From d3e56691cd410f4a136a53f93319c517256549c3 Mon Sep 17 00:00:00 2001 From: Tarique Smith Date: Mon, 27 Apr 2026 13:20:28 -0400 Subject: [PATCH 1/2] Add 2026 update watchlist and 100-star LinkedIn post template --- CHANGELOG.md | 6 ++ README.md | 29 +++++++- resources-validation.md | 12 ++-- templates/linkedin-100-stars-post-template.md | 67 +++++++++++++++++++ 4 files changed, 107 insertions(+), 7 deletions(-) create mode 100644 templates/linkedin-100-stars-post-template.md diff --git a/CHANGELOG.md b/CHANGELOG.md index cbe8322..3fad02c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this guide should be documented in this file. ## [Unreleased] ### Added +- README refresh for 2026 source governance: + - Updated freshness messaging and badge to 2026 + - Added a date-stamped “Latest Update Watchlist” with official EU AI Act, OWASP Agentic Top 10, and NIST update triggers + - Expanded Regulatory Compliance and Resources sections with current references +- New community template: `templates/linkedin-100-stars-post-template.md` for announcing the 100-star milestone. +- `resources-validation.md` expanded with 2026-04-27 validation dates and additional standards/regulatory rows. - Operational implementation sections in README: - Implementation Quickstart (30/60/90) - Evaluation Harness (Reference Implementation) diff --git a/README.md b/README.md index 3d0d6af..0d18e4c 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ![AI Red Teaming](https://img.shields.io/badge/AI-Red%20Teaming-red?style=for-the-badge) ![Security](https://img.shields.io/badge/Security-Testing-blue?style=for-the-badge) ![License](https://img.shields.io/badge/License-MIT-green?style=for-the-badge) -![Updated](https://img.shields.io/badge/Updated-2025-orange?style=for-the-badge) +![Updated](https://img.shields.io/badge/Updated-2026-orange?style=for-the-badge) **A comprehensive guide to adversarial testing and security evaluation of AI systems, helping organizations identify vulnerabilities before attackers exploit them.** @@ -62,7 +62,7 @@ This comprehensive guide is designed for: - ✅ **Evidence-Based**: Grounded in real-world experience from Microsoft's 100+ AI product red teams - ✅ **Framework-Aligned**: Incorporates NIST AI RMF, OWASP, MITRE ATLAS, and CSA guidelines - ✅ **Practical Focus**: Actionable methodologies and tools you can implement today -- ✅ **Continuously Updated**: Reflects latest 2024-2025 research and industry practices +- ✅ **Continuously Updated**: Reflects latest 2024-2026 research and industry practices - ✅ **Comprehensive Coverage**: From basic concepts to advanced attack techniques --- @@ -2088,6 +2088,19 @@ Template available: `templates/model-system-security-card.md` Reference index available: `resources-validation.md` +### Latest Update Watchlist (Validated: 2026-04-27) + +Use this list during quarterly maintenance to keep the guide synchronized with official sources: + +1. **EU AI Act implementation milestones are now active in phases** + - Prohibited practices and AI literacy obligations: **effective 2 February 2025** + - GPAI governance rules and obligations: **effective 2 August 2025** + - Most transparency and high-risk obligations: **effective 2 August 2026** + - High-risk AI embedded in regulated products: extended transition to **2 August 2027** +2. **OWASP published the Top 10 for Agentic Applications** (December 2025), adding prioritized risks such as agent behavior hijacking, tool misuse, and identity/privilege abuse for autonomous systems. +3. **NIST AI RMF Playbook was updated on 27 March 2026**, which is a good trigger to refresh operational checklists and mappings in this guide. +4. **NIST SSDF project now lists SP 800-218 Rev.1 (SSDF v1.2) as Draft (17 December 2025)**, relevant for teams linking AI red teaming controls to secure SDLC requirements. + --- ## 📎 Practitioner Appendices @@ -2122,12 +2135,18 @@ Defines AI red teaming as "a structured testing effort to find flaws and vulnera ### European Union -#### EU AI Act (2024) +#### EU AI Act (Regulation (EU) 2024/1689) **Article 15** requires operators of high-risk AI systems to demonstrate: - Accuracy - Robustness - Cybersecurity +**Implementation Timeline (official phased rollout):** +- **2 February 2025**: prohibited practices and AI literacy obligations entered into application +- **2 August 2025**: governance rules and GPAI obligations became applicable +- **2 August 2026**: the Act is broadly applicable, including transparency and most high-risk requirements +- **2 August 2027**: extended transition deadline for high-risk AI embedded in regulated products + **Red Teaming Requirements:** - Risk assessment documentation - Testing procedures @@ -2189,11 +2208,15 @@ Recommends adversarial testing before deployment and continuous monitoring in pr - [GenAI Profile (AI 600-1)](https://www.nist.gov/publications/ai-600-1) - [Dioptra Testbed](https://pages.nist.gov/dioptra/) - [ARIA Program](https://www.nist.gov/programs-projects/aria) +- [NIST AI RMF Playbook](https://www.nist.gov/itl/ai-risk-management-framework/nist-ai-rmf-playbook) +- [SP 800-218A (SSDF Community Profile for GenAI)](https://csrc.nist.gov/pubs/sp/800/218/a/final) +- [SP 800-218 Rev.1 Draft (SSDF v1.2)](https://csrc.nist.gov/Projects/ssdf/publications) **OWASP:** - [GenAI Red Teaming Guide](https://genai.owasp.org/) - [LLM Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/) - [AI Security & Privacy Guide](https://owasp.org/www-project-ai-security-and-privacy-guide/) +- [Top 10 for Agentic Applications](https://genai.owasp.org/2025/12/09/owasp-top-10-for-agentic-applications-the-benchmark-for-agentic-security-in-the-age-of-autonomous-ai/) **MITRE:** - [ATLAS Framework](https://atlas.mitre.org/) diff --git a/resources-validation.md b/resources-validation.md index a2fd632..a46ab62 100644 --- a/resources-validation.md +++ b/resources-validation.md @@ -4,12 +4,16 @@ Track major external references to keep this guide current. | Resource | Type | Last Validated | Evidence Tag | Notes | |----------|------|----------------|--------------|-------| -| NIST AI RMF | Framework | 2026-02-19 | Evidence-backed | Core governance reference | -| OWASP GenAI Guide | Framework | 2026-02-19 | Evidence-backed | Practical LLM testing guidance | -| MITRE ATLAS | Framework | 2026-02-19 | Evidence-backed | Tactics and techniques mapping | -| CSA Agentic AI Guide | Framework | 2026-02-19 | Evidence-backed | Agentic-specific threat coverage | +| NIST AI RMF + Playbook | Framework | 2026-04-27 | Evidence-backed | Playbook page updated March 27, 2026 | +| NIST SP 800-218A / SSDF AI Profile | Standard | 2026-04-27 | Evidence-backed | Final published July 26, 2024 | +| NIST SP 800-218 Rev.1 (SSDF v1.2) | Standard | 2026-04-27 | Evidence-backed | Draft listed with release date Dec 17, 2025 | +| OWASP GenAI Guide + Agentic Top 10 | Framework | 2026-04-27 | Evidence-backed | Agentic Top 10 announced Dec 2025 | +| MITRE ATLAS | Framework | 2026-04-27 | Evidence-backed | Core tactics/case-study mapping reference retained | +| CSA Agentic AI Red Teaming Guide | Framework | 2026-04-27 | Evidence-backed | Release date May 28, 2025 | +| EU AI Act implementation page (European Commission) | Regulation | 2026-04-27 | Evidence-backed | Confirms phased obligations for 2025/2026/2027 | ## Update Process 1. Validate links and publication status quarterly. 2. Update `Last Validated` dates. 3. Mark major additions as Evidence-backed or Expert guidance. +4. For regulatory timelines, capture exact effective dates (day/month/year), not just year-level summaries. diff --git a/templates/linkedin-100-stars-post-template.md b/templates/linkedin-100-stars-post-template.md new file mode 100644 index 0000000..491351d --- /dev/null +++ b/templates/linkedin-100-stars-post-template.md @@ -0,0 +1,67 @@ +# LinkedIn Post Template — 100 ⭐ Milestone + +Use this template to announce the project crossing 100 GitHub stars. + +## Version A (Short) + +We just crossed **100 stars** on the **AI Red Teaming: The Complete Guide** repo ⭐ + +Huge thanks to everyone who read, starred, and shared feedback. We built this guide to make AI red teaming practical, evidence-based, and implementation-ready. + +If you work in AI security, AppSec, or governance, I’d love your feedback on what we should add next. + +🔗 [Add repo link] + +#AISecurity #RedTeaming #GenAI #AppSec #Cybersecurity + +--- + +## Version B (Story + CTA) + +We just hit **100 GitHub stars** for the **AI Red Teaming: The Complete Guide** ⭐ + +When we started this project, the goal was simple: create one practical resource teams could use to move from theory to execution. + +Since launch, we’ve focused on: +- actionable red teaming workflows +- real-world attack vectors and mitigations +- templates teams can use immediately +- alignment with NIST, OWASP, MITRE, and CSA guidance + +Thank you to everyone who contributed feedback, ideas, and encouragement. + +If you’re building or securing AI systems, check it out and tell us what update you want next. + +🔗 [Add repo link] + +#AISecurity #RedTeaming #LLMSecurity #ResponsibleAI #SecurityEngineering + +--- + +## Version C (Team Recognition) + +🎉 Milestone unlocked: **100 stars** on our **AI Red Teaming Guide** repository. + +This milestone belongs to the community — practitioners, researchers, and builders who keep pushing AI security forward. + +Special thanks to everyone who: +- reviewed drafts +- shared incidents and lessons learned +- suggested frameworks/tools to include +- helped pressure-test the templates + +We’re now planning the next update wave (agentic security, regulatory timelines, and better operational metrics). + +If there’s a gap you want covered, drop a comment. + +🔗 [Add repo link] + +#AI #AISafety #Security #RedTeam #CyberDefense + +--- + +## Optional Add-ons + +- Add one screenshot/GIF of the repo homepage at 100 stars. +- Tag 2–5 collaborators. +- End with a specific question (e.g., "What’s the #1 AI red teaming challenge your team has right now?"). From b8bf19254880b9e51497f7f9fb7cedb230d0a58d Mon Sep 17 00:00:00 2001 From: Tarique Smith Date: Mon, 27 Apr 2026 13:23:46 -0400 Subject: [PATCH 2/2] Delete template --- templates/linkedin-100-stars-post-template.md | 67 ------------------- 1 file changed, 67 deletions(-) delete mode 100644 templates/linkedin-100-stars-post-template.md diff --git a/templates/linkedin-100-stars-post-template.md b/templates/linkedin-100-stars-post-template.md deleted file mode 100644 index 491351d..0000000 --- a/templates/linkedin-100-stars-post-template.md +++ /dev/null @@ -1,67 +0,0 @@ -# LinkedIn Post Template — 100 ⭐ Milestone - -Use this template to announce the project crossing 100 GitHub stars. - -## Version A (Short) - -We just crossed **100 stars** on the **AI Red Teaming: The Complete Guide** repo ⭐ - -Huge thanks to everyone who read, starred, and shared feedback. We built this guide to make AI red teaming practical, evidence-based, and implementation-ready. - -If you work in AI security, AppSec, or governance, I’d love your feedback on what we should add next. - -🔗 [Add repo link] - -#AISecurity #RedTeaming #GenAI #AppSec #Cybersecurity - ---- - -## Version B (Story + CTA) - -We just hit **100 GitHub stars** for the **AI Red Teaming: The Complete Guide** ⭐ - -When we started this project, the goal was simple: create one practical resource teams could use to move from theory to execution. - -Since launch, we’ve focused on: -- actionable red teaming workflows -- real-world attack vectors and mitigations -- templates teams can use immediately -- alignment with NIST, OWASP, MITRE, and CSA guidance - -Thank you to everyone who contributed feedback, ideas, and encouragement. - -If you’re building or securing AI systems, check it out and tell us what update you want next. - -🔗 [Add repo link] - -#AISecurity #RedTeaming #LLMSecurity #ResponsibleAI #SecurityEngineering - ---- - -## Version C (Team Recognition) - -🎉 Milestone unlocked: **100 stars** on our **AI Red Teaming Guide** repository. - -This milestone belongs to the community — practitioners, researchers, and builders who keep pushing AI security forward. - -Special thanks to everyone who: -- reviewed drafts -- shared incidents and lessons learned -- suggested frameworks/tools to include -- helped pressure-test the templates - -We’re now planning the next update wave (agentic security, regulatory timelines, and better operational metrics). - -If there’s a gap you want covered, drop a comment. - -🔗 [Add repo link] - -#AI #AISafety #Security #RedTeam #CyberDefense - ---- - -## Optional Add-ons - -- Add one screenshot/GIF of the repo homepage at 100 stars. -- Tag 2–5 collaborators. -- End with a specific question (e.g., "What’s the #1 AI red teaming challenge your team has right now?").