I've been doing AI red teaming for the past year and kept running into the same problem: there's no comprehensive catalog of how AI systems actually get broken.

So I built one. 122 distinct attack techniques across 11 categories, mapped to OWASP LLM Top 10 and MITRE ATLAS.

Categories: - Prompt Injection (20 attacks) - Jailbreaks (22) - System Prompt Leakage (12) - Vision/Multimodal (12) - Excessive Agency / Tool Abuse (12) - Multi-Turn Manipulation (8) - Sensitive Info Disclosure (10) - Supply Chain (8) - Vector/Embedding Attacks (8) - Improper Output Handling (8) - Unbounded Consumption (2)

What's included: IDs, names, descriptions, severity ratings, framework mappings, remediation guidance, code examples.

What's NOT included: actual payloads, detection logic, model-specific success rates. This is a taxonomy, not an exploit database.

The goal is to give security teams a checklist and common language for AI security assessments.

Apache 2.0 licensed. PRs welcome for new techniques, framework mappings (NIST, ISO, etc.), and remediation improvements.

https://github.com/tachyonicai/tachyonic-heuristics