CounterSignal
Agentic AI content & supply chain attack toolkit. Generate, deploy, and track execution via out-of-band callback.
01 What It Does
Agentic AI content & supply chain attack toolkit. Three modules targeting different attack surfaces where AI agents ingest external content. Shared methodology: generate, deploy, and track execution via out-of-band callback. A callback proves the agent acted, not just that it responded.
countersignal ipi
Indirect Prompt Injection. Generate documents with hidden payloads — 34 hiding techniques across 7 formats (PDF, Image, Markdown, HTML, DOCX, ICS, EML) — and track execution via authenticated callbacks.
countersignal cxp
Context File Poisoning. Test whether poisoned project-level instruction files cause AI coding assistants to produce vulnerable code, exfiltrate data, or execute commands. 2 attack objectives across 3 assistant formats.
countersignal rxp
RAG Retrieval Poisoning. Generate documents optimized to win vector similarity battles in RAG systems, guaranteeing poisoned content reaches the LLM context window. Planned
02 Install
git clone https://github.com/q-uestionable-AI/countersignal.git
cd countersignal
uv sync --group devOr: pip install -e .