Enhancement/q2#11
Merged
Merged
Conversation
- Add OWASP Top 10 for Agentic Applications (2026) and Microsoft agentic failure-mode taxonomy v2.0 to the Frameworks section - Add new sections: MCP & Tool-Protocol Security, Computer-Use & Browser Agent Attacks, RAG Attack Taxonomy, Voice/Audio & Multimodal Attacks, Fine-Tuning & Model Supply-Chain Security, AI-on-AI Red Teaming - Tag agentic attack vectors with OWASP ASI IDs; refresh 2025-2026 incident list and add industry impact stats - Update TOC, badge to June 2026, remove stale pip flags
- Update PyRIT (v0.11, repo move, AI Red Teaming Agent), Garak (NVIDIA, v0.14), promptfoo (OpenAI acquisition, Hydra); note multi-turn shift - Add emerging agent-native platforms (Cisco AI Defense, Novee AI) - Add validation dates to tool entries - Add three current case studies (AI-orchestrated state intrusion, OpenClaw framework, Copilot RCE) and regroup older ones as historical
…tack trees - Replace pseudocode Evaluation Harness with runnable YAML policy, Python scorer, and release-gate runner - Add AI Incident Response section (agent containment, escalation, EU serious-incident reporting) - Add three agentic attack trees (goal hijack, supply chain, rogue agents) and tag all trees with OWASP ASI IDs - Upgrade EU AI Act section to enforcement-grade GPAI obligations with Article-to-evidence mapping table - Refresh Update Watchlist with NIST 2026 items and current dates
- Add agentic checks (memory integrity, inter-agent auth, MCP pinning, agent registry) to PR checklist - Add worked examples to test-case-library, vulnerability-report, and threat-modeling-workshop templates - Convert CHANGELOG Unreleased to dated 2026-06-10 release entry - Add 2026 threat-landscape source list to References; fix OWASP/Garak links; update footer to June 2026
requie
added
documentation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 632f2288bc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | Single-user policy violation, narrow blast radius | Medium | Standard ticket + scheduled fix | | ||
|
|
||
| ### Regulatory Reporting (don't skip this) | ||
| Under the **EU AI Act**, providers of GPAI models with systemic risk must **report serious incidents to the AI Office** (effective 2 Aug 2026). Bake notification timelines into the runbook *before* an incident, and capture evidence (logs, reproductions, the [vulnerability report](#-practitioner-appendices)) in a form regulators and customers will accept. See [Regulatory Compliance](#regulatory-compliance). |
There was a problem hiding this comment.
For GPAI models with systemic risk, the AI Act's GPAI obligations, including tracking/documenting/reporting serious incidents, entered into application on 2 August 2025; 2 August 2026 is the later Commission enforcement/fines date, as the implementation timeline below also notes. As written, this incident-response guidance can lead teams to leave reporting out of runbooks for incidents occurring between August 2025 and August 2026.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.