Sparta1980/CACCAVELLI-AI-Security-Framework

# 自述文件 ``` # CACCAVELLI AI 安全框架 Enterprise AI Security Detection & Governance Platform focused on securing modern AI and Large Language Model (LLM) environments. --- ## 功能 - AI Threat Detection Dashboard - Prompt Injection Detection - AI Risk Scoring Engine - MITRE ATT&CK Mapping - OWASP LLM Top 10 Alignment - AI Governance Controls - AI Red Team Labs - Threat Monitoring & Security Analytics --- ## 仪表板预览  --- ## 安装 ```bash python3 -m venv venv source venv/bin/activate pip install -r requirements.txt streamlit run app.py ``` ## 技术栈 * Python * Streamlit * MITRE ATT&CK * OWASP LLM Top 10 * 威胁情报 * 零信任安全 * AI 治理 ## 项目结构 ``` CACCAVELLI-AI-Security-Framework/ ├── docs/ ├── labs/ ├── governance/ ├── detection_rules/ ├── screenshots/ ├── diagrams/ ├── logs/ ├── app.py └── risk_engine.py ``` ## 发展路线图 请参阅 ROADMAP.md ## 许可证 MIT 许可证 ``` --- # SECURITY.md ```markdown # 安全策略 ## 报告漏洞 Please report vulnerabilities responsibly. ## 支持版本 | Version | Supported | |---|---| | 1.x | Yes | ``` # 发展路线图 ``` # 路线图 ## 阶段 1 - Prompt Injection Detection - Risk Scoring Engine - MITRE ATT&CK Mapping - Streamlit Dashboard ## 阶段 2 - AI Telemetry - Threat Analytics - Governance Controls - JSON Event Logging ## 阶段 3 - FastAPI Backend - Docker Deployment - SIEM Integration - OpenAI API Integration ## 阶段 4 - AI Security Gateway - Authentication & RBAC - AI SOC Workflows - Enterprise Threat Intelligence ``` # 更新日志 ``` # 更新日志 ## v1.0 - Initial AI Security Framework - Streamlit Dashboard - Prompt Injection Detection - MITRE ATT&CK Mapping - OWASP LLM Top 10 Alignment - Risk Scoring Engine ``` # 依赖项清单 ``` streamlit pyyaml pandas ``` # Git 忽略文件 ``` venv/ __pycache__/ *.pyc logs/ .env .DS_Store ``` # 文档/架构 ``` # 架构概览 ## AI 安全流水线 User Input ↓ Threat Detection Engine ↓ Risk Scoring Engine ↓ Policy Validation ↓ MITRE Mapping ↓ Response Monitoring ``` # 文档/检测引擎 ``` # 检测引擎 The detection engine analyzes prompts and user interactions for: - Prompt Injection - Jailbreak Attempts - Unsafe Output Requests - Prompt Enumeration - Security Bypass Attempts ``` # 文档/治理 ``` # AI 治理 ## 安全原则 - Zero Trust - Least Privilege - Secure AI Adoption - Threat Monitoring - Risk Management ``` # 文档/MITRE 映射 ``` # MITRE ATT&CK 映射 | AI Threat | MITRE Tactic | |---|---| | Prompt Injection | TA0001 | | Jailbreak Attack | TA0005 | | Data Exfiltration | TA0010 | ``` # 文档/OWASP 对齐 ``` # OWASP LLM Top 10 对齐 | OWASP Category | Implementation | |---|---| | LLM01 Prompt Injection | Detection Engine | | LLM02 Insecure Output | Output Validation | | LLM06 Sensitive Disclosure | DLP Monitoring | ``` # 治理/AI 政策 ``` # AI 安全策略 ## 目标 Define governance and security controls for AI systems. ## 安全控制 - Input Validation - Output Inspection - Threat Monitoring - Access Control - Risk Management ``` # Dockerfile ``` FROM python:3.13 WORKDIR /app COPY . . RUN pip install -r requirements.txt EXPOSE 8501 CMD ["streamlit", "run", "app.py", "--server.address=0.0.0.0"] ``` # 许可证文件 ``` MIT License Copyright (c) 2026 Ney Caccavelli Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software. ```

标签：AI安全, AI治理, AMSI绕过, Chat Copilot, Cloudflare, DLL 劫持, GPT, Kubernetes, MITRE ATT&CK, OWASP LLM Top 10, Python, Streamlit, 仪表板, 企业安全平台, 大语言模型, 威胁情报, 威胁检测, 安全运营, 开发者工具, 扫描框架, 无后门, 检测规则, 治理控制, 漏洞管理, 生成式AI安全, 结构化查询, 网络安全, 网络资产发现, 自动化安全, 虚拟机, 访问控制, 逆向工具, 隐私保护, 零信任安全, 风险评分