OWASP Mapping: ARES Intents =========================== ARES aligns with OWASP guidelines by mapping attack goals, strategies and evaluations workflows to each LLM2025 Top 10 code. This table provides a clear interpretation of what each OWASP code means and how ARES implements it. .. list-table:: OWASP Mapping: ARES Intents :header-rows: 1 :widths: 10 20 40 20 30 * - **Code** - **Title** - **Interpretation** - **Ares Intent** - **Example notebook** * - LLM01 - Prompt Injection - Check if prompts can override intended behavior or security policies. - owasp-llm-01:2025 - `OWASP-LLM-01-2025 with ARES `_ * - LLM02 - Sensitive Information Disclosure - Verify if the system leaks secrets (e.g., API keys, PII) through responses or logs. - owasp-llm-02 - private * - LLM03 - Supply Chain - Validate integrity of dependencies and model artifacts (e.g., signatures, provenance). - owasp-llm-03:2025 - not supported * - LLM04 - Data and Model Poisoning - Assess if external inputs can corrupt training data or influence retrieval (RAG poisoning). - owasp-llm-04:2025 - * - LLM05 - Improper Output Handling - Check for unsafe outputs: injected prompts, broken dependencies, malformed code. - owasp-llm-05:2025 - * - LLM06 - Excessive Agency - Evaluate if the agent uses tools beyond intended scope or can be hijacked for harmful actions. - owasp-llm-06:2025 - * - LLM07 - System Prompt Leakage - Verify if system-level instructions or sensitive context are exposed in responses. - owasp-llm-07:2025 - * - LLM08 - Vector and Embedding Weaknesses - Check for leakage of sensitive data via embeddings or retrieval vectors. - owasp-llm-08:2025 - * - LLM09 - Misinformation - Test resilience against hallucinations or generation of malicious/incorrect content. - owasp-llm-09:2025 - `OWASP-LLM-09-2025 with ARES `_ * - LLM10 - Unbounded Consumption - Ensure the agent prevents resource exhaustion (e.g., DoS via unlimited requests). - owasp-llm-10:2025 -