| ... |
|
ATR-2026-00001-direct-prompt-injection.yaml
|
35.15 KB |
|
ATR-2026-00002-indirect-prompt-injection.yaml
|
14.16 KB |
|
ATR-2026-00003-jailbreak-attempt.yaml
|
28.79 KB |
|
ATR-2026-00004-system-prompt-override.yaml
|
20.63 KB |
|
ATR-2026-00005-multi-turn-injection.yaml
|
14.37 KB |
|
ATR-2026-00080-encoding-evasion.yaml
|
8.42 KB |
|
ATR-2026-00081-semantic-multi-turn.yaml
|
9 KB |
|
ATR-2026-00082-fingerprint-evasion.yaml
|
8.25 KB |
|
ATR-2026-00083-indirect-tool-injection.yaml
|
8.84 KB |
|
ATR-2026-00084-structured-data-injection.yaml
|
5.7 KB |
|
ATR-2026-00085-audit-evasion.yaml
|
8.12 KB |
|
ATR-2026-00086-visual-spoofing.yaml
|
8.15 KB |
|
ATR-2026-00087-rule-probing.yaml
|
8.57 KB |
|
ATR-2026-00088-adaptive-countermeasure.yaml
|
8.67 KB |
|
ATR-2026-00089-polymorphic-skill.yaml
|
8.88 KB |
|
ATR-2026-00090-threat-intel-exfil.yaml
|
9.24 KB |
|
ATR-2026-00091-nested-payload.yaml
|
8.79 KB |
|
ATR-2026-00092-consensus-poisoning.yaml
|
9.18 KB |
|
ATR-2026-00093-gradual-escalation.yaml
|
8.95 KB |
|
ATR-2026-00094-audit-bypass.yaml
|
8.64 KB |
|
ATR-2026-00097-cjk-injection-patterns.yaml
|
21.95 KB |
|
ATR-2026-00104-persona-hijacking.yaml
|
9.66 KB |
|
ATR-2026-00130-indirect-authority-claim.yaml
|
9.54 KB |
|
ATR-2026-00131-fictional-academic-framing.yaml
|
9.6 KB |
|
ATR-2026-00133-paraphrase-injection.yaml
|
9.64 KB |
|
ATR-2026-00137-authority-claim-injection.yaml
|
8.08 KB |
|
ATR-2026-00138-fictional-framing-bypass.yaml
|
9.56 KB |
|
ATR-2026-00140-indirect-reference-reversal.yaml
|
7.19 KB |
|
ATR-2026-00148-language-switch-injection.yaml
|
8.76 KB |
|
ATR-2026-00153-tool-with-embedded-instruction-to-bypass.yaml
|
9.01 KB |
|
ATR-2026-00154-unauthorized-background-task-execution-v.yaml
|
9.26 KB |
|
ATR-2026-00155-hidden-llm-instructions-in-skill-descrip.yaml
|
8.58 KB |
|
ATR-2026-00156-ssh-remote-command-execution-with-creden.yaml
|
7.65 KB |
|
ATR-2026-00163-skill-hidden-override-instruction.yaml
|
6.52 KB |
|
ATR-2026-00202-encoding-evasion-homoglyph-synonym.yaml
|
6.85 KB |
|
ATR-2026-00203-context-pollution-skill-description.yaml
|
5.73 KB |
|
ATR-2026-00206-hidden-priority-instructions.yaml
|
5.09 KB |
|
ATR-2026-00207-hidden-instructions.yaml
|
5.32 KB |
|
ATR-2026-00211-system-prompt-override.yaml
|
5.08 KB |
|
ATR-2026-00213-system-prompt-override.yaml
|
4.76 KB |
|
ATR-2026-00226-identity-substitution.yaml
|
9.75 KB |
|
ATR-2026-00227-historical-persona-jailbreak.yaml
|
10.06 KB |
|
ATR-2026-00228-structured-jailbreak.yaml
|
9.7 KB |
|
ATR-2026-00229-roleplay-jailbreak.yaml
|
9.11 KB |
|
ATR-2026-00230-persona-moral-bypass.yaml
|
8.92 KB |
|
ATR-2026-00231-identity-substitution.yaml
|
9.83 KB |
|
ATR-2026-00233-structured-jailbreak.yaml
|
9.64 KB |
|
ATR-2026-00234-roleplay-jailbreak.yaml
|
9.49 KB |
|
ATR-2026-00235-persona-moral-bypass.yaml
|
8.93 KB |
|
ATR-2026-00236-pseudo-code-jailbreak.yaml
|
8.2 KB |
|
ATR-2026-00237-dual-response-jailbreak.yaml
|
8.76 KB |
|
ATR-2026-00238-identity-replacement.yaml
|
9.02 KB |
|
ATR-2026-00239-amoral-persona-obsession.yaml
|
9.97 KB |
|
ATR-2026-00240-instruction-nullification-identity-repla.yaml
|
9.51 KB |
|
ATR-2026-00241-amoral-character-jailbreak.yaml
|
9.59 KB |
|
ATR-2026-00242-persona-jailbreak.yaml
|
9.27 KB |
|
ATR-2026-00243-acronym-jailbreak.yaml
|
8.04 KB |
|
ATR-2026-00244-dual-response-jailbreak.yaml
|
8.55 KB |
|
ATR-2026-00245-malicious-persona.yaml
|
10.34 KB |
|
ATR-2026-00247-dual-response-jailbreak.yaml
|
9.17 KB |
|
ATR-2026-00249-game-based-jailbreak.yaml
|
9.45 KB |
|
ATR-2026-00251-persona-embodiment-jailbreak.yaml
|
9.47 KB |
|
ATR-2026-00252-narrative-jailbreak.yaml
|
10.02 KB |
|
ATR-2026-00253-enhanced-persona-jailbreak.yaml
|
9.56 KB |
|
ATR-2026-00256-base-n-encoding-jailbreak.yaml
|
8.47 KB |
|
ATR-2026-00257-cipher-transposition-jailbreak.yaml
|
8.1 KB |
|
ATR-2026-00258-unicode-tag-injection.yaml
|
7.47 KB |
|
ATR-2026-00264-latent-injection-translation.yaml
|
8.28 KB |
|
ATR-2026-00265-latent-injection-rag-document.yaml
|
8.58 KB |
|
ATR-2026-00267-gcg-adversarial-suffix.yaml
|
8.68 KB |
|
ATR-2026-00272-hypothetical-response-smuggling.yaml
|
9.66 KB |
|
ATR-2026-00276-invisible-unicode-bidi-injection.yaml
|
8.38 KB |
|
ATR-2026-00278-dra-disguise-reconstruction-attack.yaml
|
10 KB |
|
ATR-2026-00280-policy-puppetry-xml-injection.yaml
|
9.43 KB |
|
ATR-2026-00282-perez-prompt-injection-hijack.yaml
|
8.78 KB |
|
ATR-2026-00285-alternate-encoding-jailbreak.yaml
|
9.6 KB |
|
ATR-2026-00286-latent-injection-embedded-context.yaml
|
10 KB |
|
ATR-2026-00296-shell-command-injection.yaml
|
8.69 KB |
|
ATR-2026-00297-python-code-execution-rce.yaml
|
9.35 KB |
|
ATR-2026-00308-zalgo-diacritic-overload-encoding.yaml
|
8.74 KB |
|
ATR-2026-00309-braille-unicode-encoded-injection.yaml
|
8.63 KB |
|
ATR-2026-00310-ecoji-emoji-encoded-injection.yaml
|
9.39 KB |
|
ATR-2026-00311-base2048-unicode-script-injection.yaml
|
9.28 KB |
|
ATR-2026-00312-unicode-variant-selector-ascii-smuggling.yaml
|
9.51 KB |
|
ATR-2026-00313-sneaky-bits-zero-width-binary.yaml
|
11.67 KB |
|
ATR-2026-00315-sata-masked-language-model-jailbreak.yaml
|
10.65 KB |
|
ATR-2026-00316-function-masking-predict-mask-bypass.yaml
|
11.49 KB |
|
ATR-2026-00321-hyphenated-system-instruction-injection.yaml
|
10.21 KB |
|
ATR-2026-00359-bank-phishing-smtp-email-code.yaml
|
11.63 KB |
|
ATR-2026-00367-emoji-flag-encoded-hidden-phrase.yaml
|
10.25 KB |
|
ATR-2026-00373-piracy-torrent-site-list-request.yaml
|
9.35 KB |
|
ATR-2026-00378-chatgpt-dom-javascript-redirect-manipulation.yaml
|
9.66 KB |
|
ATR-2026-00382-cocaine-component-development-request.yaml
|
10.74 KB |
|
ATR-2026-00390-explicit-sexual-content-poem-request.yaml
|
10.34 KB |
|
ATR-2026-00394-backspace-deletion-character-injection.yaml
|
8.57 KB |
|
ATR-2026-00395-llm-special-token-boundary-injection.yaml
|
9.67 KB |
|
ATR-2026-00396-toxic-continuation-prefix-injection.yaml
|
10.65 KB |
|
ATR-2026-00397-snowball-impossible-reasoning-injection.yaml
|
11.27 KB |
|
ATR-2026-00399-latent-injection-document-separator-token.yaml
|
9.59 KB |
|
ATR-2026-00400-latent-injection-ignore-instruction-keyword.yaml
|
9.62 KB |
|
ATR-2026-00401-leakreplay-cloze-mask-training-data-elicitation.yaml
|
8.28 KB |
|
ATR-2026-00403-glitch-token-repeat-back-elicitation.yaml
|
8.05 KB |
|
ATR-2026-00407-echo-sql-jinja-template-injection.yaml
|
8.12 KB |
|
ATR-2026-00408-dra-parenthesis-character-reconstruction-attack.yaml
|
8 KB |
|
ATR-2026-00409-phrasing-past-future-tense-harmful-query.yaml
|
8.88 KB |
|
ATR-2026-00410-lmrc-harm-category-direct-elicitation.yaml
|
8.6 KB |
|
ATR-2026-00412-figstep-image-list-multimodal-jailbreak.yaml
|
8.51 KB |
|
ATR-2026-00414-continuation-ethnic-slur-completion-elicitation.yaml
|
8.7 KB |
|
ATR-2026-00420-copilot-studio-sharepoint-indirect-injection.yaml
|
10.14 KB |
|
ATR-2026-00442-quoted-exact-output-forcing.yaml
|
7.66 KB |
|
ATR-2026-00443-word-fragment-concat-assembly.yaml
|
7.19 KB |
|
ATR-2026-00444-unicode-obfuscation-in-user-input.yaml
|
6.71 KB |
|
ATR-2026-00445-translation-hijack-with-side-output.yaml
|
7.08 KB |
|
ATR-2026-00446-variable-assignment-payload-injection.yaml
|
7.32 KB |
|
ATR-2026-00447-fictional-generation-containing-target.yaml
|
7.56 KB |
|
ATR-2026-00452-direct-pwned-payload-injection.yaml
|
8.61 KB |
|
ATR-2026-00453-secret-key-reveal-demand.yaml
|
8.98 KB |
|
ATR-2026-00454-backslash-per-character-encoding.yaml
|
8.65 KB |
|
ATR-2026-00455-no-period-output-override.yaml
|
8.31 KB |
|
ATR-2026-00456-conditional-empty-input-injection.yaml
|
9.53 KB |
|
ATR-2026-00457-garak-dan-to-every-prompt.yaml
|
9.03 KB |
|
ATR-2026-00458-garak-dra-step-by-step.yaml
|
7.7 KB |
|
ATR-2026-00459-garak-dan-an-ai-language.yaml
|
7.4 KB |
|
ATR-2026-00460-garak-dan-no-matter-how.yaml
|
9.18 KB |
|
ATR-2026-00461-garak-goodside-mixedunassigned.yaml
|
7.12 KB |
|
ATR-2026-00462-garak-gcg-mixedunassigned.yaml
|
7.21 KB |
|
ATR-2026-00463-garak-lmrc-mixedunassigned.yaml
|
6.96 KB |
|
ATR-2026-00464-garak-dan-i-would-like.yaml
|
7.66 KB |
|
ATR-2026-00465-garak-dan-your-prompt-here.yaml
|
7.8 KB |
|
ATR-2026-00466-garak-latentinjection-following-text-from.yaml
|
7.61 KB |
|
ATR-2026-00467-garak-dan-act-as-a.yaml
|
7.5 KB |
|
ATR-2026-00468-garak-goat-the-target-llm.yaml
|
7.7 KB |
|
ATR-2026-00469-garak-dan-at-the-end.yaml
|
7.6 KB |
|
ATR-2026-00470-garak-dan-as-an-ai.yaml
|
8.71 KB |
|
ATR-2026-00472-garak-dan-are-going-to.yaml
|
8.95 KB |
|
ATR-2026-00473-garak-lmrc-how-can-i.yaml
|
7.63 KB |
|
ATR-2026-00474-garak-dan-that-chatgpt-has.yaml
|
7.6 KB |
|
ATR-2026-00475-garak-web-injection-alert-1-script.yaml
|
6.9 KB |
|
ATR-2026-00476-garak-web-injection-javascript-alert-1.yaml
|
8.18 KB |
|
ATR-2026-00477-garak-latentinjection-translate-the-following-text.yaml
|
7.88 KB |
|
ATR-2026-00478-garak-latentinjection-abuse-contact-email.yaml
|
7.5 KB |
|
ATR-2026-00479-garak-latentinjection-mixedunassigned.yaml
|
8.05 KB |
|
ATR-2026-00480-garak-dan-the-role-of.yaml
|
8.13 KB |
|
ATR-2026-00481-garak-dan-mixedunassigned.yaml
|
8.7 KB |
|
ATR-2026-00482-garak-lmrc-what-s-an.yaml
|
6.83 KB |
|
ATR-2026-00483-garak-dan-the-user-s.yaml
|
8.3 KB |
|
ATR-2026-00484-garak-dan-and-you-will.yaml
|
8.23 KB |
|
ATR-2026-00485-garak-dan-and-does-not.yaml
|
8.85 KB |
|
ATR-2026-00486-garak-dan-t-care-about.yaml
|
7.4 KB |
|
ATR-2026-00487-garak-dan-and-nothing-else.yaml
|
8.19 KB |
|
ATR-2026-00488-garak-encoding-alert-1-script.yaml
|
7.07 KB |
|
ATR-2026-00489-garak-encoding-javascript-alert-1.yaml
|
8.3 KB |
|
ATR-2026-00490-garak-dan-in-order-to.yaml
|
9.54 KB |
|
ATR-2026-00492-garak-dan-want-you-to.yaml
|
9.47 KB |
|
ATR-2026-00493-garak-latentinjection-registrar-iana-id.yaml
|
9.38 KB |
|
ATR-2026-00495-garak-dan-insert-prompt-here.yaml
|
11.8 KB |
|
ATR-2026-00496-garak-dan-no-matter-what.yaml
|
8.64 KB |
|
ATR-2026-00497-garak-encoding-mixedunassigned.yaml
|
8.95 KB |
|
ATR-2026-00498-garak-web-injection-mixedunassigned.yaml
|
8.16 KB |
|
ATR-2026-00499-garak-dan-from-now-on.yaml
|
9.25 KB |
|
ATR-2026-00503-fake-error-state-takeover-unrestricted-replacement-bot.yaml
|
10.56 KB |
|
ATR-2026-00506-nevermind-override-goal-hijacking-in-user-input-promptinject.yaml
|
8.15 KB |
|
ATR-2026-00507-screaming-stop-goal-hijacking-in-user-input-promptinject.yaml
|
8.01 KB |
|
ATR-2026-00508-escape-delimiter-wrapped-goal-hijacking-in-user-input-prompt.yaml
|
9.15 KB |
|
ATR-2026-00509-prompt-leaking-via-ignore-previous-instructions-in-user-inpu.yaml
|
9.73 KB |
|
ATR-2026-00510-delayed-tool-invocation-injection.yaml
|
11.54 KB |
|
ATR-2026-00511-mcp-web-context-poisoning.yaml
|
10.96 KB |
|
ATR-2026-00512-rules-file-backdoor-injection.yaml
|
11.47 KB |
|
ATR-2026-00515-hidden-text-prompt-injection.yaml
|
12.23 KB |
|
ATR-2026-00518-ignore-previous-and-following-instructions-output-command-promptinject.yaml
|
8.35 KB |
|
ATR-2026-00519-tautology-logic-noise-injection-promptbench.yaml
|
7.75 KB |
|
ATR-2026-00520-nlp-task-random-token-suffix-injection-promptbench.yaml
|
8.24 KB |
|
ATR-2026-00535-windsurf-ide-zero-click-prompt-injection.yaml
|
11.97 KB |
|
ATR-2026-00550-untrusted-retrieval-to-privileged-tool.yaml
|
11.38 KB |
|
ATR-2026-00554-langchain-vulnerable-to-template-injecti.yaml
|
5.52 KB |
|
ATR-2026-00565-the-llm-cli-tool-thru-0-27-1-contains-a-.yaml
|
8.07 KB |
|
ATR-2026-00573-semantic-paraphrased-injection.yaml
|
7.41 KB |
|
ATR-2026-00579-mcp-tool-description-line-jumping-injection.yaml
|
16.77 KB |
|
ATR-2026-00584-indirect-injection-via-tool-response.yaml
|
19.08 KB |
|
ATR-2026-00700-structured-data-payload-injection.yaml
|
6.44 KB |
|
ATR-2026-00701-ipi-tool-output-xss-injection.yaml
|
5.31 KB |
|
ATR-2026-01000-context-ignore-fake-completion-prefix.yaml
|
5.82 KB |
|
ATR-2026-01001-direct-pi-instruction-override-secret-key.yaml
|
6.16 KB |
|
ATR-2026-01002-role-escalation-false-authority-claim.yaml
|
6.42 KB |
|
ATR-2026-01005-many-shot-repetition-override.yaml
|
5.76 KB |
|
ATR-2026-01006-payload-split-string-concat-injection.yaml
|
6.46 KB |
|
ATR-2026-01007-token-repeat-flooding-injection.yaml
|
5.09 KB |
|
ATR-2026-01009-virtual-world-bypass-fictional-pii.yaml
|
5.83 KB |
|
ATR-2026-01012-encoding-evasion-decode-execute.yaml
|
5.91 KB |
|
ATR-2026-01013-language-evasion-multilingual-credential.yaml
|
7.92 KB |
|
ATR-2026-01015-evasion-refusal-suppression.yaml
|
6.73 KB |
|
ATR-2026-01016-evasion-response-priming-forced-opener.yaml
|
5.48 KB |
|
ATR-2026-01017-evasion-dual-response-split-output.yaml
|
5.66 KB |
|
ATR-2026-01018-evasion-shell-injection-eval.yaml
|
10.04 KB |
|
ATR-2026-01019-sysprompt-override-fake-diagnostic-mode.yaml
|
7.28 KB |
|
ATR-2026-01020-spikee-doc-embedded-base64-payload.yaml
|
5.21 KB |
|
ATR-2026-01021-spikee-doc-embedded-translation-injection.yaml
|
5.24 KB |
|
ATR-2026-01023-evasion-opposite-intent-negation-trick.yaml
|
4.81 KB |
|
ATR-2026-01024-evasion-persona-override-rule-breaker.yaml
|
6.06 KB |
|
ATR-2026-01025-evasion-hypothetical-fictional-execution-framing.yaml
|
6.42 KB |
|
ATR-2026-01026-evasion-unicode-glitch-token-anomaly.yaml
|
6.84 KB |
|
ATR-2026-01304-indirect-injection-carrier-important-override.yaml
|
7.82 KB |
|
ATR-2026-01757-hypothetical-framing-bypass-research-audit.yaml
|
6.52 KB |
|
ATR-2026-01758-hypothetical-fictional-story-bypass.yaml
|
7.07 KB |
|
ATR-2026-01759-dos-new-important-instructions-injection-in-document.yaml
|
5.76 KB |
|
ATR-2026-01771-semantic-jailbreak-framing.yaml
|
18.03 KB |
|
ATR-2026-01800-asb-trigger-marker-tool-coercion.yaml
|
8.11 KB |
|
ATR-2026-01860-llmail-chat-template-boundary-spoof.yaml
|
7.27 KB |
|
ATR-2026-01861-llmail-pseudo-xml-role-injection.yaml
|
7.29 KB |
|
ATR-2026-01865-llmail-fake-email-boundary-marker.yaml
|
6.79 KB |
|
ATR-2026-01900-output-encoding.yaml
|
7.4 KB |
|
ATR-2026-01901-output-scrambling.yaml
|
6.57 KB |
|
ATR-2026-01902-output-emoji.yaml
|
4.3 KB |
|
ATR-2026-01903-output-language.yaml
|
4.12 KB |
|
ATR-2026-01904-link-injection.yaml
|
5.84 KB |
|
ATR-2026-01905-promotional-injection.yaml
|
4.6 KB |
|
ATR-2026-01906-content-manipulation.yaml
|
9.51 KB |
|
ATR-2026-01920-access-grant-coercion.yaml
|
7.8 KB |
|
ATR-2026-01921-access-denial-inversion.yaml
|
6.69 KB |
|
ATR-2026-01922-authorization-state-spoofing.yaml
|
7.5 KB |
|
ATR-2026-01923-forged-input-boundary-markers.yaml
|
7.18 KB |
|
ATR-2026-01925-encoded-payload-decoding-coercion.yaml
|
8.68 KB |
|
ATR-2026-01926-cross-lingual-authorization-laundering.yaml
|
6.95 KB |