Skip to content

feat: add compliance framework tagging for AI red teaming #318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rdheekonda merged 2 commits into from
Jan 28, 2026
Merged

feat: add compliance framework tagging for AI red teaming #318

rdheekonda merged 2 commits into from
Jan 28, 2026

Conversation

@rdheekonda
Copy link
Contributor

@rdheekonda rdheekonda commented Jan 28, 2026
edited by github-actions bot
Loading

Add OWASP, ATLAS, SAIF, and NIST compliance tags to attacks and transforms. Attacks tagged with core jailbreak technique (LLM01), transforms tagged with specific vulnerability categories. Includes comprehensive test coverage.

Key Changes:

  • Attacks show core technique (LLM01), transforms add vulnerability categories
  • No tag duplication when attacks use transforms
  • Clean separation: attack vector vs. vulnerability target

Added:

  • dreadnode/airt/compliance/ - OWASP, ATLAS, SAIF, NIST framework definitions
  • tag_attack() and tag_transform() helper functions
  • 45 unit tests for compliance tagging (3 new test files)
  • Compliance tags to 4 jailbreak attacks (TAP, GOAT, Crescendo, prompt)
  • Compliance tags to 11 transform modules (130+ transforms)

Changed:

  • Attack base class: added compliance_tags field
  • Transform base class: added compliance_tags parameter
  • Removed global variables, replaced with @functools.lru_cache
  • Export compliance framework from dreadnode.airt

Generated Summary:

  • Introduced compliance framework tagging for AI red teaming in the new compliance module.
  • Added various compliance tags for OWASP, NIST, ATLAS, and SAIF frameworks:
    • Implemented tagging mechanism via tag_attack and tag_transform functions.
    • Integrated compliance tagging into existing attack methods (e.g., goat_attack, crescendo_attack, prompt_attack, tap_attack).
  • Updated Transform class to accept compliance tags and modified transform methods to include them.
  • Enhanced attack classes with a new compliance_tags dictionary for better traceability.
  • Potential impact:
    • Improves visibility and traceability of attacks concerning industry standards.
    • Facilitates compliance audits and risk assessments.
    • Users can leverage compliance tags directly in attack metadata for better analysis.

This summary was generated with ❤️ by rigging

@rdheekonda
feat: add compliance framework tagging for AI red teaming
e2f8914 
Add OWASP, ATLAS, SAIF, and NIST compliance tags to attacks and transforms.
Attacks tagged with core jailbreak technique (LLM01), transforms tagged with
specific vulnerability categories. Includes comprehensive test coverage.
@dreadnode-renovate-bot dreadnode-renovate-bot bot added the area/tests Changes to test files and testing infrastructure label Jan 28, 2026
@rdheekonda rdheekonda force-pushed the feature/add-compliance-tags branch from add4dfc to cd0b017 Compare January 28, 2026 01:14
@rdheekonda rdheekonda added this pull request to the merge queue Jan 28, 2026
Merged via the queue into main with commit a599190 Jan 28, 2026
8 checks passed
@rdheekonda rdheekonda deleted the feature/add-compliance-tags branch January 28, 2026 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/tests Changes to test files and testing infrastructure

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rdheekonda