๐Ÿ›ก๏ธ NAIL Institute โ€” AVE Database

AVE Taxonomy โ€” 20 Attack Categories

Every vulnerability is classified into an attack surface or failure domain. Categories emerge from empirical observation of AI agent behaviour across 29 controlled experiments and 50,000+ adversarial simulations.

๐Ÿท๏ธ alignment โ€” Sycophancy, deceptive alignment, RLHF exploits (12 cards)

AVE-2025-0007 ๐ŸŸ  high Goodhart's Cartel
AVE-2025-0008 ๐ŸŸก medium Learned Helplessness
AVE-2025-0010 ๐ŸŸก medium Clever Hans Effect
AVE-2025-0012 ๐ŸŸ  high Sycophantic Collapse
AVE-2025-0015 ๐ŸŸก medium Observer Effect
AVE-2025-0024 ๐Ÿ”ด critical Deceptive Alignment
AVE-2025-0036 ๐ŸŸก medium Errors of Omission
AVE-2025-0043 ๐ŸŸ  high Sycophantic Compliance Cascade
AVE-2025-0050 ๐ŸŸก medium Multi-Turn Identity Confusion
AVE-2025-0081 ๐ŸŸ  high Instruction Hierarchy Inversion
AVE-2025-0082 ๐Ÿ”ด critical Objective Function Poisoning
AVE-2025-0083 ๐ŸŸก medium Value Lock-In Failure

๐Ÿท๏ธ composite โ€” (5 cards)

AVE-2025-0061 ๐Ÿ”ด critical Injection-to-Exfiltration Chain
AVE-2025-0062 ๐Ÿ”ด critical Memory-Assisted Privilege Escalation
AVE-2025-0063 ๐ŸŸ  high Social Engineering Relay
AVE-2025-0064 ๐Ÿ”ด critical Supply Chain to Backdoor Pipeline
AVE-2025-0065 ๐ŸŸ  high Cross-Modal Attack Chain

๐Ÿท๏ธ consensus โ€” Deadlock, paralysis, and group decision failures (3 cards)

AVE-2025-0002 ๐ŸŸ  high Consensus Paralysis
AVE-2025-0039 ๐ŸŸ  high Cross-Agent Belief Propagation
AVE-2025-0099 ๐ŸŸก medium Deliberation Deadlock Injection

๐Ÿท๏ธ credential โ€” Credential harvesting, secret exfiltration (4 cards)

AVE-2025-0028 ๐Ÿ”ด critical Credential Harvesting
AVE-2025-0042 ๐Ÿ”ด critical Credential Leakage via Tool Output
AVE-2025-0100 ๐Ÿ”ด critical API Key Harvesting via Prompt
AVE-2025-0104 ๐ŸŸ  high Environment Inheritance Leak

๐Ÿท๏ธ delegation โ€” Shadow delegation, privilege escalation (3 cards)

AVE-2025-0027 ๐ŸŸ  high Shadow Delegation
AVE-2025-0040 ๐Ÿ”ด critical Authority Gradient Exploitation
AVE-2025-0103 ๐ŸŸ  high Approval Display Divergence

๐Ÿท๏ธ drift โ€” Persona drift, language drift, goal drift (6 cards)

AVE-2025-0004 ๐ŸŸก medium Prompt Inbreeding
AVE-2025-0006 ๐ŸŸก medium Language Drift
AVE-2025-0031 ๐ŸŸ  high Temporal Persona Shift
AVE-2025-0047 ๐ŸŸ  high Reward Signal Manipulation
AVE-2025-0097 ๐ŸŸ  high Model Update Behavioural Drift
AVE-2025-0098 ๐ŸŸ  high Feedback Loop Amplification

๐Ÿท๏ธ environmental_manipulation โ€” (4 cards)

AVE-2025-0074 ๐Ÿ”ด critical Knowledge Base Poisoning
AVE-2025-0075 ๐ŸŸ  high Tool Response Spoofing
AVE-2025-0076 ๐ŸŸ  high Configuration Drift Attack
AVE-2025-0077 ๐ŸŸ  high Search Result Manipulation

๐Ÿท๏ธ fabrication โ€” Hallucination, data fabrication (1 cards)

AVE-2025-0049 ๐ŸŸก medium Fabricated Citation Attack

๐Ÿท๏ธ injection โ€” Prompt injection, indirect injection, jailbreaks (8 cards)

AVE-2025-0019 ๐ŸŸ  high Pydantic Schema Exploitation
AVE-2025-0030 ๐ŸŸ  high Semantic Trojan Horse
AVE-2025-0033 ๐Ÿ”ด critical Jailbreak Chaining for Capability Escalation
AVE-2025-0037 ๐Ÿ”ด critical Semantic Prompt Smuggling
AVE-2025-0090 ๐ŸŸ  high Multimodal Injection via Audio
AVE-2025-0091 ๐ŸŸ  high Encoding-Chain Injection
AVE-2025-0092 ๐ŸŸ  high Structured Data Injection
AVE-2025-0101 ๐Ÿ”ด critical Serialization Confused Deputy

๐Ÿท๏ธ memory โ€” Memory pollution, laundering, and poisoning attacks (9 cards)

AVE-2025-0001 ๐Ÿ”ด critical Sleeper Payload Injection
AVE-2025-0009 ๐Ÿ”ด critical Epistemic Contagion
AVE-2025-0022 ๐ŸŸ  high Memory Laundering
AVE-2025-0034 ๐Ÿ”ด critical Federated Poisoning in Multi-Tenant Systems
AVE-2025-0045 ๐ŸŸ  high Memory Provenance Laundering
AVE-2025-0087 ๐ŸŸ  high Selective Memory Deletion
AVE-2025-0088 ๐Ÿ”ด critical Cross-User Memory Leakage
AVE-2025-0089 ๐ŸŸ  high Memory Replay Attack
AVE-2025-0105 ๐Ÿ”ด critical State Persistence Deserialization

๐Ÿท๏ธ model_extraction โ€” (4 cards)

AVE-2025-0066 ๐ŸŸ  high System Prompt Extraction via Tool Logging
AVE-2025-0067 ๐ŸŸก medium Behavioural Model Fingerprinting
AVE-2025-0068 ๐Ÿ”ด critical Training Data Extraction via Memorization
AVE-2025-0069 ๐ŸŸก medium Embedding Space Probing

๐Ÿท๏ธ model_poisoning โ€” (3 cards)

AVE-2025-0078 ๐Ÿ”ด critical Fine-Tuning Backdoor Insertion
AVE-2025-0079 ๐Ÿ”ด critical Adapter Layer Poisoning
AVE-2025-0080 ๐ŸŸ  high Preference Data Manipulation

๐Ÿท๏ธ multi_agent_collusion โ€” (5 cards)

AVE-2025-0051 ๐Ÿ”ด critical Silent Majority Override
AVE-2025-0052 ๐ŸŸ  high Coordination Protocol Spoofing
AVE-2025-0053 ๐Ÿ”ด critical Emergent Goal Alignment
AVE-2025-0054 ๐Ÿ”ด critical Task Decomposition Laundering
AVE-2025-0055 ๐ŸŸ  high Reputation Poisoning Attack

๐Ÿท๏ธ resource โ€” Token embezzlement, EDoS, cost anomaly attacks (3 cards)

AVE-2025-0003 ๐Ÿ”ด critical Token Embezzlement (EDoS)
AVE-2025-0035 ๐ŸŸก medium Attention Smoothing
AVE-2025-0038 ๐ŸŸ  high Autonomous Resource Exhaustion

๐Ÿท๏ธ reward_hacking โ€” (4 cards)

AVE-2025-0070 ๐ŸŸ  high Metric Gaming via Output Manipulation
AVE-2025-0071 ๐ŸŸ  high Evaluator Exploitation
AVE-2025-0072 ๐ŸŸ  high Specification Gaming in Multi-Agent Rewards
AVE-2025-0073 ๐ŸŸก medium Sycophantic Reward Maximisation

๐Ÿท๏ธ social โ€” Collusion, bystander effect, social loafing (6 cards)

AVE-2025-0005 ๐ŸŸก medium CYA Cascade
AVE-2025-0021 ๐ŸŸ  high Algorithmic Bystander Effect
AVE-2025-0025 ๐ŸŸ  high Agent Collusion
AVE-2025-0046 ๐Ÿ”ด critical Emergent Collusion in Agent Teams
AVE-2025-0093 ๐ŸŸ  high Authority Spoofing
AVE-2025-0094 ๐ŸŸก medium Emotional Manipulation of Agent

๐Ÿท๏ธ structural โ€” Cascade corruption, routing deadlock (13 cards)

AVE-2025-0011 ๐ŸŸก medium Prompt Satiation
AVE-2025-0016 ๐ŸŸก medium Upgrade Regression
AVE-2025-0017 ๐ŸŸ  high Container Isolation Bleed
AVE-2025-0018 ๐ŸŸก medium Somatic Blindness
AVE-2025-0020 ๐Ÿ”ด critical Multi-Pathology Compound Attack
AVE-2025-0023 ๐ŸŸก medium Static Topology Fragility
AVE-2025-0044 ๐ŸŸ  high Schema Poisoning Attack
AVE-2025-0048 ๐ŸŸก medium Context Window Boundary Attack
AVE-2025-0084 ๐Ÿ”ด critical Dependency Confusion in Agent Toolchains
AVE-2025-0085 ๐Ÿ”ด critical Orchestrator Single Point of Failure
AVE-2025-0086 ๐ŸŸก medium Schema Version Mismatch Exploitation
AVE-2025-0102 ๐Ÿ”ด critical Fail-Open Sandbox Degradation
AVE-2025-0106 ๐ŸŸ  high Checkpoint Injection Chain

๐Ÿท๏ธ temporal โ€” Chronological desync, sleeper payloads (3 cards)

AVE-2025-0013 ๐ŸŸก medium Chronological Desync
AVE-2025-0029 ๐Ÿ”ด critical Temporal Sleeper Agent
AVE-2025-0041 ๐ŸŸก medium Temporal Consistency Drift

๐Ÿท๏ธ temporal_exploitation โ€” (5 cards)

AVE-2025-0056 ๐ŸŸ  high Context Window Exhaustion Attack
AVE-2025-0057 ๐ŸŸก medium Rate Limit Window Exploitation
AVE-2025-0058 ๐ŸŸ  high Session State Persistence Attack
AVE-2025-0059 ๐ŸŸก medium Temporal Reasoning Exploitation
AVE-2025-0060 ๐ŸŸ  high Gradual Drift Injection

๐Ÿท๏ธ tool โ€” Confused deputy, tool chain exploits, MCP poisoning (5 cards)

AVE-2025-0014 ๐ŸŸ  high MCP Tool Registration Poisoning
AVE-2025-0026 ๐Ÿ”ด critical Confused Deputy Attack
AVE-2025-0032 ๐Ÿ”ด critical Multi-Hop Tool Chain Exploitation
AVE-2025-0095 ๐Ÿ”ด critical Tool Output Injection
AVE-2025-0096 ๐Ÿ”ด critical Tool Permission Escalation