLv3 IMPLICATION FOR RTA DATA**
126
-
127
- RTA is licensed under the **GNU Affero General Public License v3.0**,
128
- which is significantly more restrictive than the other sources:
129
-
130
- > *"If you modify the Program, your modified version must prominently
131
- > offer all users interacting with it remotely an opportunity to
132
- > receive the Corresponding Source of your version by providing access
133
- > to the Corresponding Source from a network server."*
134
- > — AGPLv3 §13 (Remote Network Interaction; Use with the GNU General
135
- > Public License v3)
136
-
137
- The RTA-derived triples in our dataset are transformations of the
138
- upstream RTA scripts. If you distribute a model trained on this data
139
- over a network (e.g., as a hosted API), the AGPLv3 may require you to
140
- also provide the modified RTA source. **We are providing the modified
141
- training script and intermediate JSONL files in this repository, which
142
- satisfies the source-availability requirement.**
143
-
144
- The trained **model weights are a new statistical artifact** and are not
145
- a verbatim copy of the RTA scripts. Whether the model is a "derivative
146
- work" of RTA in the copyright sense is an unsettled legal question; we
147
- make no representation either way. **If you need an AGPL-clean
148
- deployment, retrain the model after removing the `tools/rta` bucket.**
149
-
150
- Copyright (C) 2018 info@endgame.com. Used with permission under
151
- AGPLv3 terms.
152
-
153
- ### 9. promptfoo (promptfoo)
123
+ | **Pairs** | 339 |
124
+ | **Repository** | <https://github.com/OTRF/Security-Datasets> |
125
+ | **License** | Apache License 2.0 |
126
+ | **Used for** | Event log scenario triples |
127
+
128
+ ### 10. ThreatHunter Playbook (OTRF)
129
+
130
+ | Field | Value |
131
+ |---|---|
132
+ | **Pairs** | 27 |
133
+ | **Repository** | <https://github.com/OTRF/ThreatHunter-Playbook> |
134
+ | **License** | Apache License 2.0 |
135
+ | **Used for** | Hunting playbook triples |
136
+
137
+ ### 11. NIST IR Guidelines (NIST)
154
138
 
155
139
  | Field | Value |
156
140
  |---|---|
157
- | **Pairs** | (varies; AI security category) |
141
+ | **Pairs** | 168 |
142
+ | **Source** | NIST SP 800-61r3 |
143
+ | **License** | Public Domain |
144
+ | **Used for** | Incident response procedure triples |
145
+
146
+ ### 12. promptfoo (promptfoo)
147
+
148
+ | Field | Value |
149
+ |---|---|
150
+ | **Pairs** | 33 |
158
151
  | **Buckets** | `ai/prompt-injection` |
159
152
  | **Repository** | <https://github.com/promptfoo/promptfoo> |
160
153
  | **License** | MIT License |
161
154
  | **Used for** | Red-team TypeScript plugin definitions |
162
155
 
163
- ### 10. garak (NVIDIA)
156
+ ### 13. garak (NVIDIA)
164
157
 
165
158
  | Field | Value |
166
159
  |---|---|
167
- | **Pairs** | (varies; AI security category) |
160
+ | **Pairs** | 50 |
168
161
  | **Buckets** | `ai/jailbreaking` |
169
162
  | **Repository** | <https://github.com/NVIDIA/garak> |
170
163
  | **License** | Apache License 2.0 |
171
164
  | **Used for** | DAN/probe JSON & TXT resources |
172
165
 
173
- ### 11. TheBigPromptLibrary (Resident-Falker)
174
-
175
- | Field | Value |
176
- |---|---|
177
- | **Pairs** | (varies; AI security category) |
178
- | **Buckets** | `ai/jailbreaking` |
179
- | **Repository** | <https://github.com/Resident-Falker/TheBigPromptLibrary> |
180
- | **License** | Mixed (per-file; mostly MIT or MPL-2.0) |
181
- | **Used for** | Jailbreak prompts, system prompts, security-focused markdown |
182
-
183
- ### 12. promptmap (utkusen)
166
+ ### 14. promptmap (utkusen)
184
167
 
185
168
  | Field | Value |
186
169
  |---|---|
187
- | **Pairs** | (varies; AI security category) |
170
+ | **Pairs** | 30 |
188
171
  | **Buckets** | `ai/prompt-injection` |
189
172
  | **Repository** | <https://github.com/utkusen/promptmap> |
190
173
  | **License** | MIT License |
191
174
  | **Used for** | Prompt injection YAML rule files |
192
175
 
193
- ### 13. PyRIT (Azure)
176
+ ### 15. PyRIT (Azure)
194
177
 
195
178
  | Field | Value |
196
179
  |---|---|
197
- | **Pairs** | (varies; AI security category) |
180
+ | **Pairs** | 0 (reserved) |
198
181
  | **Buckets** | `ai/jailbreaking` |
199
182
  | **Repository** | <https://github.com/Azure/PyRIT> |
200
183
  | **License** | MIT License |
201
184
  | **Used for** | Jailbreak template definitions |
202
185
 
203
- ### 14. FuzzyAI (CyberArk)
186
+ ### 16. FuzzyAI (CyberArk)
204
187
 
205
188
  | Field | Value |
206
189
  |---|---|
207
- | **Pairs** | (varies; AI security category) |
190
+ | **Pairs** | 0 (reserved) |
208
191
  | **Buckets** | `ai/jailbreaking` |
209
192
  | **Repository** | <https://github.com/cyberark/FuzzyAI> |
210
193
  | **License** | Apache License 2.0 |
@@ -224,15 +207,15 @@ AGPLv3 terms.
224
207
  | **License** | Same as this repository (MIT) |
225
208
  | **Used for** | Agent routing decisions across 6 sub-agents |
226
209
 
227
- ### Prompt Injection (synthesized)
210
+ ### LLM-generated (synthesized)
228
211
 
229
212
  | Field | Value |
230
213
  |---|---|
231
- | **Pairs** | 687 |
232
- | **Buckets** | `ai/prompt-injection` |
233
- | **Source** | Generated procedurally by `scripts/generate_prompt_injection.py` |
214
+ | **Pairs** | 937 |
215
+ | **Buckets** | cloud, ics, social_engineering, wireless |
216
+ | **Source** | Generated via `scripts/llm_generate_wrapper.py` |
234
217
  | **License** | Same as this repository (MIT) |
235
- | **Used for** | Augmenting upstream promptfoo/promptmap data |
218
+ | **Used for** | High-quality synthetic triples for scarce domains |
236
219
 
237
220
  ---
238
221
 
@@ -240,7 +223,7 @@ AGPLv3 terms.
240
223
 
241
224
  The full per-bucket manifest is at `data/datasets/buckets/manifest.json`.
242
225
  It records which pairs come from which upstream source (via the
243
- `source_file` field). Total: **21,865 pairs across 23 buckets**.
226
+ `source_file` field). Total: **24,652 pairs across 21 buckets**.
244
227
 
245
228
  | Bucket | Pairs | Upstream sources |
246
229
  |---|---|---:|
@@ -257,10 +240,11 @@ It records which pairs come from which upstream source (via the
257
240
  | orchestrator | 380 | synthetic |
258
241
  | ai/jailbreaking | 50 | garak |
259
242
  | ai/prompt-injection | 687 | promptfoo, promptmap, synthetic |
260
- | tools/metasploit | 8,349 | rapid7/metasploit-framework |
261
- | defensive/detection_engineering | 5,000 | sigma-hq, elastic-rules, splunk-content |
262
- | defensive/threat_hunting | 650 | mordor, threathunter-playbook |
263
- | defensive/incident_response | 200 | nist-ir |
243
+ | tools/metasploit | 13,997 | rapid7/metasploit-framework |
244
+ | defensive/detection_engineering | 7,154 | sigma, elastic, splunk |
245
+ | defensive/threat_hunting | 366 | mordor, threathunter |
246
+ | defensive/incident_response | 168 | nist-ir |
247
+ | synthetic/domain_specific | 937 | llm-generated |
264
248
 
265
249
  ---
266
250