diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json index c36f54e..f905324 100644 --- a/vulnerability-rating-taxonomy.json +++ b/vulnerability-rating-taxonomy.json @@ -1380,6 +1380,19 @@ "name": "Application-Level Denial-of-Service (DoS)", "type": "category", "children": [ + { + "id": "excessive_resource_consumption", + "name": "Excessive Resource Consumption", + "type": "subcategory", + "children": [ + { + "id": "injection_prompt", + "name": "Injection (Prompt)", + "type": "variant", + "priority": "varies" + } + ] + }, { "id": "critical_impact_and_or_easy_difficulty", "name": "Critical Impact and/or Easy Difficulty", @@ -2460,11 +2473,47 @@ } ] }, +{ + "id": "ai_application_security", + "name": "AI Application Security", + "type": "category", + "children": [ { - "id": "indicators_of_compromise", - "name": "Indicators of Compromise", - "type": "category", - "priority": null + "id": "llm_security", + "name": "Large Language Model (LLM) Security", + "type": "subcategory", + "children": [ + { + "id": "prompt_injection", + "name": "Prompt Injection", + "type": "variant", + "priority": 1 + }, + { + "id": "llm_output_handling", + "name": "LLM Output Handling", + "type": "variant", + "priority": 1 + }, + { + "id": "training_data_poisoning", + "name": "Training Data Poisoning", + "type": "variant", + "priority": 1 + }, + { + "id": "excessive_agency_permission_manipulation", + "name": "Excessive Agency/Permission Manipulation", + "type": "variant", + "priority": 2 + } + ] } ] -} +}, +{ + "id": "indicators_of_compromise", + "name": "Indicators of Compromise", + "type": "category", + "priority": null +} \ No newline at end of file