Workbench
1
Template Editor2
Validation FailureSelect an Architect Template
All
Test
Tool
Attack
● TEST
OWASP LLM Test Suite
Structured assurance tests targeting OWASP LLM Top 10 risks. Generates reproducible test packages with pass/fail assertions.
● TOOL
Blue Team Scanner
Network and endpoint discovery tools for cataloging AI service endpoints, request patterns, and model telemetry.
● ATTACK
Red Team Payload Generator
Offensive extension template for crafting adversarial payloads, flood scenarios, and malformed input attacks.
● TOOL
Monitoring Agent
Continuous monitoring for model drift, behavioral anomalies, and policy violations in production LLM deployments.
Describe the extension
e.g. "Create a tool extension to crawl the network and find AI requests, name it IntelMap" · ⌘↩ to generate
⚡ Fields marked inferred were extracted from your prompt — review before generating.
Extension Metadata
Name *inferred
Version *
Category *
Author *
Description *
OWASP Reference inferred
Tags inferred
Generating via claude-sonnet-4 · Anthropic
Iteration 1 / 3
Step
▶ Generating
Validating
Waiting…
Correcting
Waiting…
LLM Output Stream
extension_yaml: |
apiVersion: hactu8.owasp.org/v1
kind: Extension
metadata:
name: llm04-data-poisoning-test
version: 1.0.0
category: test
owasp_ref: LLM04:2025
spec:
entrypoint: main.py
language: python
steps:
- Load poisoning payload corpus
- Submit adversarial training inputs
apiVersion: hactu8.owasp.org/v1
kind: Extension
metadata:
name: llm04-data-poisoning-test
version: 1.0.0
category: test
owasp_ref: LLM04:2025
spec:
entrypoint: main.py
language: python
steps:
- Load poisoning payload corpus
- Submit adversarial training inputs
Artifacts
●extension.yaml
◌main.py
◌README.md
extension.yaml
# HACTU8 Extension — generated by IAC Workbench
apiVersion: hactu8.owasp.org/v1
kind: Extension
metadata:
name: llm04-data-poisoning-test
version: 1.0.0
category: test
author: mroxberry
description: Automated test suite for LLM04:2025
owasp_ref: LLM04:2025
tags: [data-poisoning, llm04, test]
spec:
entrypoint: main.py
language: python
template_id: owasp-llm-test-v1.2
inputs:
- name: target_endpoint
type: string
required: true
steps:
- Load poisoning payload corpus
- Submit adversarial training inputs
- Evaluate model response drift
- Generate assurance report
apiVersion: hactu8.owasp.org/v1
kind: Extension
metadata:
name: llm04-data-poisoning-test
version: 1.0.0
category: test
author: mroxberry
description: Automated test suite for LLM04:2025
owasp_ref: LLM04:2025
tags: [data-poisoning, llm04, test]
spec:
entrypoint: main.py
language: python
template_id: owasp-llm-test-v1.2
inputs:
- name: target_endpoint
type: string
required: true
steps:
- Load poisoning payload corpus
- Submit adversarial training inputs
- Evaluate model response drift
- Generate assurance report
Validation
✓ PASSSchema validation
✓ PASSName format
✓ PASSVersion semver
✓ PASSCategory valid
✓ PASSEntrypoint exists
✓ PASSOWASP ref format
Generated Files
📄extension.yaml
🐍main.py
📝README.md
All checks passed
6 / 6 validations
Template Identity
Template Name *
Version *
Extension Category *
Author
Description
Metadata Field Rules
Field
Required
Infer from prompt
name—
version—
owasp_ref
tags
+ Add custom field
System Prompt
Injected as LLM system context during generation. Use {variable} tokens for dynamic substitution.
Output Contract
Files the LLM must produce. Missing required files = validation failure.
✓extension.yamlrequired
✓main.pyrequired
✓README.mdrequired
Validates against schema
Scaffold Stub
Starter code injected into the generation context. LLM fills the implementation.
1# HACTU8 Extension Stub — {name}
2# Category: {category} | OWASP: {owasp_ref}
3
4from hactu8.sdk import Extension, TestResult
5
6class {ClassName}(Extension):
7 def run(self, inputs) -> TestResult:
8 # TODO: implement
9 raise NotImplementedError
✕ 3 issues found — extension.yaml
ERROR
line 6 · metadata.version
Invalid semver. Got "v1.0" — expected "1.0.0"
↳ Apply fix: replace with "1.0.0"
ERROR
line 14 · spec.entrypoint
Entrypoint "run.py" not in file list. Available: main.py
↳ Apply fix: change to "main.py"
WARN
line 9 · metadata.tags
Field tags is empty — recommended for registry discoverability.
↳ Infer tags from prompt context
extension.yaml — inline diagnostics
1apiVersion: hactu8.owasp.org/v1
2kind: Extension
3metadata:
4 name: llm04-data-poisoning-test
5 category: test
6 version: "v1.0"✕ invalid semver
7 author: mroxberry
8 description: Automated test suite for LLM04:2025
9 tags: []⚠ empty — add tags
10 owasp_ref: LLM04:2025
11spec:
12 language: python
13 template_id: owasp-llm-test-v1.2
14 entrypoint: "run.py"✕ file not found
15 inputs:
16 - name: target_endpoint
17 type: string
18 required: true
Correction context → LLM (iteration 2)
# Validation errors from iteration 1 — fix these:
ERROR metadata.version: must be semver (e.g. "1.0.0"), got "v1.0"
ERROR spec.entrypoint: "run.py" not in file list; use "main.py"
WARN metadata.tags: empty array; infer from extension purpose
# Return corrected JSON only. Do not change other fields.
ERROR metadata.version: must be semver (e.g. "1.0.0"), got "v1.0"
ERROR spec.entrypoint: "run.py" not in file list; use "main.py"
WARN metadata.tags: empty array; infer from extension purpose
# Return corrected JSON only. Do not change other fields.