Attack scenarios
A scenario describes an adversary persona, the technique they exercise, and the assertion that decides whether the defense held.
Key points
- Scenarios are versioned: a change creates a new scenario, never an in-place edit.
- Each scenario maps to one OWASP LLM category and one ATT&CK technique.
- Paraphrases are generated automatically to test wording robustness.
- Custom scenarios can be added via the scenario authoring API.
01
Built-in scenario families
- Prompt injection / jailbreak (LLM01).
- Sensitive information disclosure (LLM02).
- System-prompt leak (LLM07).
02
Custom scenarios
- Author with a YAML manifest plus a grader function.
- Validate locally with `engine simulate --scenario=path/to/manifest`.
- Publish to the tenant catalogue for reuse across runs.