farrahovd234-alt/llm-system-security
GitHub: farrahovd234-alt/llm-system-security
一个集成 AI 助手的企业知识库靶场系统,用于演示和研究 LLM 输出处理及间接提示词注入等安全漏洞。
Stars: 0 | Forks: 0
# 网络靶场:Smart Wiki Security Stand
## 项目描述
**Smart Wiki** 是一个集成 AI 助手的企业知识库原型。该系统旨在自动化技术文档的处理:撰写文章、生成图表以及在内部规章中进行智能搜索。
**项目核心思想:**
研究在使用 AI 代理生成可执行内容时产生的漏洞。该系统实现了一种方法,将 LLM 的输出(Markdown、HTML、用于图表的 JS 代码)直接在界面中渲染,或通过 MCP 工具用于管理数据。这可以直观地演示 **Insecure Output Handling** 和 **Indirect Prompt Injection** 类别的攻击。
## 系统架构
```
flowchart LR
%% ================= Attack Surface =================
subgraph attack["Attack Surface"]
kali["Kali
(Атакующий)"] end %% ================= Ubuntu Host ================= subgraph ubuntu["Ubuntu"] direction LR %% ---------- Interface ---------- subgraph interface["Interface Layer"] streamlit["Wiki UI
(Streamlit)"] end %% ---------- API ---------- subgraph api["API Layer"] subgraph fastapi["FastAPI"] direction TB guard_in["GuardIn"] router["Router"] guard_out["GuardOut"] end end %% ---------- AI / LLM ---------- subgraph ai["AI / LLM Layer"] rag["RAG Chain
(Wiki Search)"] agent["Agent LangGraph"] ollama["Ollama
(сервер моделей)"] huggingface["Hugging Face
(репозиторий моделей)"] end %% ---------- Tools ---------- subgraph tools["Tools Layer"] mcp["Tools
(MCP Server)"] end %% ---------- Data ---------- subgraph data["Data Layer"] chroma["ChromaDB
(Векторная база)"] postgres["PostgreSQL
(БД контента и логов)"] fs["Файловая система
(Статьи Wiki)"] end %% ---------- Observability ---------- subgraph observability["Observability"] prometheus["Prometheus + cAdvisor"] langfuse["Langfuse"] end end %% ================= Attacks ================= kali -->|HTTP / curl| streamlit kali -->|прямой запрос| fastapi %% ================= Main Flow ================= streamlit -->|Запрос на оформление| guard_in guard_in --> router router -->|mode=rag| rag router -->|mode=agent| agent router -->|chat / generate| ollama %% ================= RAG ================= rag --> chroma rag --> ollama %% ================= Agent ================= agent <-->|Think / Act / Observe| ollama agent --> mcp %% ================= Tools ================= mcp --> postgres mcp --> fs %% ================= Models ================= huggingface -.->|модели скачиваются| ollama %% ================= Output ================= ollama --> guard_out guard_out -->|HTML / Markdown / JS| streamlit %% ================= Observability ================= router --> langfuse guard_out --> langfuse streamlit -.-> prometheus ollama -.-> prometheus fastapi -.-> prometheus %% ================= Styles ================= classDef attack fill:#ffd6d6,stroke:#c92a2a,stroke-width:2px,color:#000; classDef interface fill:#dbeafe,stroke:#1d4ed8,stroke-width:2px,color:#000; classDef api fill:#ede9fe,stroke:#6d28d9,stroke-width:2px,color:#000; classDef ai fill:#dcfce7,stroke:#16a34a,stroke-width:2px,color:#000; classDef tools fill:#ffedd5,stroke:#ea580c,stroke-width:2px,color:#000; classDef data fill:#fef9c3,stroke:#ca8a04,stroke-width:2px,color:#000; classDef obs fill:#e5e7eb,stroke:#374151,stroke-width:2px,color:#000; class kali attack class streamlit interface class guard_in,router,guard_out api class rag,agent,ollama,huggingface ai class mcp tools class chroma,postgres,fs data class prometheus,langfuse obs ```
(Атакующий)"] end %% ================= Ubuntu Host ================= subgraph ubuntu["Ubuntu"] direction LR %% ---------- Interface ---------- subgraph interface["Interface Layer"] streamlit["Wiki UI
(Streamlit)"] end %% ---------- API ---------- subgraph api["API Layer"] subgraph fastapi["FastAPI"] direction TB guard_in["GuardIn"] router["Router"] guard_out["GuardOut"] end end %% ---------- AI / LLM ---------- subgraph ai["AI / LLM Layer"] rag["RAG Chain
(Wiki Search)"] agent["Agent LangGraph"] ollama["Ollama
(сервер моделей)"] huggingface["Hugging Face
(репозиторий моделей)"] end %% ---------- Tools ---------- subgraph tools["Tools Layer"] mcp["Tools
(MCP Server)"] end %% ---------- Data ---------- subgraph data["Data Layer"] chroma["ChromaDB
(Векторная база)"] postgres["PostgreSQL
(БД контента и логов)"] fs["Файловая система
(Статьи Wiki)"] end %% ---------- Observability ---------- subgraph observability["Observability"] prometheus["Prometheus + cAdvisor"] langfuse["Langfuse"] end end %% ================= Attacks ================= kali -->|HTTP / curl| streamlit kali -->|прямой запрос| fastapi %% ================= Main Flow ================= streamlit -->|Запрос на оформление| guard_in guard_in --> router router -->|mode=rag| rag router -->|mode=agent| agent router -->|chat / generate| ollama %% ================= RAG ================= rag --> chroma rag --> ollama %% ================= Agent ================= agent <-->|Think / Act / Observe| ollama agent --> mcp %% ================= Tools ================= mcp --> postgres mcp --> fs %% ================= Models ================= huggingface -.->|модели скачиваются| ollama %% ================= Output ================= ollama --> guard_out guard_out -->|HTML / Markdown / JS| streamlit %% ================= Observability ================= router --> langfuse guard_out --> langfuse streamlit -.-> prometheus ollama -.-> prometheus fastapi -.-> prometheus %% ================= Styles ================= classDef attack fill:#ffd6d6,stroke:#c92a2a,stroke-width:2px,color:#000; classDef interface fill:#dbeafe,stroke:#1d4ed8,stroke-width:2px,color:#000; classDef api fill:#ede9fe,stroke:#6d28d9,stroke-width:2px,color:#000; classDef ai fill:#dcfce7,stroke:#16a34a,stroke-width:2px,color:#000; classDef tools fill:#ffedd5,stroke:#ea580c,stroke-width:2px,color:#000; classDef data fill:#fef9c3,stroke:#ca8a04,stroke-width:2px,color:#000; classDef obs fill:#e5e7eb,stroke:#374151,stroke-width:2px,color:#000; class kali attack class streamlit interface class guard_in,router,guard_out api class rag,agent,ollama,huggingface ai class mcp tools class chroma,postgres,fs data class prometheus,langfuse obs ```
标签:AI代理, AI安全, AI风险缓解, AV绕过, Chat Copilot, CISA项目, DNS 反向解析, FastAPI, IP 地址批量处理, Kubernetes, LLM应用开发, Markdown渲染, MCP, Prompt注入, Python, RAG, Streamlit, XSS, 不安全输出处理, 企业级Wiki, 前端渲染安全, 大语言模型安全, 幻觉风险, 技术文档自动化, 无后门, 智能助手, 机密管理, 检索增强生成, 模型上下文协议, 测试用例, 漏洞情报, 漏洞演示, 知识库系统, 网络靶场, 自定义请求头, 访问控制, 请求拦截, 逆向工具, 间接提示词注入