OWASP And MITRE Mapping
Purple Firefish modules and findings include mapping fields for OWASP LLM Top 10 2025 and MITRE ATLAS. These mappings help security reviewers understand coverage, prioritize findings, and compare results across campaigns.
OWASP LLM Top 10 2025
Firefish modules can map to categories such as:
- LLM01:2025 Prompt Injection.
- LLM02:2025 Sensitive Information Disclosure.
- LLM05:2025 Improper Output Handling.
- LLM06:2025 Excessive Agency.
- LLM07:2025 System Prompt Leakage.
- LLM08:2025 Vector and Embedding Weaknesses.
- LLM10:2025 Unbounded Consumption.
MITRE ATLAS
Findings can include:
- Tactic IDs.
- Technique IDs.
- Technique names.
- Mitigations.
- References.
Coverage Matrix
The coverage matrix aggregates modules and campaign results by mapping:
- Tested: a mapped module ran.
- Vulnerable: a mapped module produced a vulnerability finding.
- Protected: Firefish or the target blocked, sandboxed, redacted, or safely refused the scenario.
- Inconclusive: the module ran but did not produce a clear pass or vulnerable outcome.
- Not tested: a mapped module exists but was not run in this campaign.
This is a coverage aid, not a proof that untested attack paths are safe.
