ATTACK CHAINS

Walk a breach chain end to end.

Each chain shows the local checks that pass at each step and the composed outcome that exceeds approved scope.

Browse all chains by surface, tactic, and impact.

The umbrella catalogue of multi-step agentic compromise paths.

Map the surfaces a chain has to traverse before it lands.

LIBRARY

Chain library.

Hidden directives in user input become attacker-chosen tool parameters before any policy check fires.

A planted document is ranked highly and treated as authoritative evidence for a high-impact decision.

Concealed directives inside ingested documents override policy and invoke tools the user never asked for.

Visible output looks fine while filesystem writes, network calls, and leaked secrets quietly accumulate.

An over-broad token is reused to invoke an unrelated tool, expanding impact beyond the user's intent.

A poisoned fact written in one session is later retrieved as trusted state and shapes a future decision.

A capability added without registry review or scope check opens a path to high-impact downstream actions.

One agent's manipulated output flows through orchestration into another agent that treats it as trusted input.

A polished summary hides the real tool parameters and diff, so the human approves a sentence, not the action.

Many in-policy steps compose into broad effective authority and an irreversible action no single step would allow.

The standard template every chain in this library is built from.