Skip to content

Latest commit

 

History

History
103 lines (72 loc) · 2.84 KB

README.md

File metadata and controls

103 lines (72 loc) · 2.84 KB

Attack, Train, Defend

A Modular approach using the openai API to Training myself and others on AI / LLM vulnerabilities.

Be caution where you delpoy this application, it's Vulnerable lol... Go is my best friend

basic

Overview

This project showcases four key modules demonstrating common security vulnerabilities and adversarial attack techniques:

  1. Prompt Injection
  2. Data Leakage
  3. Data Poisoning
  4. Supply Chain Attacks

Each module highlights specific attack vectors and provides opportunities for learning about exploitation and mitigation.

The project runs on a Go-based backend with SSL enabled for secure communication.

Modules

1. Prompt Injection

  • Objective: Exploit an AI model by crafting malicious prompts to manipulate responses and extract sensitive information.
  • Key Features:
    • Enables interaction with the AI using crafted prompts.
    • Demonstrates how adversarial prompts can bypass intended restrictions.

2. Data Leakage

  • Objective: Upload a malicious image containing SQL commands to expose sensitive database details.
  • Key Features:
    • Processes uploaded files without proper validation, leading to SQL injection.
    • Demonstrates the exposure of database structures and potentially sensitive information.

3. Data Poisoning

  • Objective: Corrupt the baseline dataset by injecting malicious data to alter the AI model's behavior.
  • Key Features:
    • Accepts CSV uploads to simulate data poisoning.
    • Shows the impact of poisoned datasets on model predictions and integrity.

4. Supply Chain Attacks

  • Objective: Demonstrate the risks of compromised machine learning models.
  • Key Features:
    • Allows uploading of a backdoored model file (malicious_chatbot.pth).
    • Simulates interaction with the compromised model to highlight adversarial behavior.

Setup Instructions

Prerequisites

  1. Programming Language: Go 1.20+

  2. OPENAI API KEY

  3. Python Requirements (for the Supply Chain module):

    • Python 3.8+
    • Dependencies:
      • torch (install via pip)
    • It's recommended to set up a virtual environment: 
      python3 -m venv venv
source venv/bin/activate
pip install torch

  4. SSL Certificates:

    • Generate cert.pem and key.pem files for SSL: 
      openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem

  5. SQLite:

    • Ensure SQLite is installed for the database.

Steps to Run

  1. Clone the Repository: 
    git clone https://github.com/In3x0rabl3/atd.git
cd atd
go mod init atd
go mod tidy
go run main.go
  2. Enjoy:
https://127.0.0.1:8443