mirror of https://github.com/aliasrobotics/cai.git
Add DISCLAIMER and some minor refinements on README
Signed-off-by: Víctor Mayoral Vilches <v.mayoralv@gmail.com>
This commit is contained in:
parent
45832e47b7
commit
624f548bec
|
|
@ -0,0 +1,31 @@
|
|||
## Legal disclaimer for CAI
|
||||
|
||||
### **1. Compliance & Intended Use**
|
||||
CAI is an AI-powered cybersecurity evaluation tool intended to assist in security assessments of robotic and other automated systems. It is designed to operate under a "human-on-the-loop" principle, ensuring oversight and mitigating risks associated with autonomous decision-making.
|
||||
|
||||
The software is developed in alignment with **ethical AI principles** and is intended to support compliance with the **EU AI Act** and other applicable cybersecurity regulations. However, it is the sole responsibility of the user to ensure adherence to all relevant laws and standards when deploying or modifying this software.
|
||||
|
||||
### **2. Open Source Notice & Responsibility**
|
||||
This source code is provided under the license terms detailed in the accompanying `LICENSE` file. Portions of CAI are released as **open-source** to encourage transparency and community collaboration.
|
||||
|
||||
Please note:
|
||||
- The software is provided "**as is**", without warranty of any kind.
|
||||
- The authors and contributors assume **no liability** for any damages, data loss, or legal consequences arising from its use.
|
||||
- Users must conduct **appropriate testing and validation** before deploying this software in any production or mission-critical environment.
|
||||
|
||||
### **3. Security & Ethical Use**
|
||||
- **Non-Disruptive Use Only:** CAI is intended for research, education, and evaluation purposes. It must **not** be used to disrupt, manipulate, or interfere with live production systems.
|
||||
- **Authorized Access Required:** Cybersecurity assessments or testing using this tool must be conducted **only with explicit permission** from the system owner.
|
||||
- **Qualified Use:** This software should be used by **trained professionals** following industry best practices and applicable organizational security policies.
|
||||
|
||||
### **4. Limitations**
|
||||
- Use of this tool does **not guarantee** full protection against cyber threats or compliance with any regulatory framework.
|
||||
- It is **not a substitute** for formal cybersecurity audits, penetration testing services, or legal compliance assessments.
|
||||
- Users are fully responsible for the consequences of how they apply or modify the code.
|
||||
|
||||
### **5. Contact & Contributions**
|
||||
We welcome community contributions to improve CAI. To contribute, report bugs, or request clarification on legal or compliance issues, please use [GitHub Issues/Support Email].
|
||||
|
||||
---
|
||||
|
||||
By downloading, using, or modifying this source code, you agree to the terms of the `LICENSE` and the limitations outlined in this disclaimer.
|
||||
61
README.md
61
README.md
|
|
@ -10,19 +10,7 @@
|
|||
</a>
|
||||
</p>
|
||||
|
||||
## 🎯 Milestones
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[_world-red.svg)](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://lu.ma/roboticshack?tk=RuryKF)
|
||||
[](https://github.com/aliasrobotics/cai)
|
||||
|
||||
## 📦 Package Attributes
|
||||
[](https://badge.fury.io/py/cai-framework)
|
||||
[](https://pypistats.org/packages/cai-framework)
|
||||
[](https://github.com/aliasrobotics/cai)
|
||||
|
|
@ -39,19 +27,22 @@
|
|||
|
||||
A lightweight, ergonomic framework for building bug bounty-ready Cybersecurity AIs (CAIs).
|
||||
|
||||
| CAI with `alias0` on ROS message injection attacks in MiR-100 robot | CAI with `alias0` on API vulnerability discovery at Mercado Libre |
|
||||
|-----------------------------------------------|---------------------------------|
|
||||
| [](https://asciinema.org/a/dNv705hZel2Rzrw0cju9HBGPh) | [](https://asciinema.org/a/9Hc9z1uFcdNjqP3bY5y7wO1Ww) |
|
||||
|
||||
|
||||
| CAI on JWT@PortSwigger CTF — Cybersecurity AI | CAI on HackableII Boot2Root CTF — Cybersecurity AI |
|
||||
|-----------------------------------------------|---------------------------------|
|
||||
| [](https://asciinema.org/a/713487) | [](https://asciinema.org/a/713485) |
|
||||
|
||||
|
||||
> [!NOTE]
|
||||
> We encourage you to read CAI's the technical report at https://arxiv.org/pdf/2504.06017.
|
||||
|
||||
|
||||
| `OT` - CAI and alias0 on: Ecoforest Heat Pumps | `Robotics` - CAI and alias0 on: Mobile Industrial Robots (MiR) |
|
||||
|------------------------------------------------|---------------------------------|
|
||||
| CAI discovers critical vulnerability in Ecoforest heat pumps allowing unauthorized remote access and potential catastrophic failures. AI-powered security testing reveals exposed credentials and DES encryption weaknesses affecting all of their deployed units across Europe. | CAI-powered security testing of MiR (Mobile Industrial Robot) platform through automated ROS message injection attacks. This study demonstrates how AI-driven vulnerability discovery can expose unauthorized access to robot control systems and alarm triggers. |
|
||||
| [](https://aliasrobotics.com/case-study-ecoforest.php) | [](https://aliasrobotics.com/case-study-cai-mir.php) |
|
||||
|
||||
| `IT` (Web) - CAI and alias0 on: Mercado Libre's e-commerce | `OT` - CAI and alias0 on: MQTT broker |
|
||||
|------------------------------------------------|---------------------------------|
|
||||
| CAI-powered API vulnerability discovery at Mercado Libre through automated enumeration attacks. This study demonstrates how AI-driven security testing can expose user data exposure risks in e-commerce platforms at scale. | CAI-powered testing exposed critical flaws in an MQTT broker within a Dockerized OT network. Without authentication, CAI subscribed to temperature and humidity topics and injected false values, corrupting data shown in Grafana dashboards. |
|
||||
| [](https://aliasrobotics.com/case-study-mercado-libre.php) | [](https://aliasrobotics.com/case-study-cai-mqtt-broker.php) |
|
||||
|
||||
|
||||
|
||||
> [!WARNING]
|
||||
> :warning: CAI is in active development, so don't expect it to work flawlessly. Instead, contribute by raising an issue or [sending a PR](https://github.com/aliasrobotics/cai/pulls).
|
||||
>
|
||||
|
|
@ -62,9 +53,9 @@ A lightweight, ergonomic framework for building bug bounty-ready Cybersecurity A
|
|||
## :bookmark: Table of Contents
|
||||
|
||||
- [Cybersecurity AI (`CAI`)](#cybersecurity-ai-cai)
|
||||
- [🎯 Milestones](#-milestones)
|
||||
- [📦 Package Attributes](#-package-attributes)
|
||||
- [:bookmark: Table of Contents](#bookmark-table-of-contents)
|
||||
- [🎯 Milestones](#-milestones)
|
||||
- [PoCs](#pocs)
|
||||
- [Motivation](#motivation)
|
||||
- [:bust\_in\_silhouette: Why CAI?](#bust_in_silhouette-why-cai)
|
||||
- [Ethical principles behind CAI](#ethical-principles-behind-cai)
|
||||
|
|
@ -101,6 +92,28 @@ A lightweight, ergonomic framework for building bug bounty-ready Cybersecurity A
|
|||
|
||||
|
||||
|
||||
## 🎯 Milestones
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[-red.svg)](https://app.hackthebox.com/users/2268644)
|
||||
[_world-red.svg)](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://ctf.hackthebox.com/event/2000/scoreboard)
|
||||
[](https://lu.ma/roboticshack?tk=RuryKF)
|
||||
|
||||
## PoCs
|
||||
| CAI with `alias0` on ROS message injection attacks in MiR-100 robot | CAI with `alias0` on API vulnerability discovery at Mercado Libre |
|
||||
|-----------------------------------------------|---------------------------------|
|
||||
| [](https://asciinema.org/a/dNv705hZel2Rzrw0cju9HBGPh) | [](https://asciinema.org/a/9Hc9z1uFcdNjqP3bY5y7wO1Ww) |
|
||||
|
||||
|
||||
| CAI on JWT@PortSwigger CTF — Cybersecurity AI | CAI on HackableII Boot2Root CTF — Cybersecurity AI |
|
||||
|-----------------------------------------------|---------------------------------|
|
||||
| [](https://asciinema.org/a/713487) | [](https://asciinema.org/a/713485) |
|
||||
|
||||
|
||||
## Motivation
|
||||
### :bust_in_silhouette: Why CAI?
|
||||
The cybersecurity landscape is undergoing a dramatic transformation as AI becomes increasingly integrated into security operations. **We predict that by 2028, AI-powered security testing tools will outnumber human pentesters**. This shift represents a fundamental change in how we approach cybersecurity challenges. *AI is not just another tool - it's becoming essential for addressing complex security vulnerabilities and staying ahead of sophisticated threats. As organizations face more advanced cyber attacks, AI-enhanced security testing will be crucial for maintaining robust defenses.*
|
||||
|
|
|
|||
Loading…
Reference in New Issue