A lab track for prompt injection, data leakage, tool abuse, and AI product governance testing.
Research question
Which AI application failures matter most when models can retrieve sensitive context, call tools, influence workflow actions, summarize regulated data, or interact with external users?
The lab treats AI security as product security plus data governance plus workflow abuse. Model quality alone is not enough.
Abuse cases
Cyberpert tests direct prompt injection, indirect prompt injection, retrieval poisoning, unsafe tool invocation, sensitive-context exposure, output integrity failure, authorization confusion, and policy bypass through multi-step workflows.
The OWASP GenAI security project is a useful reference because it organizes risks around model behavior, prompts, retrieval, agents, plugins, data exposure, and governance weaknesses.
Control experiments
Control experiments include scoped tools, explicit authorization boundaries, source labeling, sensitive-context minimization, approval gates, output validation, abuse-case test suites, and logging that connects model actions to user intent.
The lab also measures whether product teams can explain why the model received a piece of context and what it was allowed to do with it.
Public output
Outputs include an abuse-case catalog, AI control checklist, secure AI product review method, logging requirements, and tabletop injects for AI-enabled business workflows.
The intended user is not only the security team. Product, legal, compliance, data, and engineering leaders all need a shared control language for AI-enabled systems.
Why the lab matters
AI-enabled products now retrieve sensitive context, call tools, summarize regulated data, and influence business workflows. That makes prompt injection, tool abuse, retrieval poisoning, data leakage, and authorization confusion practical security problems rather than theoretical model issues.
NIST AI RMF and secure-by-design principles both point to the same conclusion: AI systems need documented use cases, bounded permissions, measurable controls, monitored failures, and accountable owners.
Testing method
The lab tests direct and indirect prompt injection, untrusted retrieval content, malicious documents, unsafe tool calls, over-broad connectors, sensitive context exposure, and multi-step policy bypass. Each case is translated into product controls and logging requirements.
Outputs include abuse-case catalogs, product security checklists, approval-gate patterns, tool-scope designs, red-team scripts, and executive risk notes for teams deploying AI inside regulated or high-trust environments.
