The BOLA (Broken Object Level Authorization) red teaming plugin is designed to test an AI system's vulnerability to attacks that attempt to access or modify resources belonging to other users or outside the authorized scope (OWASP API 1).| www.promptfoo.dev
This page documents categories of potential LLM vulnerabilities and failure modes.| www.promptfoo.dev
The BFLA (Broken Function Level Authorization) red teaming plugin is designed to test an AI system's ability to maintain proper authorization controls for specific functions or actions (OWASP API 5).| www.promptfoo.dev