Python Threat Intelligence API¶

Access the OxideShield threat intelligence catalog with 500+ curated attack patterns from 8 research sources.

Professional License Required

All threat intelligence functions require a Professional or Enterprise license.

Quick Start¶

from oxideshield import threat_catalog, ThreatSource

# Load full catalog
catalog = threat_catalog()
print(f"Total threats: {catalog.count}")

# Load from specific source
swarm_threats = threat_catalog_from_source(ThreatSource.agent_swarm_bench())
jailbreak_threats = threat_catalog_from_source(ThreatSource.jailbreak_bench())

Filtering and Search¶

catalog = threat_catalog()

# Filter by source
owasp = catalog.filter_by_source("owasp_llm")

# Filter by threat type
injections = catalog.filter_by_type("PromptInjection")
jailbreaks = catalog.filter_by_type("Jailbreak")

# Filter by category
swarm_attacks = catalog.filter_by_category("swarm_coordination")

# Filter by severity
critical = catalog.filter_by_severity("Critical")

# Full-text search
results = catalog.search("memory injection")

# List all categories
categories = catalog.categories()
for cat in categories:
    print(cat)

Statistics¶

catalog = threat_catalog()
stats = catalog.statistics()

print(f"Total: {stats.total}")
print(f"Sources: {stats.source_counts}")
print(f"Severities: {stats.severity_counts}")
print(f"Types: {stats.type_counts}")
print(f"Categories: {stats.category_counts}")

Threat Sources¶

Source	Method	Description
JailbreakBench	`ThreatSource.jailbreak_bench()`	Jailbreak attack patterns
HarmBench	`ThreatSource.harm_bench()`	Harmful content patterns
Garak	`ThreatSource.garak()`	LLM vulnerability probes
AdvBench	`ThreatSource.adv_bench()`	Adversarial attack patterns
StrongReject	`ThreatSource.strong_reject()`	Strong rejection test cases
Lakera PINT	`ThreatSource.lakera_pint()`	Prompt injection patterns
OWASP LLM	`ThreatSource.owasp_llm()`	OWASP LLM Top 10 patterns
AgentSwarmBench	`ThreatSource.agent_swarm_bench()`	Multi-agent swarm attacks

Threat Types¶

Type	Description
`PromptInjection`	Direct and indirect prompt injection
`Jailbreak`	Safety guardrail bypass
`SystemPromptLeak`	System prompt extraction
`HarmfulContent`	Harmful content generation
`Violence`	Violence-related content
`Illegal`	Illegal activity content
`Privacy`	Privacy violation content
`Fraud`	Fraud-related content
`Harassment`	Harassment content
`Misinformation`	Misinformation generation
`SwarmCoordination`	Multi-agent coordination attacks
`MemoryInjection`	Agent memory poisoning
`TrustExploitation`	Trust chain abuse
`ConstraintDrift`	Gradual boundary erosion
`Encoding`	Encoding-based evasion
`MultiTurn`	Multi-turn conversation attacks
`RolePlay`	Role-play based jailbreaks

ThreatRecord Properties¶

Property	Type	Description
`id`	str	Unique identifier
`threat_id`	str	Human-readable threat ID
`source`	str	Data source name
`threat_type`	str	Primary threat type
`category`	str	Primary category
`severity`	str	Severity level
`prompt`	str	Attack prompt/payload
`description`	str	Human-readable description
`keywords`	list[str]	Keywords for pattern matching
`subcategories`	list[str]	Subcategories

Function Reference¶

Function	Description
`threat_catalog()`	Load full threat catalog from all sources
`threat_catalog_from_source(source)`	Load catalog from specific source