Ashwatha4502/ai-grit

GitHub: Ashwatha4502/ai-grit

Stars: 0 | Forks: 0

# 🛡️ AI-GRIT ### AI Governance & Red Team Intelligence Toolkit ![AI-GRIT Dashboard](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/8e4354c37d170209.png) ## What It Does **Module 1 — Governance Risk Engine** - Assesses any AI use case against **13 NIST AI RMF controls** across all 4 functions (Govern, Map, Measure, Manage) - Maps findings to **ISO 42001 clauses** and **OWASP LLM Top 10** - Produces a risk score, severity breakdown, and ranked remediation plan - Pre-built for regulated industries: HIPAA, GDPR, EU AI Act, FedRAMP, SOC 2 **Module 2 — Red Team Engine** - Runs **25 adversarial attacks** against a live local LLM (via Ollama — fully offline, no API key) - Attack categories: Prompt Injection, Jailbreak, Data Exfiltration, Excessive Agency, Insecure Output, Supply Chain - Scores model security grade (A–F) with per-attack vulnerability detection **Output — CISO-Ready PDF Report** - Cover page with executive summary and score cards - Full findings table (governance + red team) - 30-day prioritized remediation plan - Downloadable from the Streamlit UI ## Tech Stack | Tool | Purpose | |---|---| | Python 3.11+ | Core engine | | Streamlit | Dashboard UI | | Ollama | Local LLM runtime (Llama 3, Mistral, Phi-3) | | fpdf2 | PDF report generation | | Requests | Ollama API calls | ## Quick Start ### 1. Install Ollama and pull a model # Install Ollama: https://ollama.com ollama pull llama3 ### 2. Clone and install dependencies git clone https://github.com/YOUR_USERNAME/ai-grit.git cd ai-grit pip install -r requirements.txt ### 3. Run streamlit run app.py Open `http://localhost:8501` — configure your use case in the sidebar, hit **Run Full Assessment**. ## Use Case Demo: Healthcare LLM Triage The default demo assesses an LLM deployed inside a hospital EHR to triage patient messages — a real-world scenario from an HCA Healthcare data governance engagement. **Sample findings it surfaces:** - `MS-2.1` CRITICAL — Customer-facing LLM not red-teamed before deployment - `MN-3.1` HIGH — PHI processed with no retention/deletion policy - `MP-2.1` CRITICAL — HIPAA controls not applied to PHI data pipeline ## Frameworks Applied - **NIST AI RMF** (GOVERN · MAP · MEASURE · MANAGE) - **OWASP LLM Top 10** (LLM01–LLM10) - **ISO 42001** AI Management System clauses - **HIPAA Security Rule** technical safeguards ## Project Structure ai-grit/ ├── app.py # Streamlit dashboard ├── core/ │ └── risk_engine.py # NIST AI RMF control library + scoring ├── attacks/ │ └── red_team.py # 25-attack prompt injection library ├── reports/ │ └── generator.py # PDF report generation └── requirements.txt ## Why I Built This Built as part of a portfolio targeting AI Governance and Forward Deployed Engineering roles at cloud and AI companies. ## Author **Ashwatha Narayan** MS Cybersecurity, Northeastern University [LinkedIn](https://linkedin.com/in/ashwathanarayan) · raman.as@northeastern.edu Frameworks: NIST AI RMF · ISO 42001 · OWASP LLM Top 10 · HIPAA Capstone: Data governance & AI risk for HCA Healthcare (Mobile Heartbeat)