Skip to content

docs: add Static Analysis Complement to ASI mapping#179

Open
ppcvote wants to merge 1 commit into
sint-ai:mainfrom
ppcvote:static-analysis-complement
Open

docs: add Static Analysis Complement to ASI mapping#179
ppcvote wants to merge 1 commit into
sint-ai:mainfrom
ppcvote:static-analysis-complement

Conversation

@ppcvote
Copy link
Copy Markdown

@ppcvote ppcvote commented Apr 21, 2026

Summary

Adds a Static Analysis Complement section to docs/conformance/owasp-asi-mapping.md, establishing the correlation between pre-deployment prompt defense posture and SINT's runtime security enforcement.

  • Maps 12 static defense vectors to ASI01–ASI10 controls
  • Includes production gap rates from 1,589 real-world system prompts (4 public datasets, jailbreaks removed)
  • Defines the testable correlation: static defense absence → higher runtime attack success rate
  • Deep-maps ASI01 heuristic families to corresponding static vectors
  • Cross-references ecosystem implementations (Cisco MCP Scanner, Microsoft Agent Governance, Guardrails AI Hub, UltraProbe)

Placement

After the existing "Known Gaps" section, before "Certification Notes" — as requested by @pshkv in HeadyZhang/agent-audit#5.

Key data points

Metric Value
Prompts analyzed 1,589
Average score 15/100
Score F (0-29) 78.3%
Worst gap Indirect Injection (97.9% missing)
Best coverage Data Protection (9.8% missing)

What this enables

SINT fixture attack payloads (e.g., ASI01-attack-role-override-you-are-now) can now serve as regression seeds for static defense calibration. When a prompt scores 0/100 statically, these attacks should succeed at a higher rate than when the prompt scores 90/100 — creating a measurable correlation between the two layers.

Ref: HeadyZhang/agent-audit#5

🤖 Generated with Claude Code

@ppcvote @claude
docs: add Static Analysis Complement section to ASI mapping
e49881f 
Maps 12 static prompt defense vectors to ASI01–ASI10 controls with
production gap rates from 1,589 real-world system prompts. Establishes
the correlation layer between pre-deployment defense posture (static)
and runtime detection (SINT PolicyGateway).

Key data:
- 78.3% of prompts score F on static defense audit
- 97.9% lack indirect injection defense
- 97.2% lack unicode attack defense
- 93.8% lack role boundary enforcement

Cross-references: UltraProbe, Cisco MCP Scanner (PR sint-ai#146),
Microsoft Agent Governance (PR #854), Guardrails AI Hub validator,
HeadyZhang/agent-audit.

Ref: HeadyZhang/agent-audit#5

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@ppcvote ppcvote requested a review from pshkv as a code owner April 21, 2026 16:07
@ppcvote ppcvote mentioned this pull request Apr 21, 2026
Open
@ppcvote ppcvote mentioned this pull request May 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pshkv pshkv Awaiting requested review from pshkv pshkv is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ppcvote