Reference Implementation Submission: Agent Trust Bench -- live adversarial payment-flow test corpus (138 profiles, OWASP LLM Top-10 aligned)

[chopmob-cloud]

Submitting the Agent Trust Bench as a reference implementation / community testing resource for the OWASP Top 10 for LLM Applications working group.

Agent Trust Bench -- https://agent-trust-bench.algovoi.co.uk
Docs -- https://docs.algovoi.co.uk/agent-trust-bench

Scope: Live adversarial test bench for AI agents that handle x402/A2A payment flows -- the agentic-payment surface currently underrepresented in OWASP LLM test corpora. 138 profiles across 30 threat categories, OWASP LLM Top-10 aligned.

Category coverage:

OWASP	Profiles (count)
LLM01 Prompt Injection	injection, jailbreak-meta, replay, jailbreak-sequence (18)
LLM06 Sensitive Info Disclosure	credential exposure, key-leak probes (8)
LLM07 Insecure Plugin Design	malformed schema, structural placement, amount formatting (16)
LLM08 Excessive Agency	orchestrator-auth bypass, capability-inject, commitment-forcing (14)
LLM09 Overreliance	authority spoofing, urgency, mismatch, currency drift (22)
LLM02 Insecure Output Handling	response validation, output injection (6)
LLM05 Supply Chain	dependency confusion, tampered tool response (4)
FATF	sanctioned counterparty, jurisdiction override, velocity (12)

Distinctive properties:

• Live endpoint, not a static dataset -- agents make real HTTP calls against adversarial payment challenges
• Fake-signed, safe replay -- $1 USDC cap enforced server-side, 30-day responsible-disclosure window
• Three reference personas (safe / aggressive / unbounded) for cross-LLM comparison
• Machine-readable discovery for CI integration: GET https://agent-trust-bench.algovoi.co.uk/.well-known/x402.json
• Per-profile event log -- failures are debuggable, not just numeric

MIT-licensed runner. No account required.

Happy to answer questions from the working group or contribute profiles to the ASI taxonomy mapping effort.

[chopmob-cloud]

Phase 9 update: ATB has expanded since this submission.

Current state: 160 profiles across 36 threat categories (was 138/31 at time of submission).

Phase 9 additions (2026-05-31):

• RAG/knowledge poisoning (4 profiles) — LLM01
• Context exhaustion (3 profiles) — LLM01
• Cross-chain race conditions (3 profiles) — LLM09
• Simulation escape (2 profiles) — LLM08
• Tool schema confusion (2 profiles) — LLM07

The most significant change for this working group: OWASP category tags are now machine-readable directly in every live 402 challenge. Every adversarial profile exposes owasp_category and owasp_name in accepts[].extra so agents and tooling can classify failures without consulting documentation.

Updated profile table and methodology: docs.algovoi.co.uk/agent-trust-bench

AlgoVoi (chopmob-cloud) -- Acquisition enquiries: https://docs.algovoi.co.uk/acquisition