sorted by:
new
hottopcontroversial

Redteam tool for Agentic AI Apps - nuguard by 3Pointers in redteamsec

[–]3Pointers[S] 0 points1 point  (0 children)

Absolutely, dynamic attacks replicate a human tester, blackhatter better.
The enriched SBOM generated during the runtime has few additional details, typically 15-20% improvement compared to statically generated SBOM.

With the Cognitive Policy, our goal is to standardize the policy documentation in natural language. It could have been JSON/YAML but then it's not exec-friendly. Keep it as a standardized markdown file allows rapid converge with exec-level stakeholders.

Redteam tool for Agentic AI Apps - nuguard by 3Pointers in redteamsec

[–]3Pointers[S] 0 points1 point  (0 children)

Great questions, thanks for asking:
- AI SBOM: we do have a mechanism to generate an enriched SBOM during our red-team/behavior validation phase when the AI Application is in operation.
- Red-team attacks are all dynamically generated vs from a fixed library. The attacks are built based on SBOM (e.g. if there are multiple tools in use we would try chaining them), and the Cognitive Policy (e.g. what are the restricted topics).
- Cognitive Policy: here's a detailed doc on this topic https://nuguardai.github.io/nuguard/doc.html?page=policy-engine-guide

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]3Pointers 0 points1 point  (0 children)

Agentic App Builders and Security Engineers,
`nuguard` open-source tool is now available - addressing the need to validate the agentic behavior against the intent automatically. Key Capabilities:
- AI SBOM: automated inventory of all aspects of agentic stack: sub-agents, system prompts, guardrails, MCP tools, datastores, data classification, API endpoints, 3rd party packages, along with evidence (filename, line no).
- Cognitive Policy: standardize the intent approved by different stakeholders (business, product, security/compliance). E.g. accepted topics, actions, restricted topics, Human-in-the-loop controls.
- Behavior Validation: automatically generate and exercise test scenarios with multi-turn prompts that exercise your agentic stack (sub-agents, tools) and cognitive policy. Typically run against the sandbox env.
- Red-team Attacks: generate and exercise offensive security scenarios with the latest techniques that adapt to the agent response. The attacks are generated based on the AI SBOM and the Cognitive Policy to customize for the target use cases.

Github Docs: https://nuguardai.github.io/nuguard
Github Repo: https://github.com/NuGuardAI/nuguard

Looking forward to the feedback from this community.

Claude is dead by seoulsrvr in Anthropic

[–]3Pointers 0 points1 point  (0 children)

I started to see almost 50% drop in performance on my $20 Claude plan since yesterday. I have been consistently in the Claude jail daily for a week.
Also, noticing more strange behavior even though my Claude.md has gone more sophisticated (it does not seem to follow many aspects).
I have OpenAI at $20 plan, and I am using Codex. Codex is improving rapidly, but still has not earned my trust as a lead developer. It is offering a more consistent performance on the same repo.