Update vulnerability-rating-taxonomy.json

vulnerability-rating-taxonomy.json

@@ -1380,6 +1380,19 @@
       "name": "Application-Level Denial-of-Service (DoS)",
       "type": "category",
       "children": [
+        {
+          "id": "excessive_resource_consumption",
+          "name": "Excessive Resource Consumption",
+          "type": "subcategory",
+          "children": [
+            {
+              "id": "injection_prompt",
+              "name": "Injection (Prompt)",
+              "type": "variant",
+              "priority": "varies"
+            }
+          ]
+        },
         {
           "id": "critical_impact_and_or_easy_difficulty",
           "name": "Critical Impact and/or Easy Difficulty",
@@ -2460,11 +2473,47 @@
         }
       ]
     },
+{
+  "id": "ai_application_security",
+  "name": "AI Application Security",
+  "type": "category",
+  "children": [
     {
-      "id": "indicators_of_compromise",
-      "name": "Indicators of Compromise",
-      "type": "category",
-      "priority": null
+      "id": "llm_security",
+      "name": "Large Language Model (LLM) Security",
+      "type": "subcategory",
+      "children": [
+        {
+          "id": "prompt_injection",
+          "name": "Prompt Injection",
+          "type": "variant",
+          "priority": 1
+        },
+        {
+          "id": "llm_output_handling",
+          "name": "LLM Output Handling",
+          "type": "variant",
+          "priority": 1
+        },
+        {
+          "id": "training_data_poisoning",
+          "name": "Training Data Poisoning",
+          "type": "variant",
+          "priority": 1
+        },
+        {
+          "id": "excessive_agency_permission_manipulation",
+          "name": "Excessive Agency/Permission Manipulation",
+          "type": "variant",
+          "priority": 2
+        }
+      ]
     }
   ]
-}
+},
+{
+  "id": "indicators_of_compromise",
+  "name": "Indicators of Compromise",
+  "type": "category",
+  "priority": null
+}