whatisgithub

What is ai-kill-chain?

gouravnagar-infosec/ai-kill-chain — explained in plain English

Analysis updated 2026-05-18

36Audience · researcherComplexity · 1/5LicenseSetup · easy

In one sentence

A written framework that extends the classic Cyber Kill Chain model to cover attacks against large language models and AI agents.

Mindmap

mindmap
  root((repo))
    What it does
      Extends Cyber Kill Chain
      Covers AI and LLM attacks
      Adds new stages
    Tech stack
      Documentation framework
    Use cases
      SOC detection reference
      Compare to ATLAS and OWASP
      Study case studies
    Audience
      Security researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Reference AI-specific attack stages when building SOC detection rules

USE CASE 2

Compare this kill chain view against MITRE ATLAS and the OWASP LLM Top 10

USE CASE 3

Study worked case studies of AI supply chain and prompt injection attacks

How does it compare?

gouravnagar-infosec/ai-kill-chain28998306/magicalcanvasaaaa-zhen/siri-glsl
Stars363636
LanguageTypeScriptHTML
Setup difficultyeasymoderateeasy
Complexity1/53/52/5
Audienceresearchergeneraldesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 30min

It is a documentation framework, not software, no installation involved.

So what is it?

This repository is a written framework, not a piece of software. It is a defender focused update to the Lockheed Martin Cyber Kill Chain, the seven stage model that security teams have used since 2011 to describe how a network intrusion unfolds. The author, Gourav Nagar, argues that the original model does not cover modern attacks against large language models and AI agents, and proposes an extended version that adds new stages and sub techniques for those cases. The framework makes three additions to the original seven stages. It adds a new pre attack stage called Stage 0, Model Supply Chain Compromise, which describes adversary activity against the AI supply chain itself, such as poisoned training datasets or tampered pre trained models published to public registries. It adds AI specific sub techniques inside each of the original seven stages, each tagged with an EKC identifier so SOC playbooks and detection rules can reference them. And it splits the final stage, Actions on Objectives, into three peer sub stages: classical data exfiltration, model extraction, and agentic pivot. The README explains why the original model needs an update. Attacks now have a pre network stage that a kill chain starting at Reconnaissance has nowhere to place. Large language models cannot reliably separate instructions from content, so Delivery and Exploitation collapse into indirect prompt injection. Model weights, fine tuning data, and system prompts are themselves targets, which means the term data exfiltration is too narrow. And AI agents with tool access can pivot through legitimate permissions instead of using classical lateral movement techniques. The document positions itself relative to other industry references. It is not meant to replace MITRE ATLAS or the OWASP LLM Top 10. ATLAS, in its current version, is a matrix with sixteen tactics and over eighty techniques. OWASP gives a list of risk categories for application builders. The author argues that neither is shaped like a kill chain, and that defenders who already think in stage by stage disruption logic need a kill chain shaped view of the same threat surface. The table of contents shows what else is inside: a stage by stage specification, a section relating the framework to ATLAS, OWASP, and the NIST AI Risk Management Framework, worked case studies, detection and mitigation guidance, an originality statement, citation instructions, and references. License is CC BY 4.0. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Explain the new Stage 0 Model Supply Chain Compromise stage in this framework
Prompt 2
How does this framework relate to MITRE ATLAS and the OWASP LLM Top 10
Prompt 3
Summarize the three sub stages this framework adds to Actions on Objectives
Prompt 4
Walk me through a worked case study from this kill chain document

Frequently asked questions

What is ai-kill-chain?

A written framework that extends the classic Cyber Kill Chain model to cover attacks against large language models and AI agents.

How hard is ai-kill-chain to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is ai-kill-chain for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.