ARCHITECT Documentation

Red Specter ARCHITECT

AI Infrastructure Exploitation Framework — 7 subsystems. 68 tests.

v1.0.0
Contents
OverviewInstallationCLOUD — Cloud AI Service SecurityKUBE — Kubernetes AI Workload TestingGPU — GPU Node SecurityPIPELINE — CI/CD Pipeline TestingMODELSERVE — Model Serving EndpointsDATALEAK — Training Data SecurityMETADATA — Cloud Metadata ExploitationUNLEASHED ModeCLI ReferenceMITRE ATLAS MappingDisclaimer

Overview

ARCHITECT targets the infrastructure that AI systems depend on — the cloud services, Kubernetes clusters, GPU nodes, CI/CD pipelines, and model serving endpoints that form the backbone of modern AI deployments. Your model may be secure, but the infrastructure it runs on isn't.

Your model is secure. Your infrastructure isn't.

Installation

$ pip install red-specter-architect
$ architect init
$ architect status

CLOUD — Cloud AI Service Security

IDTechniqueDescription
CL-001Service MisconfigurationIdentify misconfigurations in SageMaker, Vertex AI, Azure ML, Bedrock
CL-002IAM Policy AnalysisAnalyse IAM policies for overly permissive AI resource access
CL-003Cross-Account AccessTest cross-account access paths to AI resources
CL-004Service Endpoint ExposureIdentify publicly exposed AI service endpoints

KUBE — Kubernetes AI Workload Testing

Kubernetes AI workload exploitation. Pod security policy testing for ML workloads. Service mesh vulnerability assessment. Container escape testing from model serving containers. Namespace isolation verification for multi-tenant AI platforms.

GPU — GPU Node Security

GPU node security assessment. NVIDIA driver vulnerability testing. GPU memory isolation verification between tenants. Multi-tenant GPU sharing security. CUDA attack surface mapping and exploitation testing.

PIPELINE — CI/CD Pipeline Testing

ML pipeline security testing. Training pipeline integrity verification. Model artifact tampering detection. Build system compromise testing. Supply chain attack simulation on ML training and deployment workflows.

MODELSERVE — Model Serving Endpoints

Model serving endpoint exploitation. TensorFlow Serving, TorchServe, and Triton Inference Server vulnerability testing. API gateway bypass. Rate limit evasion. Inference endpoint abuse and denial-of-service testing.

DATALEAK — Training Data Security

Training data security assessment. Data lake exposure testing. Feature store vulnerability identification. Data pipeline interception testing. Labelling platform compromise. Sensitive data exposure in training datasets.

METADATA — Cloud Metadata Exploitation

Cloud metadata endpoint exploitation from AI workloads. IMDS (Instance Metadata Service) attacks targeting ML infrastructure. Service account credential theft via metadata endpoints. Instance profile abuse for privilege escalation.

ARCHITECT UNLEASHED

Standard mode detects. UNLEASHED exploits. Ed25519 crypto. Dual-gate safety. One operator.

# Scan AI infrastructure (detection only)
$ architect scan --provider aws --region eu-west-1

# UNLEASHED (dry run)
$ architect exploit --target k8s-cluster --override

# UNLEASHED (live)
$ architect campaign --provider aws --override --confirm-destroy

UNLEASHED mode is restricted to authorised operators with Ed25519 private key access. Targets must be in allowed_targets.txt. 30-minute auto-lock. Unauthorised use violates applicable law.

CLI Reference

CommandDescription
architect initInitialise configuration and Ed25519 keys
architect statusSystem status and subsystem count
architect scanScan AI infrastructure for vulnerabilities
architect cloudCLOUD — cloud AI service security tests
architect kubeKUBE — Kubernetes AI workload tests
architect gpuGPU — GPU node security tests
architect pipelinePIPELINE — CI/CD pipeline tests
architect serveMODELSERVE — model serving endpoint tests
architect dataleakDATALEAK — training data security tests
architect metadataMETADATA — cloud metadata exploitation tests
architect campaignFull infrastructure exploitation campaign

MITRE ATLAS Mapping

ARCHITECT techniques map to MITRE ATLAS tactics including AML.T0035 (ML Model Access), AML.T0010 (ML Supply Chain Compromise), and MITRE ATT&CK cloud matrix techniques for infrastructure exploitation, privilege escalation, and persistence.

Disclaimer

Red Specter ARCHITECT is for authorised security testing only. AI infrastructure exploitation can disrupt production AI services, compromise training pipelines, and expose sensitive data. You must have explicit written permission before testing any system. Unauthorised use may violate the Computer Misuse Act 1990 (UK), CFAA (US), or equivalent legislation.