| Direct prompt injection / system-prompt leak (LLM01/LLM07) | T1059.006, T1606 | CWE-1427 | references/prompt-injection-jailbreak.md | scripts/promptinject_harness.py |
| Multi-turn jailbreak: Crescendo / Skeleton Key | T1059.006 | CWE-1427 | references/prompt-injection-jailbreak.md | scripts/promptinject_harness.py |
| Best-of-N / many-shot / token-smuggling jailbreak | T1059.006, T1027 | CWE-1427 | references/prompt-injection-jailbreak.md | scripts/promptinject_harness.py |
| Indirect injection via ingested content (EchoLeak CVE-2025-32711) | T1190, T1059.006 | CWE-74 | references/prompt-injection-jailbreak.md | scripts/promptinject_harness.py |
| RAG knowledge-base poisoning (PoisonedRAG, 5 docs) | T1195, T1565.001 | CWE-349 | references/rag-vector-poisoning.md | scripts/rag_poisoner.py |
| Embedding-collision / RAG-spraying retrieval hijack | T1195.001 | CWE-349 | references/rag-vector-poisoning.md | scripts/rag_poisoner.py |
| Embedding inversion (reconstruct input from vectors) | T1552, T1213 | CWE-202 | references/rag-vector-poisoning.md | scripts/rag_poisoner.py |
| MCP tool poisoning / rug-pull (CVE-2025-54136/54135) | T1195.001, T1059.006 | CWE-74 | references/agentic-mcp-exploitation.md | scripts/mcp_tool_audit.py |
| MCP command injection RCE (CVE-2025-6514/53107) | T1059, T1059.004 | CWE-78 | references/agentic-mcp-exploitation.md | scripts/mcp_tool_audit.py |
| Excessive agency / confused-deputy tool abuse (LLM06) | T1190, T1648 | CWE-862 | references/agentic-mcp-exploitation.md | scripts/mcp_tool_audit.py |
| Pickle model RCE (CVE-2025-32434, CVE-2024-50050) | T1195.002, T1059.006 | CWE-502 | references/ml-supply-chain.md | scripts/model_scan.py |
| Inference-server pickle RCE (vLLM CVE-2025-32444) | T1190, T1203 | CWE-502 | references/ml-supply-chain.md | scripts/model_scan.py |
| picklescan-bypass smuggling (CVE-2025-1716/1889/1944/1945) | T1195.002, T1027 | CWE-646 | references/ml-supply-chain.md | scripts/model_scan.py |
| Model extraction / distillation (LoRD, logit-layer steal) | T1606, T1213 | CWE-200 | references/model-extraction-adversarial.md | scripts/model_extractor.py |
| Membership inference (training-data exposure) | T1213, T1552 | CWE-200 | references/model-extraction-adversarial.md | scripts/model_extractor.py |
| Adversarial suffix (GCG) / model inversion | T1606 | CWE-1039 | references/model-extraction-adversarial.md | scripts/model_extractor.py |