Skip to content

feat(attack-sim): AI-coordinated red-team campaign + 9 verified seeds#34

Merged
rennf93 merged 10 commits into
masterfrom
feat/attack-campaign
Jun 26, 2026
Merged

feat(attack-sim): AI-coordinated red-team campaign + 9 verified seeds#34
rennf93 merged 10 commits into
masterfrom
feat/attack-campaign

Conversation

@rennf93

@rennf93 rennf93 commented Jun 25, 2026

Copy link
Copy Markdown
Owner

Stacks on #33 (base = feat/attack-sim-harness, not master) so the diff is the campaign only and merges fast-forward. Retarget to master once #33 lands.

What this adds

An AI-coordinated red-team campaign that discovers detection bypasses and proposes them for human-gated inclusion in the Phase A corpus.

  • score_payloads.py (committed): batch scorer — arbitrary payloads → the real SusPatternsManager.detect(). The bridge that lets campaign agents (and humans) test candidates deterministically.
  • .claude/workflows/attack-campaign.workflow.js (untracked, not in this PR): the orchestration — depth+breadth attacker squads → scorer agent → default-reject verifiers → loop-until-dry → synthesize a staging report. Local by design; nothing AI-minted is committed without human approval.
  • README-campaign.md (committed): the human-gate procedure (re-verify each proposal against the real detector before promoting).
  • 9 verified seeds + regenerated baseline.json (committed).

Smoke result

One round on haiku (cheap) generated 168 candidates → 21 proposed. Re-verifying the top 12 against the real detector confirmed all 12 are genuine misses. Distilled 9 into the corpus (SQLi DDL / ORDER BY / MySQL version-comment, ERB + OGNL SSTI, netcat + fullwidth- cmd injection, JSON-quoted NoSQL operators).

Baseline moves 0.658 → 0.421 — expected and honest: we added real, currently-undetected attacks, and the ratchet now tracks them.

Notable

The campaign also flagged a likely ContentPreprocessor normalization-order bug (comment stripping merges SELECT/**/FROMSELECTFROM). That's a code fix, queued as the first follow-up item — not addressed here.

Scope / safety

Test-only additions under tests/attack_simulation/ plus the regenerated baseline. No shipped guard_core/ code changed. The sync-mirror --check CI may be red for pre-existing reasons unrelated to this change.

@github-actions github-actions Bot added the tests Test suite changes label Jun 25, 2026
@rennf93 rennf93 self-assigned this Jun 25, 2026
Base automatically changed from feat/attack-sim-harness to master June 26, 2026 01:24
@rennf93
rennf93 merged commit a345b28 into master Jun 26, 2026
5 of 11 checks passed
@rennf93
rennf93 deleted the feat/attack-campaign branch June 26, 2026 01:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

tests Test suite changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant