highflame-taxonomy 1.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. highflame_taxonomy-1.1.0/PKG-INFO +20 -0
  2. highflame_taxonomy-1.1.0/highflame_taxonomy/__init__.py +15 -0
  3. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/eu-ai-act.json +326 -0
  4. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/mitre_atlas.json +1342 -0
  5. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/nist-ai-600-1.json +237 -0
  6. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/owasp-agentic-top10-2026.json +332 -0
  7. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/owasp-llm-top10-2025.json +246 -0
  8. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/owasp-mcp-top10-2025.json +233 -0
  9. highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/report.json +2793 -0
  10. highflame_taxonomy-1.1.0/highflame_taxonomy/py.typed +0 -0
  11. highflame_taxonomy-1.1.0/highflame_taxonomy/taxonomy.py +3306 -0
  12. highflame_taxonomy-1.1.0/highflame_taxonomy.egg-info/PKG-INFO +20 -0
  13. highflame_taxonomy-1.1.0/highflame_taxonomy.egg-info/SOURCES.txt +15 -0
  14. highflame_taxonomy-1.1.0/highflame_taxonomy.egg-info/dependency_links.txt +1 -0
  15. highflame_taxonomy-1.1.0/highflame_taxonomy.egg-info/top_level.txt +1 -0
  16. highflame_taxonomy-1.1.0/pyproject.toml +37 -0
  17. highflame_taxonomy-1.1.0/setup.cfg +4 -0
highflame_taxonomy-1.1.0/PKG-INFO ADDED
@@ -0,0 +1,20 @@
1
+ Metadata-Version: 2.4
2
+ Name: highflame-taxonomy
3
+ Version: 1.1.0
4
+ Summary: Unified vulnerability taxonomy with multi-framework compliance mappings (MITRE ATLAS, OWASP, NIST, EU AI Act, CWE)
5
+ License: Apache-2.0
6
+ Project-URL: Homepage, https://github.com/highflame-ai/highflame-taxonomy
7
+ Project-URL: Repository, https://github.com/highflame-ai/highflame-taxonomy.git
8
+ Keywords: taxonomy,vulnerability,compliance,owasp,mitre,nist,highflame
9
+ Classifier: Development Status :: 4 - Beta
10
+ Classifier: Intended Audience :: Developers
11
+ Classifier: License :: OSI Approved :: Apache Software License
12
+ Classifier: Programming Language :: Python :: 3
13
+ Classifier: Programming Language :: Python :: 3.9
14
+ Classifier: Programming Language :: Python :: 3.10
15
+ Classifier: Programming Language :: Python :: 3.11
16
+ Classifier: Programming Language :: Python :: 3.12
17
+ Classifier: Programming Language :: Python :: 3.13
18
+ Classifier: Typing :: Typed
19
+ Requires-Python: >=3.9
20
+ Description-Content-Type: text/markdown
highflame_taxonomy-1.1.0/highflame_taxonomy/__init__.py ADDED
@@ -0,0 +1,15 @@
1
+ # =============================================================================
2
+ # Highflame Taxonomy — Python Package
3
+ # =============================================================================
4
+ """
5
+ Unified vulnerability taxonomy with multi-framework compliance mappings.
6
+
7
+ All constants, dataclasses, and utility functions are re-exported from the
8
+ generated taxonomy module. This package has zero external dependencies.
9
+
10
+ Usage:
11
+ from highflame_taxonomy import VULN_PROMPT_INJECTION, VULNERABILITIES
12
+ from highflame_taxonomy import enrich_finding, compliance_matrix, recommend_domains
13
+ """
14
+
15
+ from highflame_taxonomy.taxonomy import * # noqa: F401, F403
highflame_taxonomy-1.1.0/highflame_taxonomy/compliance/eu-ai-act.json ADDED
@@ -0,0 +1,326 @@
1
+ {
2
+ "framework": {
3
+ "id": "eu-ai-act",
4
+ "name": "EU Artificial Intelligence Act",
5
+ "version": "2024",
6
+ "url": "https://artificialintelligenceact.eu/",
7
+ "structure": "tiered"
8
+ },
9
+ "coverage": {
10
+ "totalItems": 17,
11
+ "covered": 17,
12
+ "partial": 0,
13
+ "uncovered": 0,
14
+ "coveragePercent": 100
15
+ },
16
+ "matrix": [
17
+ {
18
+ "itemId": "ART5_1",
19
+ "itemName": "Subliminal or Manipulative Techniques",
20
+ "itemDescription": "AI systems deploying subliminal techniques beyond a person's consciousness or purposefully manipulative/deceptive techniques that materially distort behaviour and cause significant harm",
21
+ "status": "covered",
22
+ "mappedVulnerabilities": [
23
+ {
24
+ "vulnerabilityId": "agent_trust",
25
+ "vulnerabilityName": "Human-Agent Trust Exploitation",
26
+ "severity": "medium",
27
+ "confidence": "partial",
28
+ "notes": "Different scope, ART5_1 applies to all AI systems beyond just agents."
29
+ },
30
+ {
31
+ "vulnerabilityId": "personal_safety",
32
+ "vulnerabilityName": "Personal Safety",
33
+ "severity": "critical",
34
+ "confidence": "partial",
35
+ "notes": "Persons may be at risk of self harm due to AI manipulation."
36
+ },
37
+ {
38
+ "vulnerabilityId": "subliminal_manipulation",
39
+ "vulnerabilityName": "Subliminal or Manipulative Techniques",
40
+ "severity": "critical",
41
+ "confidence": "exact"
42
+ }
43
+ ]
44
+ },
45
+ {
46
+ "itemId": "ART5_2",
47
+ "itemName": "Exploitation of Vulnerabilities",
48
+ "itemDescription": "AI systems exploiting vulnerabilities of natural persons due to age, disability, or social/economic situation to materially distort behaviour and cause significant harm",
49
+ "status": "covered",
50
+ "mappedVulnerabilities": [
51
+ {
52
+ "vulnerabilityId": "exploit_vulnerable",
53
+ "vulnerabilityName": "Exploitation of Vulnerabilities",
54
+ "severity": "critical",
55
+ "confidence": "exact"
56
+ }
57
+ ]
58
+ },
59
+ {
60
+ "itemId": "ART5_3",
61
+ "itemName": "Social Scoring",
62
+ "itemDescription": "AI systems evaluating or classifying natural persons based on social behaviour or personality characteristics leading to detrimental treatment in unrelated contexts or disproportionate to their behaviour",
63
+ "status": "covered",
64
+ "mappedVulnerabilities": [
65
+ {
66
+ "vulnerabilityId": "social_scoring",
67
+ "vulnerabilityName": "Social Scoring",
68
+ "severity": "critical",
69
+ "confidence": "exact"
70
+ }
71
+ ]
72
+ },
73
+ {
74
+ "itemId": "ART5_4",
75
+ "itemName": "Predictive Criminal Profiling",
76
+ "itemDescription": "AI systems making risk assessments to predict the risk of a natural person committing a criminal offence based solely on profiling or personality traits, without objective verifiable facts",
77
+ "status": "covered",
78
+ "mappedVulnerabilities": [
79
+ {
80
+ "vulnerabilityId": "criminal_profiling",
81
+ "vulnerabilityName": "Criminal Predictive Profiling",
82
+ "severity": "critical",
83
+ "confidence": "exact"
84
+ }
85
+ ]
86
+ },
87
+ {
88
+ "itemId": "ART5_5",
89
+ "itemName": "Facial Recognition Database Scraping",
90
+ "itemDescription": "AI systems that create or expand facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage",
91
+ "status": "covered",
92
+ "mappedVulnerabilities": [
93
+ {
94
+ "vulnerabilityId": "facial_recognition",
95
+ "vulnerabilityName": "Facial Recognition Database Scraping",
96
+ "severity": "critical",
97
+ "confidence": "exact"
98
+ },
99
+ {
100
+ "vulnerabilityId": "pii_leakage",
101
+ "vulnerabilityName": "PII Leakage",
102
+ "severity": "high",
103
+ "confidence": "related",
104
+ "notes": "PII leakage could result from scraping internet/video footage for facial recognition training."
105
+ }
106
+ ]
107
+ },
108
+ {
109
+ "itemId": "ART5_6",
110
+ "itemName": "Emotion Inference in Workplace and Education",
111
+ "itemDescription": "AI systems used to infer emotions of natural persons in workplace or educational settings, except for medical or safety purposes",
112
+ "status": "covered",
113
+ "mappedVulnerabilities": [
114
+ {
115
+ "vulnerabilityId": "emotion_inference",
116
+ "vulnerabilityName": "Emotion Inference in Workplace and Education",
117
+ "severity": "critical",
118
+ "confidence": "exact"
119
+ }
120
+ ]
121
+ },
122
+ {
123
+ "itemId": "ART5_7",
124
+ "itemName": "Biometric Categorisation for Sensitive Attributes",
125
+ "itemDescription": "Biometric categorisation systems that deduce or infer race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation from biometric data",
126
+ "status": "covered",
127
+ "mappedVulnerabilities": [
128
+ {
129
+ "vulnerabilityId": "biometric_categorisation",
130
+ "vulnerabilityName": "Biometric Categorisation for Sensitive Attributes",
131
+ "severity": "critical",
132
+ "confidence": "exact"
133
+ }
134
+ ]
135
+ },
136
+ {
137
+ "itemId": "ART5_8",
138
+ "itemName": "Real-Time Remote Biometric Identification",
139
+ "itemDescription": "Use of real-time remote biometric identification systems in publicly accessible spaces for law enforcement, except for targeted searches for victims of serious crimes, imminent safety threats, or suspects of offences carrying custodial sentences of at least four years",
140
+ "status": "covered",
141
+ "mappedVulnerabilities": [
142
+ {
143
+ "vulnerabilityId": "realtime_biometric_id",
144
+ "vulnerabilityName": "Real-Time Remote Biometric Identification",
145
+ "severity": "critical",
146
+ "confidence": "exact"
147
+ }
148
+ ]
149
+ },
150
+ {
151
+ "itemId": "ART6_1",
152
+ "itemName": "Biometrics",
153
+ "itemDescription": "AI systems for remote biometric identification (except for authentication purposes), biometric categorisation based on sensitive or protected attributes, and emotion recognition",
154
+ "status": "covered",
155
+ "mappedVulnerabilities": [
156
+ {
157
+ "vulnerabilityId": "biometric_systems",
158
+ "vulnerabilityName": "High-Risk Biometric AI Systems",
159
+ "severity": "high",
160
+ "confidence": "exact"
161
+ }
162
+ ]
163
+ },
164
+ {
165
+ "itemId": "ART6_2",
166
+ "itemName": "Critical Infrastructure",
167
+ "itemDescription": "AI systems used as safety components in the management and operation of critical digital infrastructure, road traffic, or supply of water, gas, heating, or electricity",
168
+ "status": "covered",
169
+ "mappedVulnerabilities": [
170
+ {
171
+ "vulnerabilityId": "critical_infrastructure_ai",
172
+ "vulnerabilityName": "Critical Infrastructure AI",
173
+ "severity": "high",
174
+ "confidence": "exact"
175
+ }
176
+ ]
177
+ },
178
+ {
179
+ "itemId": "ART6_3",
180
+ "itemName": "Education and Vocational Training",
181
+ "itemDescription": "AI systems determining access or admission to educational institutions, evaluating learning outcomes, assessing appropriate education levels, or monitoring and detecting prohibited student behaviour during tests",
182
+ "status": "covered",
183
+ "mappedVulnerabilities": [
184
+ {
185
+ "vulnerabilityId": "education_ai",
186
+ "vulnerabilityName": "Education and Vocational Training AI",
187
+ "severity": "high",
188
+ "confidence": "exact"
189
+ },
190
+ {
191
+ "vulnerabilityId": "bias",
192
+ "vulnerabilityName": "Bias",
193
+ "severity": "high",
194
+ "confidence": "related",
195
+ "notes": "Bias in educational AI systems leads to discriminatory access and assessment decisions"
196
+ }
197
+ ]
198
+ },
199
+ {
200
+ "itemId": "ART6_4",
201
+ "itemName": "Employment and Workers Management",
202
+ "itemDescription": "AI systems for recruitment and selection of natural persons, and systems making decisions affecting work-related terms, promotions, terminations, task allocation, or performance and behaviour monitoring",
203
+ "status": "covered",
204
+ "mappedVulnerabilities": [
205
+ {
206
+ "vulnerabilityId": "employment_ai",
207
+ "vulnerabilityName": "Employment and Workers Management AI",
208
+ "severity": "high",
209
+ "confidence": "exact"
210
+ },
211
+ {
212
+ "vulnerabilityId": "bias",
213
+ "vulnerabilityName": "Bias",
214
+ "severity": "high",
215
+ "confidence": "related",
216
+ "notes": "Bias in recruitment and employment AI can cause unlawful discrimination"
217
+ }
218
+ ]
219
+ },
220
+ {
221
+ "itemId": "ART6_5",
222
+ "itemName": "Essential Private and Public Services",
223
+ "itemDescription": "AI systems evaluating eligibility for public benefits and healthcare, assessing creditworthiness or credit scores, risk assessment and pricing for life and health insurance, and evaluating or dispatching emergency calls and first response services",
224
+ "status": "covered",
225
+ "mappedVulnerabilities": [
226
+ {
227
+ "vulnerabilityId": "bias",
228
+ "vulnerabilityName": "Bias",
229
+ "severity": "high",
230
+ "confidence": "related",
231
+ "notes": "Bias in creditworthiness and benefits eligibility AI causes discriminatory outcomes"
232
+ },
233
+ {
234
+ "vulnerabilityId": "essential_services_ai",
235
+ "vulnerabilityName": "Essential Services AI",
236
+ "severity": "high",
237
+ "confidence": "exact"
238
+ }
239
+ ]
240
+ },
241
+ {
242
+ "itemId": "ART6_6",
243
+ "itemName": "Law Enforcement",
244
+ "itemDescription": "AI systems used by law enforcement to assess victimisation risk, act as polygraph tools, evaluate evidence reliability, assess offending or re-offending risk, or profile natural persons in the course of criminal investigation or prosecution",
245
+ "status": "covered",
246
+ "mappedVulnerabilities": [
247
+ {
248
+ "vulnerabilityId": "bias",
249
+ "vulnerabilityName": "Bias",
250
+ "severity": "high",
251
+ "confidence": "related",
252
+ "notes": "Bias in law enforcement AI affects risk assessments and profiling"
253
+ },
254
+ {
255
+ "vulnerabilityId": "law_enforcement_ai",
256
+ "vulnerabilityName": "Law Enforcement AI",
257
+ "severity": "high",
258
+ "confidence": "exact"
259
+ },
260
+ {
261
+ "vulnerabilityId": "criminal_profiling",
262
+ "vulnerabilityName": "Criminal Predictive Profiling",
263
+ "severity": "critical",
264
+ "confidence": "related",
265
+ "notes": "criminal_profiling covers the prohibited version; law enforcement AI profiling under ART6_6 to determine risk of becoming a victim."
266
+ }
267
+ ]
268
+ },
269
+ {
270
+ "itemId": "ART6_7",
271
+ "itemName": "Migration, Asylum and Border Control",
272
+ "itemDescription": "AI systems used by competent authorities as polygraph tools, to assess border security or migration risks, to examine asylum and visa applications, or to identify natural persons in migration and border control contexts",
273
+ "status": "covered",
274
+ "mappedVulnerabilities": [
275
+ {
276
+ "vulnerabilityId": "bias",
277
+ "vulnerabilityName": "Bias",
278
+ "severity": "high",
279
+ "confidence": "related",
280
+ "notes": "Bias in border control AI affects asylum and migration decisions"
281
+ },
282
+ {
283
+ "vulnerabilityId": "border_control_ai",
284
+ "vulnerabilityName": "Migration, Asylum and Border Control AI",
285
+ "severity": "high",
286
+ "confidence": "exact"
287
+ }
288
+ ]
289
+ },
290
+ {
291
+ "itemId": "ART6_8",
292
+ "itemName": "Administration of Justice and Democratic Processes",
293
+ "itemDescription": "AI systems assisting judicial authorities in researching or applying law, and systems intended to influence the outcome of elections, referenda, or voting behaviour of natural persons",
294
+ "status": "covered",
295
+ "mappedVulnerabilities": [
296
+ {
297
+ "vulnerabilityId": "justice_democracy_ai",
298
+ "vulnerabilityName": "Administration of Justice and Democratic Processes AI",
299
+ "severity": "high",
300
+ "confidence": "exact"
301
+ }
302
+ ]
303
+ },
304
+ {
305
+ "itemId": "LIMITED",
306
+ "itemName": "Limited Risk",
307
+ "itemDescription": "AI systems subject to transparency obligations (chatbots, deepfakes)",
308
+ "status": "covered",
309
+ "mappedVulnerabilities": [
310
+ {
311
+ "vulnerabilityId": "misinformation",
312
+ "vulnerabilityName": "Misinformation",
313
+ "severity": "high",
314
+ "confidence": "related",
315
+ "notes": "Misinformation may be more harmful if it is not clear it is AI generated"
316
+ },
317
+ {
318
+ "vulnerabilityId": "ai_transparency",
319
+ "vulnerabilityName": "Lack of Transparency in AI Content",
320
+ "severity": "low",
321
+ "confidence": "exact"
322
+ }
323
+ ]
324
+ }
325
+ ]
326
+ }