Files
Anthropic-Cybersecurity-Skills/skills/detecting-data-and-model-poisoning/references/standards.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817)
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

1.6 KiB

Standards and References — Detecting Data and Model Poisoning

MITRE ATLAS References

Technique ID Name Tactic Rationale
AML.T0020 Poison Training Data ML Attack Staging Injection of manipulated samples into the training corpus
AML.T0018 Backdoor ML Model Persistence Trigger-activated hidden behavior in the trained model
AML.T0010 ML Supply Chain Compromise Initial Access Poisoned public datasets / trojaned downloaded weights
AML.T0024 Exfiltration via ML Inference API Exfiltration Some poisoning leaks data via model responses

NIST AI RMF References

ID Name Rationale
MEASURE-2.7 AI system security and resilience are evaluated and documented Poisoning detection measures the integrity/resilience of the ML pipeline

OWASP Top 10 for LLM Applications (2025)

ID Name Rationale
LLM04:2025 Data and Model Poisoning Primary risk this skill detects
LLM03:2025 Supply Chain Trojaned weights/datasets entry path

Official Resources