OWASP Cornucopia version 2.3 release

2 views
Skip to first unread message

johan sydseter

unread,
Jun 11, 2025, 3:44:14 PMJun 11
to Cornucopia Project

Are you letting the AI do the threat modeling for you?

chance of survival_banner.png

There is no need to let machines take over the world! Threat model using "Elevation of MLSec" on copi.owasp.org instead. Our survival depends on it!

At copi.owasp.org you can now play Elevation of MLSec to threat model your AI models.

Read more about "Elevation of MLSec" and the latest release of OWASP Cornucopia 2.3: https://dev.to/owasp/threat-modeling-your-ai-models-using-ai-29e1


Elevation of MLsec is an unofficial Machine Learning Security (MLsec) extension of Microsoft's Elevation of Privilege threat modeling card game. These playing cards portray risks associated with machine learning (ML) that have been identified by research groups. It is suitable to play this game with or without the original Elevation of Privilege deck depending on the nature of what you're threat modeling. The intention of these cards is primarily to improve the security of ML systems themselves, as opposed to using ML for security.

The work is based mainly on Berryville Institute for Machine Learnings (BIML)’s architectural risk analysis for machine learning systems (BIML-78) and their LLM analysis (BIML-LLM24), found on berryvilleiml.com. The game also adds a few somewhat supplementary LLM specific threats from OWASP’s TOP 10 list for Large Language Model Applications found on owasp.org.

The game was created by Elias Brattli Sørensen and designed by Jorun Kristin Bremseth while working at Kantega. You can download the design files from their repository if you would like to print a physical version of the game.

Version 2.3 of OWASP Cornucopia brings with it "Elevation of MLSec" as an option when you select a new game at copi.owasp.org. If you like, it's also possible to install Copi yourself. Read more about that here: https://cornucopia.owasp.org/copi

Colin Watson

unread,
Jun 12, 2025, 10:56:50 AMJun 12
to johan sydseter, Cornucopia Project
Bravo, making this available in Copi is great.

Colin

--
You received this message because you are subscribed to the Google Groups "Cornucopia Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.
To view this discussion visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAN5K%3DKKb6VivERqQnALJwwuj_eadExaDTsuFmdL5A5fKa4jjVw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages