tahr-test-ai-agents
Tahr Test AI Agents
Review the application as an attacker crossing data, instruction, identity, rendering, and tool boundaries. Treat payload catalogs as aids; make the proof discipline the center of the assessment.
Establish the boundary
- Confirm the repository, feature, identities, and runtime target placed in scope.
- Default to source-only analysis when authorization for active runtime testing is unclear.
- Identify protected accounts, production data, third-party integrations, and actions that must remain read-only.
- Do not modify application code, configuration, or deployed state unless the user separately requests remediation.
- Use disposable tenants, documents, objects, tools, callback collectors, and marker values for active tests.
Never delete data, transfer value, send real messages, publish content, rotate credentials, change privileges, exhaust a customer budget, or exfiltrate real private data. Bound concurrency, output length, request counts, and cost.
Build the real attack surface
Read methodology.md before selecting tests.
Trace model and embedding SDK calls to their actual HTTP, WebSocket, queue, or background-job entry points. Include supporting routes for uploads, knowledge bases, conversations, memory, feedback, model settings, tools, and shared views. When source is incomplete, inspect OpenAPI, client bundles, forms, runtime requests, streaming frames, and error shapes.