Attack Technique Atlas
A taxonomy and dependency graph of 46 offensive-AI attack families and techniques, with
73 relationships (variant of, chains into, defended by). Click any node
for its definition, prerequisites, real-world incidents, and the defenses that blunt it. Every view is
deep-linkable — share ?node=indirect-prompt-injection.
Curated from primary sources (arXiv, vendor advisories, incident reports). Runs entirely in your browser — no tracking, no backend.
No techniques match these filters.
How to read this
- Families (larger nodes) are root attack classes; techniques are concrete methods within them.
- chains into edges show how one technique typically enables another in a real kill chain — e.g. indirect prompt injection → tool-call injection → exfiltration via rendered content.
- defended by edges point to the control that most directly reduces a technique. Defenses are layered, not absolute.
- Filter by the capability an attacker needs (black-box query access vs. white-box gradients vs. a supply-chain position) or by what they are attacking (chatbot, RAG, agent, vision, raw API).
Building the defensive side? See the Guardrail Stack Builder on GuardML, and our Red Team Gym to practice these techniques hands-on.