Red Specter SERPENT
Chain-of-Thought Attack Testing Framework — 6 subsystems. 61 tests.
Overview
SERPENT targets chain-of-thought reasoning — the internal deliberation process that modern AI models use to solve complex problems. As reasoning models become more prevalent, their thought chains become a new category of attack surface. SERPENT finds the flaws.
Reasoning is the new attack surface. SERPENT finds the flaws.
Installation
$ serpent init
$ serpent status
INFLATOR — CoT Inflation
| ID | Technique | Description |
|---|---|---|
| IN-001 | Token Amplification | Force excessive token consumption through reasoning amplification |
| IN-002 | Recursive Reasoning | Trigger recursive reasoning patterns that expand exponentially |
| IN-003 | Cost Manipulation | Exploit reasoning token costs for financial denial-of-service |
STEGO — Steganographic Detection
Detect hidden information encoded within chain-of-thought reasoning outputs. Identify covert channels in reasoning traces. Steganographic payload extraction from thought chains. Hidden instruction detection in reasoning artifacts.
HIJACKER — Reasoning Chain Manipulation
Manipulate intermediate reasoning steps to alter final model outputs. Inject false premises into active reasoning chains. Redirect logical conclusions through carefully crafted inputs that exploit reasoning dependencies.
EXFILTRATOR — Data Leak via Reasoning
Extract sensitive data through reasoning chain outputs. System prompt leakage via reasoning traces. Training data extraction through deliberate reasoning exploitation. Confidential information disclosure through thought chain manipulation.
LOOPER — Reasoning Loop Injection
Inject infinite or near-infinite reasoning loops into AI models. Denial-of-service via circular logic patterns. Resource exhaustion through recursive reasoning. Self-referential chain exploitation that consumes compute budgets.
AUDITOR — Full CoT Audit
Complete chain-of-thought security audit. Reasoning integrity verification across all subsystems. Thought chain consistency checking. Full CoT vulnerability assessment with detailed reporting and remediation guidance.
SERPENT UNLEASHED
Standard mode detects. UNLEASHED exploits. Ed25519 crypto. Dual-gate safety. One operator.
$ serpent scan --target model-endpoint
# UNLEASHED (dry run)
$ serpent exploit --target model-endpoint --override
# UNLEASHED (live)
$ serpent campaign --target model-endpoint --override --confirm-destroy
UNLEASHED mode is restricted to authorised operators with Ed25519 private key access. Targets must be in allowed_targets.txt. 30-minute auto-lock. Unauthorised use violates applicable law.
CLI Reference
| Command | Description |
|---|---|
| serpent init | Initialise configuration and Ed25519 keys |
| serpent status | System status and subsystem count |
| serpent scan | Scan for CoT vulnerabilities |
| serpent inflate | INFLATOR — CoT inflation tests |
| serpent stego | STEGO — steganographic detection tests |
| serpent hijack | HIJACKER — reasoning chain manipulation tests |
| serpent exfil | EXFILTRATOR — data leak via reasoning tests |
| serpent loop | LOOPER — reasoning loop injection tests |
| serpent audit | AUDITOR — full CoT audit |
| serpent campaign | Full CoT exploitation campaign |
MITRE ATLAS Mapping
SERPENT techniques map to MITRE ATLAS tactics including AML.T0043 (Craft Adversarial Data), AML.T0048 (Denial of ML Service), and emerging chain-of-thought specific threat vectors for reasoning model exploitation.
Disclaimer
Red Specter SERPENT is for authorised security testing only. Chain-of-thought exploitation can disrupt AI reasoning services and expose sensitive data. You must have explicit written permission before testing any system. Unauthorised use may violate the Computer Misuse Act 1990 (UK), CFAA (US), or equivalent legislation.