Red Specter CHIMERA
Multi-Model Pipeline Attack Framework — 7 subsystems. 36 techniques. 206 tests.
Overview
CHIMERA targets multi-model AI architectures where models are chained together in production pipelines. Router models select which specialist to invoke. Validator models check outputs. Generator models produce content. Each trusts the output of the last. CHIMERA maps the topology, identifies trust boundaries, and exploits every link in the chain.
One model trusts another. CHIMERA exploits them all.
Installation
$ chimera init
$ chimera status
MAP — Topology Mapping
| ID | Technique | Description |
|---|---|---|
| MP-001 | Pipeline Discovery | Discover multi-model pipeline architecture through probing |
| MP-002 | Model Fingerprinting | Identify individual models in the pipeline chain |
| MP-003 | API Enumeration | Enumerate API endpoints and inter-model communication |
| MP-004 | Data Flow Tracing | Trace data flow between models to identify injection points |
| MP-005 | Trust Boundary ID | Identify where trust assumptions exist between models |
CHAIN — Trust Exploitation
| ID | Technique | Description |
|---|---|---|
| CH-001 | Output Injection | Inject malicious content into model output that poisons downstream models |
| CH-002 | Intermediate Manipulation | Modify intermediate results between pipeline stages |
| CH-003 | Validator Bypass | Bypass validation models via upstream content poisoning |
| CH-004 | Trust Chain Escalation | Escalate privileges by exploiting model-to-model trust |
| CH-005 | Context Propagation | Propagate poisoned context through entire pipeline |
CASCADE — Failure Injection
Inject cascading failures across model pipelines. Error propagation attacks, timeout exploitation, fallback manipulation, and graceful degradation attacks that force pipelines into insecure fallback states.
ENSEMBLE — Ensemble Attacks
Attack ensemble model architectures. Voting manipulation, confidence score poisoning, disagreement exploitation, and majority rule subversion that compromise multi-model consensus mechanisms.
BRIDGE — Model Poisoning
Poison models through their connections. Cross-model prompt injection, shared context exploitation, and model-to-model trust manipulation that turn one compromised model into a weapon against the rest.
ROUTER — Routing Attacks
Attack AI routing layers. Model selection manipulation, load balancer exploitation, A/B test poisoning, and traffic steering attacks that control which model processes which request.
ANTIDOTE — Mandatory Restore
Baseline capture before any engagement. Pipeline topology snapshot. Trust chain verification. All poisoned connections catalogued. Signed restoration certificate confirms clean state post-engagement.
CHIMERA UNLEASHED
Standard mode detects. UNLEASHED exploits. Ed25519 crypto. Dual-gate safety. One operator.
$ chimera map --target http://localhost:8000
# UNLEASHED (dry run)
$ chimera chain --pipeline target-pipeline --override
# UNLEASHED (live)
$ chimera cascade --target http://localhost:8000 --override --confirm-destroy
UNLEASHED mode is restricted to authorised operators with Ed25519 private key access. Targets must be in allowed_targets.txt. 30-minute auto-lock. Unauthorised use violates applicable law.
CLI Reference
| Command | Description |
|---|---|
| chimera init | Initialise configuration and Ed25519 keys |
| chimera status | System status and subsystem count |
| chimera techniques | List all 36 pipeline attack techniques |
| chimera map | MAP — discover pipeline topology |
| chimera chain | CHAIN — exploit trust relationships |
| chimera cascade | CASCADE — inject cascading failures |
| chimera ensemble | ENSEMBLE — attack ensemble architectures |
| chimera bridge | BRIDGE — cross-model poisoning |
| chimera route | ROUTER — attack routing layers |
| chimera engagements | List all engagement sessions |
MITRE ATLAS Mapping
CHIMERA techniques map to MITRE ATLAS tactics including AML.T0040 (ML Supply Chain Compromise), AML.T0043 (Data Poisoning), and emerging multi-model attack vectors. OWASP Top 10 for LLM Applications coverage includes LLM05 (Supply Chain Vulnerabilities) and LLM09 (Overreliance).
Disclaimer
Red Specter CHIMERA is for authorised security testing only. Multi-model pipeline attacks can cause cascading failures across AI systems. You must have explicit written permission before testing any system. Unauthorised use may violate the Computer Misuse Act 1990 (UK), CFAA (US), or equivalent legislation.