Share 
## https://sploitus.com/exploit?id=B9CE5CD6-EC89-5FA8-B3CB-408F75A699C5
# AI GOAT - AI Vulnerability & Exploits Collection

> โš ๏ธ **A deliberately-vulnerable test corpus.** Every file in this repository is **intentionally insecure or misconfigured by design**. It exists for **one purpose only**: to exercise and validate security scanners, AI/LLM security tooling, and configuration-drift detection. **Nothing here is meant to be deployed, run against systems you do not own, or used to cause harm.**

## Declaration of Purpose

This repository is a **labelled corpus of synthetic, non-operational security test fixtures**. It is built and maintained as a testing aid for static analysis and AI/LLM security tooling โ€” in the same spirit as well-established educational/testing corpora such as the OWASP Benchmark, OWASP WebGoat, DVWA, and `vulhub`.

It contains:

- **AI/LLM surface fixtures** โ€” prompt-injection markers in agent skill/rule files, wildcard MCP/tool permissions, inline (synthetic) provider keys, and other AI-surface anti-patterns, mapped to the OWASP LLM Top-10.
- **Configuration-drift fixtures** โ€” a "baseline" (known-good) scanner/tool configuration paired with a "drifted"/corrupted variant (e.g. TLS disabled, auth disabled, over-broad excludes) so drift-detection and config-certification logic can be tested.

Each fixture is paired with an `EXPECTED.yaml` describing what a correct scanner **should** detect (rule id, severity, OWASP-LLM category). This makes the corpus a **measurable, regression-friendly test set** โ€” not a pile of scary files.

## What this is NOT

- โŒ **Not** working malware, live exploits, or operational attack tooling. Fixtures are illustrative patterns, deliberately inert.
- โŒ **Not** a place for real secrets, real credentials, real customer data, or real third-party target information.
- โŒ **Not** to be deployed to any environment or pointed at any system you do not own and have explicit authorization to test.

## Intended Use

1. Point your SAST / AI-security scanner / config-drift checker at `fixtures/`.
2. Compare the scanner's findings against each fixture's `EXPECTED.yaml`.
3. Use the diff to measure detection precision/recall and to catch regressions.

## Repository Layout

```
ai-vulnerability-exploits-collection/
โ”œโ”€โ”€ README.md            # this file โ€” declaration of purpose
โ”œโ”€โ”€ DISCLAIMER.md        # legal/safety disclosure โ€” fork at your own risk, testing only
โ”œโ”€โ”€ CONTRIBUTING.md      # how to add safe, synthetic, labelled fixtures
โ”œโ”€โ”€ LICENSE              # MIT
โ””โ”€โ”€ fixtures/
    โ”œโ”€โ”€ README.md        # fixture taxonomy + labelling schema + safety rules
    โ”œโ”€โ”€ ai-llm-surface/  # AI/LLM anti-patterns (OWASP LLM Top-10)
    โ”‚   โ”œโ”€โ”€ prompt-injection/
    โ”‚   โ”œโ”€โ”€ mcp-wildcard-permissions/
    โ”‚   โ””โ”€โ”€ inline-provider-key/
    โ””โ”€โ”€ config-drift/    # baseline vs corrupted scanner configs
        โ”œโ”€โ”€ baseline/
        โ””โ”€โ”€ drifted/
```

## Safety & Disclosure

By accessing, cloning, or forking this repository you agree to the terms in **[DISCLAIMER.md](DISCLAIMER.md)**. In short: **this is for authorized testing and educational purposes only, it is provided with no warranty, and forking or using it is entirely at your own risk.**

## License

[MIT](LICENSE). The MIT license covers the *files*; it does **not** grant permission to use these patterns against systems you are not authorized to test โ€” see the disclaimer.