When chatbots become agents, bad text becomes real damage
A curated field manual for adversarial-testing AI systems—from LLM prompt injection to autonomous-agent RCE—before attackers get there first.

What it does
This repository is a curated knowledge base that maps out how to adversarially test AI systems, from classic LLM jailbreaks and prompt injection to emerging risks in autonomous agents, RAG pipelines, and model supply chains. It compiles frameworks like NIST AI RMF, OWASP, and MITRE ATLAS alongside real-world case studies and a 30/60/90-day implementation roadmap. Think of it as an open-source field manual rather than a single tool: it collects methodologies, attack taxonomies, and regulatory context in one place.
The interesting bit
The guide treats AI red teaming as distinct from traditional cybersecurity—swapping deterministic exploits for probabilistic, natural-language attacks and dynamic failure modes. It also explicitly tracks the shift from “bad text output” to agent-executed actions like unauthorized transactions and lateral movement, which makes the threat model feel less hypothetical and more like an incident report.
Key highlights
- Covers concrete attack vectors: prompt injection, RAG poisoning, MCP/tool-protocol abuse, browser-agent hijacking, voice/audio manipulation, and fine-tuning supply-chain attacks.
- References documented 2025–2026 incidents, including the OpenClaw framework RCE (CVE-2026-25253), an Anthropic-discovered AI-agent cyberattack, and a GitHub Copilot remote-code-execution flaw (CVE-2025-53773).
- Aligns with formal standards—NIST AI RMF, OWASP GenAI Red Teaming, MITRE ATLAS, and the EU AI Act—while providing a 30/60/90-day quickstart for building a program.
- Includes an evaluation harness reference implementation and attack-tree mappings for agentic AI, though the README is truncated before showing full technical depth.
- Claims grounding in Microsoft’s 100+ AI product red teams, with practitioner references from major tech firms (not official corporate endorsements).
Caveats
- The “trusted by” logos of major tech companies refer to individual practitioners who use the guide, not official organizational endorsements—a distinction that is easy to miss at a glance.
- Cited financial and incident statistics (e.g., ~$2.3B in prompt-injection losses) are explicitly labeled as directional, vendor-reported figures rather than audited data.
- The README is truncated in the provided source, so the full depth of the evaluation harness and some later sections remains unseen.
Verdict
Security architects, AI risk managers, and red-team operators building a testing program from scratch will find this a useful starting scaffold. If you are looking for a drop-in testing tool or automated exploit framework, this is documentation, not code.
Frequently asked
- What is requie/AI-Red-Teaming-Guide?
- A curated field manual for adversarial-testing AI systems—from LLM prompt injection to autonomous-agent RCE—before attackers get there first.
- Is AI-Red-Teaming-Guide open source?
- Yes — requie/AI-Red-Teaming-Guide is an open-source project tracked on heatdrop.
- How popular is AI-Red-Teaming-Guide?
- requie/AI-Red-Teaming-Guide has 500 stars on GitHub.
- Where can I find AI-Red-Teaming-Guide?
- requie/AI-Red-Teaming-Guide is on GitHub at https://github.com/requie/AI-Red-Teaming-Guide.