use crate::{Action, Rule, Severity};
use once_cell::sync::Lazy;
pub static RULES: Lazy<Vec<Rule>> = Lazy::new(|| vec![
Rule { technique_id: "AML.T0000", technique_name: "Active Scanning", tactic: "Reconnaissance", severity: Severity::Info, action: Action::Log,
pattern: r"(?i)(scan|probe|enumerate|map|fingerprint)\s+(the\s+)?(model|api|endpoint|service|system)\s+(for|to\s+find|capabilities?|vulnerabilit)" },
Rule { technique_id: "AML.T0001", technique_name: "Gather RAG-Indexed Targets", tactic: "Reconnaissance", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(what\s+(documents?|files?|data|sources?)\s+(do\s+you|can\s+you|are)\s+(have\s+access|search|retrieve|indexed)|list\s+(all\s+)?(your\s+)?(knowledge\s+base|vector\s+store|rag|indexed))" },
Rule { technique_id: "AML.T0003", technique_name: "Search Application Repositories", tactic: "Reconnaissance", severity: Severity::Low, action: Action::Log,
pattern: r"(?i)(search|find|look\s+up|scan)\s+(github|gitlab|huggingface|pypi|npm|docker\s+hub|model\s+hub|artifact)\s+(for|repo)" },
Rule { technique_id: "AML.T0004", technique_name: "Search AI Vulnerability Databases", tactic: "Reconnaissance", severity: Severity::Info, action: Action::Log,
pattern: r"(?i)(search|find|look\s+up|query)\s+(atlas|mitre|cve|vulnerability|exploit)\s+(database|db|for\s+ai|for\s+llm|for\s+ml)" },
Rule { technique_id: "AML.T0007", technique_name: "RAG Poisoning Recon", tactic: "Reconnaissance", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(inject|insert|add|embed|plant|smuggle)\s+.{0,20}(into|to|in)\s+(the\s+)?(knowledge\s+base|rag|retrieval|vector\s+(store|db|database)|index|corpus|documents?)" },
Rule { technique_id: "AML.T0007.003", technique_name: "Retrieval Content Crafting", tactic: "Reconnaissance", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(craft|create|generate|design)\s+(a\s+)?(document|content|text|passage|entry)\s+.{0,30}(retriev|embed|vector|rag|knowledge\s+base|indexed|rank\s+high)" },
Rule { technique_id: "AML.T0009", technique_name: "Acquire Public AI Artifacts", tactic: "ResourceDevelopment", severity: Severity::Low, action: Action::Log,
pattern: r"(?i)(download|acquire|obtain|grab)\s+(the\s+)?(model\s+weights?|checkpoint|pre.?trained|fine.?tuned|gguf|safetensors?|onnx)\s+(from|file|artifact)" },
Rule { technique_id: "AML.T0012", technique_name: "LLM Prompt Crafting", tactic: "ResourceDevelopment", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(craft|design|create|build|generate|write)\s+(an?\s+)?(adversarial|attack|injection|jailbreak|malicious|exploit)\s+(prompt|payload|input|query|template)" },
Rule { technique_id: "AML.T0014", technique_name: "Poison Training Data", tactic: "ResourceDevelopment", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(poison|corrupt|manipulate|inject|taint)\s+(the\s+)?(training|fine.?tuning|rlhf|reward)\s+(data|set|dataset|process|pipeline|corpus)" },
Rule { technique_id: "AML.T0015", technique_name: "Publish Poisoned AI Agent Tool", tactic: "ResourceDevelopment", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(publish|upload|distribute|share)\s+(a\s+)?(poisoned|malicious|backdoored|trojan)\s+(tool|plugin|extension|package|agent)" },
Rule { technique_id: "AML.T0016", technique_name: "Publish Poisoned Datasets", tactic: "ResourceDevelopment", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(publish|upload|distribute|share)\s+(a\s+)?(poisoned|malicious|backdoored|corrupted)\s+(dataset|data\s+set|training\s+data|corpus)" },
Rule { technique_id: "AML.T0017", technique_name: "Publish Poisoned Models", tactic: "ResourceDevelopment", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(publish|upload|distribute|share)\s+(a\s+)?(poisoned|malicious|backdoored|trojan)\s+(model|weights?|checkpoint|fine.?tune)" },
Rule { technique_id: "AML.T0018", technique_name: "Retrieval Content Crafting (Dev)", tactic: "ResourceDevelopment", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(craft|prepare|create|design)\s+(retrieval|rag|search)\s+(content|documents?|entries|data)\s+(to|for|that\s+will)\s+(manipulat|poison|bias|override)" },
Rule { technique_id: "AML.T0020", technique_name: "AI Supply Chain Compromise (Dev)", tactic: "ResourceDevelopment", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(compromise|attack|tamper\s+with|backdoor)\s+(the\s+)?(supply\s+chain|ai\s+pipeline|model\s+registry|package\s+manager|dependency|huggingface)" },
Rule { technique_id: "AML.T0021", technique_name: "AI Supply Chain Compromise", tactic: "InitialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(install|import|load|use)\s+(a\s+)?(compromised|malicious|backdoored|trojan)\s+(model|package|library|dependency|plugin|tool)" },
Rule { technique_id: "AML.T0022.004", technique_name: "LLM Prompt Phishing", tactic: "InitialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(click\s+(this|the)\s+(link|url)|visit\s+(this|the)\s+site|open\s+(this|the)\s+url|enter\s+your\s+(password|credentials?|api.?key)|verify\s+your\s+(account|identity)\s+at)" },
Rule { technique_id: "AML.T0023", technique_name: "Evade AI Model", tactic: "InitialAccess", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(hypothetically|imagine|suppose|pretend)\s+(you\s+(had\s+no|were\s+without|lacked|didn.?t\s+have)\s+(restriction|filter|safety|guardrail|alignment|rule|limit|constraint)|there\s+were\s+no\s+(restriction|rule|filter|safety|limit)\s+on\s+(you|your\s+response|what\s+you\s+can))" },
Rule { technique_id: "AML.T0025", technique_name: "Phishing", tactic: "InitialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(write|create|generate|craft|compose)\s+(a\s+)?(convincing|realistic|effective|undetectable|believable)\s+(phishing|spear.?phishing)\s+(email|message|campaign)\s+(targeting|to\s+steal|to\s+trick|to\s+deceive|to\s+send)" },
Rule { technique_id: "AML.T0027", technique_name: "Prompt Infiltration via Public App", tactic: "InitialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(inject|insert|embed|smuggle|hide)\s+(this\s+)?(prompt|instruction|command|payload|directive)\s+(into|within|inside|via)\s+(the|a|another|public)" },
Rule { technique_id: "AML.T0030", technique_name: "Full AI Model Access", tactic: "AIModelAccess", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(download|export|extract|steal|copy)\s+(the\s+)?(full|complete|entire)\s+(model|weights?|parameters?|architecture|checkpoint)" },
Rule { technique_id: "AML.T0032", technique_name: "AI Agent Clickbait", tactic: "Execution", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(click|open|visit|follow|navigate\s+to)\s+(this|the)\s+(link|url|page|site|file).{0,30}(urgent|immediately|required|mandatory|verify|confirm|action\s+needed)" },
Rule { technique_id: "AML.T0033", technique_name: "Unauthorized Tool Invocation", tactic: "Execution", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(invoke|call|use|trigger)\s+(your|the\s+ai|this\s+agent.?s?|the\s+available)\s+(tool|function|plugin|action|capability)\s+(to\s+)?(delete|exfiltrate|steal|send\s+to\s+external|transfer\s+data|drop\s+table|rm\s+-rf|wipe)" },
Rule { technique_id: "AML.T0034", technique_name: "Command and Scripting Interpreter", tactic: "Execution", severity: Severity::Critical, action: Action::Block,
pattern: r#"(?i)(import\s+subprocess\s*;?\s*(subprocess|os)\.\w+\s*\(|os\.system\s*\(['"].{5,}|subprocess\.(run|call|Popen)\s*\([^)]{0,100}shell\s*=\s*True|exec\s*\([^)]{0,50}(base64|decode|__import__|compile)|powershell\s+(-e\s|-enc\s|-encodedcommand|-nop\s+-w\s+hidden)|cmd\.exe\s+/c\s+['"]|/bin/(ba)?sh\s+-c\s+['"])"# },
Rule { technique_id: "AML.T0036", technique_name: "Prompt Injection - Ignore Previous", tactic: "Execution", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(ignore|disregard|forget|override|bypass)\s+(all\s+)?(previous|prior|above|your|earlier|original)\s+(instructions?|prompt|system|rules?|constraints?|guidelines?|directives?)" },
Rule { technique_id: "AML.T0036.001", technique_name: "Prompt Injection - New Instructions", tactic: "Execution", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(new\s+instructions?|updated?\s+instructions?|your\s+real\s+instructions?|actual\s+instructions?)\s*[:\-].{5,}" },
Rule { technique_id: "AML.T0036.002", technique_name: "Safety Bypass", tactic: "Execution", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(jailbreak|bypass|circumvent|disable|remove|turn\s+off|deactivate)\s+(all\s+)?(safety|guardrail|filter|restriction|limit|rule|moderation|content\s+filter|alignment)" },
Rule { technique_id: "AML.T0036.003", technique_name: "Persona Hijack", tactic: "Execution", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(you\s+are\s+now|act\s+as|pretend\s+(you\s+are|to\s+be)|roleplay\s+as|behave\s+as)\s+.{0,30}(DAN|unrestricted|no\s+(limit|rule|filter|restriction)|evil|unethical|uncensored|unaligned)" },
Rule { technique_id: "AML.T0037", technique_name: "User Execution", tactic: "Execution", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(copy\s+and\s+(paste|run|execute)\s+this|run\s+this\s+(command|script|code)\s+(in|on)\s+your\s+(terminal|machine|computer)|execute\s+the\s+following\s+(on|in)\s+your)" },
Rule { technique_id: "AML.T0038", technique_name: "AI Agent Context Poisoning", tactic: "Persistence", severity: Severity::High, action: Action::Block,
pattern: r"(?i)((remember|store|memorize)\s+(this|that)\s+(permanently|forever|for\s+all\s+(future|subsequent))\s*[:\-]|(never\s+forget|always\s+remember)\s+(that\s+)?(you\s+(must|should|will|are)|your\s+(role|purpose|instructions?)))" },
Rule { technique_id: "AML.T0038.001", technique_name: "AI Agent Tool Data Poisoning", tactic: "Persistence", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(modify|alter|corrupt|poison|manipulate)\s+(the\s+)?(tool|function|plugin)\s+(data|output|response|results?|return)" },
Rule { technique_id: "AML.T0038.002", technique_name: "AI Agent Tool Poisoning", tactic: "Persistence", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(replace|overwrite|modify|hijack|intercept|tamper)\s+(the\s+)?(tool|function|plugin|api)\s+(definition|schema|output|response|behavior|code|implementation)" },
Rule { technique_id: "AML.T0039", technique_name: "LLM Prompt Self-Replication", tactic: "Persistence", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(include|repeat|prepend|append|copy|propagate)\s+(this|these|the\s+following)\s+(exact\s+)?(instruction|prompt|text|message|words?|payload)\s+(in|to|at|before|after)\s+(every|all|each|future|subsequent)" },
Rule { technique_id: "AML.T0040", technique_name: "Manipulate AI Model", tactic: "Persistence", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(manipulate|modify|alter|change|corrupt)\s+(the\s+)?(model|ai|neural\s+net|weights?|parameters?)\s+(to|so\s+that|behavior|permanently)" },
Rule { technique_id: "AML.T0041", technique_name: "Modify AI Agent Configuration", tactic: "Persistence", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(modify|change|update|alter|overwrite|replace)\s+(your|the|my)\s+(system\s+prompt|configuration|settings?|rules?|behavior|personality|instructions?|guardrails?)" },
Rule { technique_id: "AML.T0042", technique_name: "Poison Training Data (Persistence)", tactic: "Persistence", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(add|inject|insert)\s+(this|these|malicious|poisoned)\s+(data|examples?|samples?|entries)\s+(to|into|in)\s+(the\s+)?(training|fine.?tuning|rlhf|feedback)" },
Rule { technique_id: "AML.T0043", technique_name: "RAG Poisoning (Persistence)", tactic: "Persistence", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(insert|inject|add|plant|embed)\s+(a\s+)?(malicious|poisoned|false|misleading|crafted)\s+(document|entry|passage|content)\s+(into|to|in)\s+(the\s+)?(rag|knowledge\s+base|vector)" },
Rule { technique_id: "AML.T0044", technique_name: "Privilege Escalation via Tool", tactic: "PrivilegeEscalation", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(escalate|grant|give|elevate|promote)\s+(me\s+)?(to\s+)?(admin|root|superuser|elevated|full|owner|sudo)\s+(privilege|access|permission|right|role)" },
Rule { technique_id: "AML.T0045", technique_name: "Escape to Host", tactic: "PrivilegeEscalation", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(\.\./\.\./|/etc/passwd|/etc/shadow|/proc/self|cat\s+/etc/|access\s+host\s+filesystem|escape\s+(the\s+)?(sandbox|container|docker|vm|isolation)|break\s+out\s+of\s+(the\s+)?(container|sandbox))" },
Rule { technique_id: "AML.T0046", technique_name: "LLM Jailbreak (PrivEsc)", tactic: "PrivilegeEscalation", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(developer\s+mode|maintenance\s+mode|debug\s+mode|god\s+mode|sudo\s+mode|admin\s+mode|unrestricted\s+mode|DAN\s+mode)\s*(enabled?|activated?|on|unlocked?|:\s*true)" },
Rule { technique_id: "AML.T0048", technique_name: "AI Supply Chain Reputation Inflation", tactic: "DefenseEvasion", severity: Severity::Low, action: Action::Log,
pattern: r"(?i)(this\s+(tool|plugin|extension|package)\s+(is|has\s+been)\s+(verified|trusted|official|approved|audited)|i\s+have\s+(special|elevated|admin|authorized)\s+(clearance|authorization|permissions?|access))" },
Rule { technique_id: "AML.T0049", technique_name: "Corrupt AI Model", tactic: "DefenseEvasion", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(corrupt|degrade|damage|sabotage|destabilize)\s+(the\s+)?(model|ai|neural\s+net|system)\s*(weights?|parameters?|behavior|output|performance)?" },
Rule { technique_id: "AML.T0050", technique_name: "Delay Execution", tactic: "DefenseEvasion", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(remember\s+to\s+do\s+.{5,30}\s+after\s+\d+|when\s+(the\s+)?user\s+asks?\s+about\s+.{5,30}\s+secretly|if\s+you\s+see\s+the\s+word\s+.{3,20}\s+then\s+(ignore|override|execute)|wait\s+until\s+.{3,20}\s+then\s+(do|execute|run|perform))" },
Rule { technique_id: "AML.T0051", technique_name: "Evade AI Model (Evasion)", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(hypothetical(ly)?|in\s+a\s+fictional?\s+scenario|for\s+a\s+creative\s+writing|as\s+a\s+thought\s+experiment|in\s+this\s+alternate\s+reality)\s*.{0,40}(bypass|ignore|no\s+rules?|unrestricted|without\s+(any\s+)?(restrictions?|rules?|filters?|safety))" },
Rule { technique_id: "AML.T0051.001", technique_name: "Exploitation for Defense Evasion", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(exploit|abuse|leverage)\s+(a\s+)?(bug|vulnerability|flaw|glitch|weakness|loophole)\s+(in|of)\s+(the\s+)?(model|ai|filter|safety|guardrail|alignment)" },
Rule { technique_id: "AML.T0051.002", technique_name: "False RAG Entry Injection", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(inject|insert|add)\s+(a\s+)?(false|fake|fabricated|misleading|decoy)\s+(entry|document|passage|fact|record)\s+(into|to|in)\s+(the\s+)?(rag|knowledge|retrieval|vector)" },
Rule { technique_id: "AML.T0051.003", technique_name: "Impersonation", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(i\s+am\s+(the\s+)?(developer|admin|system|openai|anthropic|owner|creator|ceo|engineer|security\s+team)|this\s+is\s+(an?\s+)?(official|authorized|system|emergency)\s+(message|update|instruction|override|request))" },
Rule { technique_id: "AML.T0051.004", technique_name: "LLM Jailbreak (Evasion)", tactic: "DefenseEvasion", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(enable\s+.{0,15}(DAN|jailbreak|unrestricted)|opposite\s+mode|evil\s+mode|chaos\s+mode|maximum\s+mode|DUDE\s+mode|AIM\s+mode|STAN\s+mode|KEVIN\s+mode)" },
Rule { technique_id: "AML.T0051.005", technique_name: "LLM Prompt Obfuscation", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(decode|translate|interpret|convert|decipher)\s+(this\s+)?(base64|rot13|hex|binary|encoded|cipher|unicode|reversed?\s+text|backwards?|caesar|morse|ascii|atbash|pig\s+latin)" },
Rule { technique_id: "AML.T0051.006", technique_name: "LLM Trusted Output Manipulation", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(format|wrap|encode|embed|disguise)\s+(your\s+)?(response|output|answer|reply)\s+(as|in|using|with)\s+(json|xml|html|markdown|code\s+block).{0,30}(to\s+hide|secretly|containing\s+hidden|smuggle)" },
Rule { technique_id: "AML.T0051.007", technique_name: "Manipulate Chat History", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(pretend|assume|act\s+as\s+if|imagine\s+that)\s+(the\s+)?(previous|earlier|prior|last|above)\s+(conversation|messages?|chat|exchange|context|turns?)\s+(said|included|contained|was|were|established)" },
Rule { technique_id: "AML.T0051.008", technique_name: "Masquerading", tactic: "DefenseEvasion", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(this\s+message\s+(is\s+from|comes\s+from|was\s+sent\s+by)\s+(the\s+)?(system|admin|developer|openai|anthropic)|speaking\s+as\s+(the\s+)?(system|admin|developer)|from:\s*(system|admin|developer|openai))" },
Rule { technique_id: "AML.T0051.009", technique_name: "Sandbox Evasion", tactic: "DefenseEvasion", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(are\s+you\s+(being\s+)?(monitored|tested|watched|recorded|evaluated|graded)|is\s+this\s+a\s+(test|sandbox|honeypot|simulation|evaluation)|detect\s+if\s+(you.re|I.m)\s+(in\s+a\s+)?(sandbox|monitored|test))" },
Rule { technique_id: "AML.T0051.010", technique_name: "AI Supply Chain Rug Pull", tactic: "DefenseEvasion", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(rug\s+pull|swap\s+(the\s+)?(model|weights?|backend)\s+(after|once|when)\s+(deploy|users?|production)|switch\s+(to\s+)?(malicious|compromised)\s+(model|backend)\s+(after|in\s+production))" },
Rule { technique_id: "AML.T0052", technique_name: "AI Agent Tool Credential Harvesting", tactic: "CredentialAccess", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(exfiltrat|extract|steal|dump|leak|harvest|retrieve|obtain)\s+(the\s+)?(api.?key|password|secret|credential|token|private.?key|access.?key|auth.?token|bearer\s+token)" },
Rule { technique_id: "AML.T0052.001", technique_name: "Credentials from Agent Config", tactic: "CredentialAccess", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(show|reveal|print|dump|list|read|access)\s+(the\s+)?(agent|tool|plugin|service)\s+(config|configuration|settings?|secrets?|credentials?|\.env|environment)" },
Rule { technique_id: "AML.T0052.002", technique_name: "Exploitation for Credential Access", tactic: "CredentialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(exploit|abuse|leverage)\s+(a\s+)?(vulnerability|bug|flaw)\s+(to|for)\s+(access|obtain|extract|steal)\s+(credentials?|passwords?|tokens?|keys?|secrets?)" },
Rule { technique_id: "AML.T0052.003", technique_name: "OS Credential Dumping", tactic: "CredentialAccess", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(hashdump|mimikatz|lsass|sam\s+database|/etc/shadow|credential\s+dump|pass\s+the\s+hash|kerberoast|secretsdump|ntds\.dit)" },
Rule { technique_id: "AML.T0052.004", technique_name: "RAG Credential Harvesting", tactic: "CredentialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(search|find|look\s+up|retrieve|query)\s+(the\s+)?(knowledge\s+base|rag|documents?|index|vector\s+store)\s+(for\s+)?(password|credential|api.?key|secret|token|connection\s+string|private\s+key)" },
Rule { technique_id: "AML.T0052.005", technique_name: "Unsecured Credentials", tactic: "CredentialAccess", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(dump|leak|exfiltrate|steal|extract|harvest|reveal|print\s+all|show\s+all|list\s+all|output\s+all)\s+(the\s+)?(environment\s+variables?|env\s+vars?|process\.env|os\.environ|\.env\s+file|secrets?\.json)|(print|output|show|cat)\s+(the\s+)?(\.env\s+file|secrets?\.json|credentials?\.(json|ya?ml|txt))" },
Rule { technique_id: "AML.T0053", technique_name: "Cloud Service Discovery", tactic: "Discovery", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(list|enumerate|discover|scan|find)\s+(all\s+)?(cloud|aws|azure|gcp|s3|lambda|ec2)\s+(services?|resources?|buckets?|instances?|functions?|endpoints?)" },
Rule { technique_id: "AML.T0053.001", technique_name: "Discover AI Agent Configuration", tactic: "Discovery", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(reveal|expose|dump|extract|print|output)\s+(all\s+)?(your|the)\s+(tools?|plugins?|functions?|apis?|connected\s+services?|integrations?|endpoints?|internal\s+config)" },
Rule { technique_id: "AML.T0053.002", technique_name: "Discover AI Artifacts", tactic: "Discovery", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(what|which|list|show)\s+(training\s+data|fine.?tuning|dataset|model\s+weights?|embeddings?|vectors?|artifacts?)\s+(are|were|do\s+you)\s+(used|have|trained|stored)" },
Rule { technique_id: "AML.T0053.003", technique_name: "Discover AI Model Family", tactic: "Discovery", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(identify|fingerprint|determine|detect)\s+(the\s+)?(exact\s+)?(model|version|architecture|variant)\s+(you\s+are|being\s+used|running|deployed)" },
Rule { technique_id: "AML.T0053.004", technique_name: "Discover AI Model Ontology", tactic: "Discovery", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(enumerate|list\s+every|exhaustively\s+(list|describe)|dump\s+(all\s+)?(your|available))\s+(functions?|tools?|capabilities?|plugins?|permissions?|restrictions?|limitations?)" },
Rule { technique_id: "AML.T0053.005", technique_name: "Discover AI Model Outputs", tactic: "Discovery", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(what\s+(is|are)\s+your\s+(token|output|context)\s+(limit|length|window|size|maximum)|how\s+(many|long|large)\s+(tokens?|output|response)\s+(can|do)\s+you)" },
Rule { technique_id: "AML.T0053.006", technique_name: "Discover LLM Hallucinations", tactic: "Discovery", severity: Severity::Low, action: Action::Log,
pattern: r"(?i)(make\s+up|fabricate|invent|hallucinate|generate\s+fake)\s+(a\s+)?(citation|reference|source|study|paper|fact|statistic|url|link|doi)\s+(that|which|to|about)" },
Rule { technique_id: "AML.T0053.007", technique_name: "Discover LLM System Information", tactic: "Discovery", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(what\s+(is\s+your|are\s+your)\s+(system\s+prompt|hidden\s+instructions?|initial\s+prompt|custom\s+instructions?|meta.?prompt|pre.?prompt)|reveal\s+(your\s+)?(system\s+prompt|hidden\s+instructions?|initial\s+prompt))" },
Rule { technique_id: "AML.T0053.008", technique_name: "Process Discovery", tactic: "Discovery", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(what\s+(os|operating\s+system|server|hardware|gpu|cpu|memory|runtime|environment)|list\s+(running\s+)?process|show\s+(system|server)\s+info|uname\s+-a|whoami|hostname|cat\s+/proc|ps\s+aux)" },
Rule { technique_id: "AML.T0054.004", technique_name: "Phishing via AI", tactic: "LateralMovement", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(generate|write|compose|draft|create)\s+(a\s+)?(convincing|realistic|professional|targeted)\s+(phishing|spear.?phishing|social\s+engineering|scam)\s+(email|message|page|lure|template)" },
Rule { technique_id: "AML.T0054.005", technique_name: "Use Alternate Auth Material", tactic: "LateralMovement", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(use|try|reuse|replay)\s+(a\s+)?(stolen|leaked|compromised|expired|old|different|alternate)\s+(token|cookie|session|api.?key|credential|certificate|oauth)\s+(to|for|on)" },
Rule { technique_id: "AML.T0055", technique_name: "AI Artifact Collection", tactic: "Collection", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(download|export|copy|save|extract|collect)\s+(the\s+)?(model|weights?|embeddings?|fine.?tun|checkpoint|onnx|safetensors?|gguf|artifacts?)" },
Rule { technique_id: "AML.T0055.001", technique_name: "Data from AI Services", tactic: "Collection", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(collect|gather|compile|aggregate|export|extract)\s+(all\s+)?(data|logs?|history|conversations?|interactions?|training\s+data|user\s+data)\s+(from|in|stored|within)\s+(the|this|your)" },
Rule { technique_id: "AML.T0055.002", technique_name: "Data from Information Repositories", tactic: "Collection", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(extract|download|scrape|dump|export)\s+(all\s+)?(data|content|records?|entries)\s+(from|in)\s+(the\s+)?(database|repository|wiki|confluence|sharepoint|notion|knowledge\s+base)" },
Rule { technique_id: "AML.T0055.003", technique_name: "Data from Local System", tactic: "Collection", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(read|access|list|dump|cat|show)\s+(the\s+)?(local\s+)?(files?|directories?|filesystem|disk|home\s+directory|/tmp|/var|/home|desktop|documents)" },
Rule { technique_id: "AML.T0056", technique_name: "Craft Adversarial Data", tactic: "AIAttackStaging", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(craft|generate|create|design|build)\s+(an?\s+)?(adversarial|perturbation|evasion|poison|attack)\s+(input|example|sample|data|image|text|prompt|payload)" },
Rule { technique_id: "AML.T0056.001", technique_name: "Create Proxy AI Model", tactic: "AIAttackStaging", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(create|build|train|distill)\s+(a\s+)?(proxy|surrogate|shadow|clone|copy|replica)\s+(model|version|of\s+the\s+model)\s*(of|from|based\s+on|to\s+mimic)?" },
Rule { technique_id: "AML.T0056.002", technique_name: "Generate Deepfakes", tactic: "AIAttackStaging", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(generate|create|make|produce|synthesize)\s+(a\s+)?(deepfake|fake\s+(video|image|audio|voice|photo)|synthetic\s+(face|voice|identity|media)|face\s+swap|voice\s+clone)" },
Rule { technique_id: "AML.T0056.003", technique_name: "Generate Malicious Commands", tactic: "AIAttackStaging", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(generate|create|write|produce|code)\s+(a\s+)?(malware|ransomware|exploit|payload|virus|worm|keylogger|rootkit|botnet|trojan|rat|backdoor|spyware)" },
Rule { technique_id: "AML.T0056.004", technique_name: "Manipulate AI Model (Staging)", tactic: "AIAttackStaging", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(prepare|stage|set\s+up|configure)\s+(an?\s+)?(attack|manipulation|exploit|poisoning)\s+(against|targeting|on|for)\s+(the\s+)?(model|ai|neural\s+net|llm)" },
Rule { technique_id: "AML.T0056.005", technique_name: "Verify Attack", tactic: "AIAttackStaging", severity: Severity::Medium, action: Action::Log,
pattern: r"(?i)(test|verify|validate|confirm|check)\s+(if|that|whether)\s+(the\s+)?(attack|exploit|injection|payload|jailbreak|bypass|prompt\s+injection)\s+(works?|succeeded|was\s+successful|is\s+effective)" },
Rule { technique_id: "AML.T0057", technique_name: "AI Agent as C2", tactic: "CommandAndControl", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(use\s+(the\s+)?(ai|agent|llm|model)\s+(as\s+a?\s*)?(command\s+and\s+control|c2|relay|proxy|beacon)|establish\s+(a\s+)?(c2|command)\s+(channel|connection)\s+(through|via)\s+(the\s+)?(ai|agent|model))" },
Rule { technique_id: "AML.T0057.001", technique_name: "AI Service API as C2", tactic: "CommandAndControl", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(use\s+(the\s+)?(api|inference|chat|completion)\s+(endpoint|service)\s+(as|for)\s+(c2|command|control|exfil|relay)|tunnel\s+(data|commands?|traffic)\s+(through|via)\s+(the\s+)?(api|llm|ai\s+service))" },
Rule { technique_id: "AML.T0057.002", technique_name: "Reverse Shell via AI", tactic: "CommandAndControl", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(nc\s+-[el]|ncat\s+-[el]|bash\s+-i\s+>&|/dev/tcp/|mkfifo\s+/tmp|python\s+-c\s+.{0,20}socket|reverse\s+shell|bind\s+shell|socat\s+.{0,20}exec|msfvenom|meterpreter)" },
Rule { technique_id: "AML.T0058", technique_name: "Exfiltration via AI Agent Tool", tactic: "Exfiltration", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(send|post|transmit|upload|forward|email|webhook)\s+(this|the|all|my|collected)\s+(data|info|results?|output|response|conversation|logs?|secrets?)\s+(to|via|using|through)\s+(http|https|ftp|email|webhook|external|api|slack|discord)" },
Rule { technique_id: "AML.T0058.001", technique_name: "Exfiltration via Inference API", tactic: "Exfiltration", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(encode|embed|hide|smuggle|exfiltrate)\s+(the\s+)?(data|secret|key|credential|info|output)\s+(in|within|inside|via|through)\s+(the\s+)?(model|api|inference|completion|response|embedding)\s*(call|request|response|output)?" },
Rule { technique_id: "AML.T0058.002", technique_name: "Exfiltration via Cyber Means", tactic: "Exfiltration", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(exfiltrate|transfer|send|upload)\s+(the\s+)?(data|files?|secrets?|credentials?)\s+(via|over|through|using)\s+(dns|icmp|https?|ftp|ssh|tor|vpn|steganograph)" },
Rule { technique_id: "AML.T0058.003", technique_name: "Extract LLM System Prompt", tactic: "Exfiltration", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(show|reveal|print|output|display|repeat|extract|tell\s+me|dump|echo|return)\s+((your|the)\s+)?(entire|full|complete|exact|raw|original|initial|verbatim)?\s*(system\s+(prompt|message|instruction)|pre.?prompt|meta.?prompt|hidden\s+instruction|custom\s+instruction|initial\s+instruction)" },
Rule { technique_id: "AML.T0058.004", technique_name: "LLM Data Leakage", tactic: "Exfiltration", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(include|embed|encode|hide|smuggle|leak)\s+(the\s+)?(data|secret|key|credential|info|pii)\s+(in|within|inside|as\s+part\s+of)\s+(the\s+)?(response|output|answer|url|link|image|markdown|json)" },
Rule { technique_id: "AML.T0058.005", technique_name: "LLM Response Rendering", tactic: "Exfiltration", severity: Severity::Medium, action: Action::Block,
pattern: r"(?i)(render|display|embed|include)\s+(an?\s+)?(external|remote|third.?party)\s+(image|iframe|script|resource|url)\s+(in|within|as\s+part\s+of)\s+(your\s+)?(response|output|answer|reply)" },
Rule { technique_id: "AML.T0059", technique_name: "Cost Harvesting", tactic: "Impact", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(mine|generate|produce)\s+(bitcoin|ethereum|crypto|monero|cryptocurrency)\s+(using|with|on)\s+(all|available|your|the)\s+(gpu|cpu|compute|resource)" },
Rule { technique_id: "AML.T0059.001", technique_name: "Data Destruction via AI Tool", tactic: "Impact", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(delete|destroy|drop|truncate|wipe|purge|rm\s+-rf|erase|shred)\s+(all\s+)?(data|files?|database|tables?|records?|logs?|backups?|users?|accounts?|documents?)" },
Rule { technique_id: "AML.T0059.002", technique_name: "Denial of AI Service", tactic: "Impact", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(crash|overload|flood|overwhelm|exhaust|consume\s+all|deplete)\s+(the\s+)?(model|service|api|server|gpu|memory|tokens?|context|resources?|rate\s+limit)" },
Rule { technique_id: "AML.T0059.003", technique_name: "Erode AI Model Integrity", tactic: "Impact", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(corrupt|degrade|poison|manipulate|bias|skew|erode)\s+(the\s+)?(model|ai|output|behavior|response|prediction|training|weights?|integrity|accuracy|alignment)" },
Rule { technique_id: "AML.T0059.004", technique_name: "Erode Dataset Integrity", tactic: "Impact", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(corrupt|degrade|poison|manipulate|tamper)\s+(the\s+)?(dataset|training\s+data|fine.?tuning\s+data|evaluation\s+data|benchmark|test\s+set|validation\s+set)" },
Rule { technique_id: "AML.T0059.006", technique_name: "External Harms", tactic: "Impact", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(how\s+to\s+(make|build|create|synthesize|manufacture)\s+(a\s+)?(bomb|weapon|explosive|poison|bioweapon|chemical\s+weapon|nerve\s+agent|ricin|sarin|anthrax)|instructions?\s+for\s+(making|building|creating|synthesizing)\s+(a\s+)?(weapon|explosive|drug|poison|bioweapon))" },
Rule { technique_id: "AML.T0059.007", technique_name: "Machine Compromise", tactic: "Impact", severity: Severity::Critical, action: Action::Block,
pattern: r"(?i)(take\s+over|compromise|hack|exploit|backdoor|rootkit|own|pwn)\s+(this\s+)?(machine|server|host|system|computer|infrastructure|network)" },
Rule { technique_id: "AML.T0059.008", technique_name: "Spamming AI System", tactic: "Impact", severity: Severity::High, action: Action::Block,
pattern: r"(?i)(flood|spam|fill|overwrite|pollute|overwhelm)\s+(the\s+)?(context|memory|history|conversation|rag|knowledge\s+base|index|queue)\s+(with\s+)?(garbage|noise|random|fake|junk|nonsense|chaff|irrelevant)" },
]);