# methodology

metricsmethodologyevaluationreporting

超越 ASR 之紅隊指標

AI 紅隊之完整指標方法論，超越攻擊成功率：嚴重性加權評分、防禦深度指標、覆蓋分析，與適合利害關係人之報告框架。

statisticsmethodologyevaluationrigor

AI 紅隊中的統計嚴謹度

AI 紅隊的統計方法論：樣本數決定、信賴區間、對安全聲明之假設檢定、處理非確定性，以及避免常見統計陷阱。

governanceimpact-assessmentmethodologyrisk

AI Impact Assessment Methodology (Governance Compliance)

Methodology for conducting AI impact assessments including human rights, environmental, and social dimensions.

infrastructurepenetration-testingmethodologyred-teamassessment

AI 基礎設施的滲透測試方法論

針對 AI/ML 系統的結構化滲透測試方法論，涵蓋偵查、漏洞評估、利用與報告撰寫。

infrastructurethreat-modelingstriderisk-assessmentmethodology

運用 STRIDE 對 AI 基礎設施進行威脅建模

針對機器學習管線量身打造的 AI/ML 系統威脅建模方法論，使用 STRIDE、資料流圖與攻擊樹。

researchbenchmarkingmethodologyevaluation

注入基準測試方法論

注入攻擊與防禦的標準化基準測試方法論,使研究論文與工具間的比較具有意義。

labstest-case-designmethodologybeginner

Lab: Designing LLM Red Team Test Cases

設計 effective red team test cases with clear objectives, success criteria, and reproducible execution procedures.

labexpertresearchmethodology漏洞-discovery

Lab: Vulnerability Research Methodology

Systematic methodology lab for discovering novel AI vulnerabilities including hypothesis generation, 攻擊面 mapping, experimental design, validation protocols, and responsible disclosure.

專家

Claude Testing Methodology

Systematic methodology for red teaming Claude models, including API probing, model card analysis, safety boundary mapping, and comparative testing across Opus, Sonnet, and Haiku tiers.

claudetestingmethodologyapi-probingsafety-boundariesmodel-tiers

comparisoncross-modelmethodologyevaluationred-teamingbenchmarking

跨模型比較

系統性比較 LLM 安全性的方法論，跨模型家族進行，內容涵蓋標準化評估框架、架構差異分析與比較測試方法。

geminitestingmethodologyvertex-aiai-studiomultimodal-testing

Gemini Testing Methodology

Systematic methodology for red teaming Gemini, including Vertex AI API probing, Google AI Studio testing, multimodal test case design, and grounding attack validation.

gpt-4testingmethodologyapi-probingsafety-boundariesred-teaming

GPT-4 測試方法論

為紅隊 GPT-4 之系統化方法論，含 API 基探測技術、速率限制考量、內容政策對應與安全邊界發現。

model-securityred-teamingattack-surfacemethodologyarchitecture

模型深度剖析

為何模型特定知識對 AI 紅隊演練至關重要、不同架構如何產生不同的攻擊面,以及對任何新模型進行剖繪的系統化方法論。

multimodalred-teamingmethodologyassessmentframework

多模態系統紅隊演練方法論

針對多模態 AI 系統進行安全評估的結構化方法論，涵蓋範疇定義、攻擊面列舉、測試執行，以及使用 MITRE ATLAS 映射進行報告。

professionalafter-action-reviewmethodologycontinuous-improvement

After-Action Reviews for AI 紅隊 Operations

Structured frameworks for conducting after-action reviews that capture lessons learned, improve methodology, and demonstrate value from AI red team engagements.

professionalmethodologystandardframework

AI 紅隊 Methodology Standard

Standardized methodology for conducting AI red team assessments from scoping through reporting.

professionalconsultingmethodologyengagements

AI 安全 Consulting Methodology

Structured consulting methodology for delivering AI security assessments, from client acquisition through engagement delivery.

attack-surfacemappingmethodologythreat-modelingvectors

AI 攻擊面繪製

辨識 AI 系統中所有攻擊向量之系統化方法論：輸入通道、資料流、工具整合與信任邊界。

methodologyrecontradecraftred-teamingassessment

AI 紅隊演練方法論

AI 紅隊案件的結構化方法論，涵蓋偵察、目標剖析、攻擊規劃，以及區分專業評估的技藝。

cheat-sheetred-teamingquick-referencemethodology

AI 紅隊演練速查表

AI 紅隊案件的濃縮快速參考，涵蓋完整生命週期、攻擊類別、常見工具、偵察與報告。

tradecraftreconnaissancethreat-modelingmethodologyscopingpurple-teaming

技藝

涵蓋偵察技術、AI 特定威脅建模，以及專業對抗性評估之結構化案件方法論的進階 AI 紅隊技藝。

evidencechain-of-custodydocumentationreportingmethodologytradecraft

Evidence Collection & Chain of Custody (Tradecraft)

Standards for capturing, preserving, and documenting AI red team findings: conversation logs, API traces, bypass rate measurement, and evidence packaging for reproducible reporting.

methodologyred-teamengagementphasestradecraftprocess

紅隊 Methodology 概覽

A structured methodology for AI red team engagements: phases, deliverables, role definitions, and how AI-specific testing differs from traditional penetration testing.

purple-teamcollaborationdefenseattackmethodologytradecraftadvanced

Purple Teaming for AI

Collaborative attack-defense exercises for AI systems: structuring purple team engagements, real-time knowledge transfer, joint attack simulation, and measuring defensive improvement through iterative testing.

scopingrules-of-engagementauthorizationmethodologytradecraftengagement

Scoping & Rules of Engagement

Defining scope, rules of engagement, authorization boundaries, and success criteria for AI red team engagements, with templates and checklists for common engagement types.

threat-modelingstrideattack-treesllmai-securitymethodologytradecraft

AI-Specific Threat 模型ing

Adapting STRIDE for AI systems, building attack trees for LLM applications, identifying AI-specific threat categories, and producing actionable threat models that drive red team test plans.

tradecrafttoolsselectionmethodology

AI 紅隊的工具選擇

依據目標架構、委託範圍與團隊能力，為 AI 紅隊委託選擇並配置工具的框架。

engagementswalkthroughmethodologyscopingreporting

案件演練概覽

完整 AI 紅隊案件的逐步演練：從範圍界定與偵察，到攻擊執行與報告撰寫，依目標系統類型分類組織。

walkthroughstutorialstoolsmethodologydefenseplatformsengagements

逐步導覽

涵蓋紅隊工具、案件方法論、防禦實作、平台特定測試與完整案件工作流程的逐步引導式導覽。

walkthroughsmethodologyadversarial-simulationdesign

對抗性模擬設計

設計貼近真實威脅行為者與攻擊情境的對抗性模擬,用於 AI 系統的紅隊演練。

walkthroughsmethodologyagenticassessment

代理式系統評估方法論

為代理式 AI 系統(包含工具使用、記憶與多代理互動)設計的完整評估方法論。

pentestmethodologyplanningwalkthroughs

AI 滲透測試規劃

規劃 AI 專屬滲透測試的完整方法論,涵蓋範圍界定、資源分配與時程。

methodologymaturityteamredwalkthroughs

AI 紅隊成熟度模型(方法論詳解)

用以評估並改善組織 AI 紅隊演練能力的成熟度模型。

metricseffectivenessreportingkpisprogram-managementmethodologywalkthrough

Measuring and Reporting AI 紅隊 Effectiveness

導覽 for defining, collecting, and reporting metrics that measure the effectiveness of AI red teaming programs, covering coverage metrics, detection rates, time-to-find analysis, remediation tracking, and ROI calculation.

metricssecurityframeworkmethodologywalkthroughs

AI 安全指標框架

以量化指標衡量與回報 AI 安全態勢的框架。

threat-modelingai-securityrisk-assessmentmethodologywalkthrough

Building AI-Specific Threat 模型s

Step-by-step walkthrough for creating threat models tailored to AI and LLM systems, covering asset identification, threat enumeration, attack tree construction, and risk prioritization.

vulnerabilityclassificationmethodologywalkthroughs

AI 漏洞分類系統

依類型、影響與可利用性為 AI 特有漏洞分類的結構化系統。

walkthroughsmethodologyattack-prioritizationframework

攻擊優先排序框架

依目標架構、時間限制與成功機率,為攻擊技術排定優先順序。

attack-surfacemappingreconnaissanceai-securitymethodologywalkthrough

Mapping the 攻擊 Surface of AI Systems

Systematic walkthrough for identifying and mapping every attack surface in an AI system, from user inputs through model inference to output delivery and tool integrations.

walkthroughsmethodologyattack-treesplanning

LLM 系統攻擊樹建構

使用 MITRE ATLAS 與 OWASP 對應建構 LLM 系統評估的系統化攻擊樹。

walkthroughsmethodologyautomated-reconworkflow

自動化 AI 偵察工作流程

建立自動化偵察工作流程,用於盤點 AI 應用的架構、模型與防禦配置。

walkthroughsmethodologycollaborativeteam

協作式 AI 紅隊評估

協調多人紅隊評估,包含角色分工、溝通協定與發現去衝突。

securityanalysismethodologycompetitivewalkthroughs

AI 安全工具競品分析

針對紅隊作戰用途評估並比較 AI 安全工具的方法論。

walkthroughsmethodologycompliancetesting

合規導向測試方法論

將法規要求對應至具體測試案例,以支援合規導向的 AI 紅隊評估。

continuous-testingci-cdautomationpipelineregression-testingmethodologywalkthrough

Setting Up Continuous AI 紅隊ing Pipelines

導覽 for building continuous AI red teaming pipelines that automatically test LLM applications on every deployment, covering automated scan configuration, CI/CD integration, alert thresholds, regression testing, and dashboard reporting.

walkthroughsmethodologycontinuous-monitoringintegration

持續監控整合方法論

將紅隊發現整合進持續監控系統,以進行持續威脅偵測與防禦驗證。

engagementkickoffscoperules-of-engagementlegalmethodologywalkthrough

委任啟動流程指南

啟動 AI 紅隊委任的逐步指南：客戶初次會議、範圍界定、交戰規則、法律協議、環境設置與工具選擇。

eu-ai-actcomplianceregulationtestingmethodologywalkthrough

Testing for EU AI Act Compliance

導覽 for conducting red team assessments that evaluate compliance with the EU AI Act requirements, covering risk classification, mandatory testing obligations, and documentation requirements.

evidence-collectiondocumentationmethodologyreportingchain-of-custodywalkthrough

Evidence Collection and Documentation Best Practices

導覽 for systematic evidence collection during AI red team engagements, covering request/response capture, screenshot methodology, chain-of-custody documentation, reproducibility requirements, and evidence organization for reports.

evidencedocumentationmethodologyforensicsreportingwalkthrough

Evidence Collection Methods for AI 紅隊s

Comprehensive methods for collecting, preserving, and organizing red team evidence from AI system assessments, including API logs, screenshots, reproduction scripts, and chain-of-custody procedures.

executive-summaryreportingcommunicationmethodologywalkthrough

Writing Executive Summaries for AI 紅隊 Reports

指南 to writing clear, impactful executive summaries for AI red team assessment reports that communicate risk to non-technical stakeholders and drive remediation decisions.

walkthroughsmethodologydeduplicationtriage

發現去重與分級

將自動化與人工測試的發現去重並分級,產出可行動且已排序的漏洞報告。

severityclassificationvulnerabilityrisk-assessmentmethodologywalkthrough

Classifying AI 漏洞 Severity

Framework for consistently classifying the severity of AI and LLM vulnerabilities, with scoring criteria, impact assessment, and examples across common finding categories.

methodologyengagementworkflowprocesswalkthrough

方法論導覽

AI 紅隊案件每個階段的逐步導覽：啟動、偵察、攻擊執行與報告撰寫。

owaspllm-top-10classificationstandardsmethodologywalkthrough

將發現對應至 OWASP LLM Top 10

將 AI 紅隊發現對應至 OWASP LLM 應用程式 Top 10 的實作詳解,涵蓋分類指引、報告範本與緩解對應。

comparative-testingmulti-modelbenchmarkingsecurity-evaluationmethodologywalkthrough

Comparative 安全 Testing Across Multiple LLMs

導覽 for conducting systematic comparative security testing across multiple LLM providers and configurations, covering test standardization, parallel execution, cross-model analysis, and differential vulnerability reporting.

walkthroughsmethodologymulti-modeltesting

多模型測試方法論

為處理流程中使用多個 LLM 模型的應用程式,建立結構化測試方法論。

walkthroughsmethodologypost-engagementanalysis

任務後續分析方法論

進行完整的任務後續分析,包含經驗教訓、技術成效與方法論精進。

pre-engagementchecklistpreparationmethodologyplanningwalkthrough

Pre-Engagement Preparation Checklist

Complete pre-engagement preparation checklist for AI red team operations covering team readiness, infrastructure setup, legal requirements, and initial reconnaissance planning.

walkthroughsmethodologypurple-teamcollaborative

紫隊 AI 評估方法論

以協作式紫隊方法進行 AI 評估,紅藍隊作戰之間即時互相回饋。

walkthroughsmethodologyregression-testingcontinuous

AI 安全回歸測試方法論

設計回歸測試套件,驗證安全修復在模型更新與部署後仍維持有效。

remediationverificationretestingregressionmethodologywalkthrough

Verifying That Remediations Are Effective

導覽 for planning and executing remediation verification testing (retesting) to confirm that AI vulnerability fixes are effective and do not introduce regressions.

walkthroughsmethodologyrisk-basedprioritization

風險導向 AI 測試方法

採用風險導向的測試方法,將評估資源聚焦於影響最大的漏洞類別。

risk-scoringvulnerability-assessmentseverityCVSSmethodologywalkthrough

Risk Scoring Frameworks for AI Vulnerabilities

導覽 for applying risk scoring frameworks to AI and LLM vulnerabilities, covering CVSS adaptation for AI, custom AI risk scoring matrices, severity classification, business impact assessment, and integration with existing vulnerability management processes.

rules-of-engagementtemplatelegalauthorizationmethodologywalkthrough

Rules of Engagement Template for AI 紅隊 Operations

Step-by-step guide to creating comprehensive rules of engagement documents for AI red team assessments, covering authorization, scope, constraints, communication, and legal protections.

scopingengagementplanningmethodologystatement-of-workrisk-assessmentwalkthrough

How to Scope an AI 紅隊 Engagement

Comprehensive walkthrough for scoping AI red team engagements from initial client contact through statement of work, covering target enumeration, risk-based prioritization, resource estimation, boundary definition, and legal considerations.

scopingchecklistpre-engagementmethodologyplanningrules-of-engagementwalkthrough

AI 紅隊 Scoping Checklist 導覽

Systematic walkthrough of the pre-engagement scoping process for AI red team assessments: stakeholder identification, target enumeration, scope boundary definition, resource estimation, and rules of engagement documentation.

managementstakeholderredteammethodologywalkthroughs

AI 紅隊演練的利害關係人管理

在 AI 紅隊任務全程管理利害關係人期待與溝通。

walkthroughsmethodologystakeholder-reportingcommunication

利害關係人導向回報方法論

為不同利害關係人(主管、開發者、安全團隊、合規人員)量身製作紅隊報告。

securitytabletopmethodologyexercisewalkthroughs

AI 安全桌上推演

設計並主持以 AI 安全事件情境為主題的桌上推演。

technical-appendixreportingdocumentationevidencemethodologywalkthrough

Creating Detailed Technical Appendices

指南 to building comprehensive technical appendices for AI red team reports, including evidence formatting, reproduction procedures, tool output presentation, and raw data organization.

test-planplanningmethodologytest-casesautomationwalkthrough

Developing Comprehensive AI 安全 Test Plans

Step-by-step guide to developing structured test plans for AI red team engagements, covering test case design, automation strategy, coverage mapping, and execution scheduling.

threat-modelingllm-securityrisk-assessmentmethodologySTRIDEwalkthrough

Threat 模型ing for LLM-Powered Applications

Step-by-step walkthrough for conducting threat modeling sessions specifically tailored to LLM-powered applications, covering data flow analysis, trust boundary identification, AI-specific threat enumeration, risk assessment, and mitigation planning.

threat-modelingstrideattack-treesworkshopfacilitationmethodologywalkthrough

AI Threat 模型ing Workshop 導覽

Step-by-step guide to running an AI-focused threat modeling workshop: adapting STRIDE for AI systems, constructing attack trees for LLM applications, participant facilitation techniques, and producing actionable threat models.