Apex ThreatSecurity-framework consensusv1.21.5
In plain English
This page covers the high-risk pattern where small adapters, routes, memory, evaluators, and descendants can reinforce each other across time. It is a risk model, not a build guide.
- Why this matters: AI risk can come from the whole arrangement, not one obvious model.
- What to look for: data, memory, routes, adapters, tools, evaluators, updates, and rollback paths.
- Technical version below: the expert terminology remains available and is linked through the glossary.
Apex Threat Evidence Levels
Why evidence levels matter
Evidence levelSecurity-framework consensusTechnical label: Security-framework consensus
CognivirusA behavior pattern that can survive, move, or reappear across a changing AI system. Open glossary definition uses a strong metaphor. Strong metaphors need strong boundaries. Evidence labels prevent conceptual risk analysis from being confused with confirmed threat intelligence.
Evidence level definitions
| Evidence level | Meaning | Use it for |
|---|---|---|
| Demonstrated real incident | A behavior happened in a real platform, product, repository, or deployment environment. | Production cases, public incident reports, CVEs, or real deployment writeups. |
| Demonstrated research proof-of-concept | A behavior was shown in a controlled demonstration, academic paper, red-team writeup, or responsible disclosure research. | Poisoned-model demos, model-collapse research, memory or workflow abuse demonstrations. |
| Security-framework consensus | A standards or framework source recognizes the risk class or control. | OWASP, NIST, MITRE, CycloneDX, or comparable framework guidance. |
| Strong architectural inferenceA conclusion or output produced from data. Open glossary definition | Cognivirus-specific synthesis where the full combined Apex Threat has not been observed but follows from documented component behaviors. | Transition graphThe map of how an AI system is allowed to change over time. Open glossary definition, rollback asymmetry, and compound multi-carrier persistence arguments. |
| Speculative future concern | A possible future concern not yet well supported by incidents, demonstrations, or standards. | Clearly bounded future-facing concerns. |
Apply evidence levels to Apex Threat claims
Claim map
| Claim | Status | Evidence level | Primary sources | Required boundary |
|---|---|---|---|---|
| AI systems are ecosystems, not single model files. | supported | EvidenceSecurity-framework consensus | OWASP LLM03: Supply Chain · OWASP Gen AI Security Project 2025 NIST AI Risk Management Framework · NIST 2023 | This supports the ecosystem framing; it does not prove a named Cognivirus malware family exists. |
| LoRA/adapters can be supply-chain risk surfaces. | supported | EvidenceSecurity-framework consensus | OWASP LLM03: Supply Chain · OWASP Gen AI Security Project 2025 | This does not claim every adapter is unsafe. |
| Poisoned model behavior can evade broad benchmarks. | supported by demonstration | EvidenceDemonstrated research proof-of-concept | Mithril Security PoisonGPT demonstration · Mithril Security 2023 | This does not prove the full Apex Threat ecology exists in the wild. |
| Indirect prompt injection can cross trust boundaries in real systems. | reported real incident | EvidenceDemonstrated real incident | EchoLeak paper · arXiv / research case study 2025 | Prompt injection alone is not the full Apex Threat. |
| Synthetic data recursion can degrade model distributions. | supported by research demonstrations | EvidenceDemonstrated research proof-of-concept | Nature model-collapse paper · Nature 2024 Synthetic data model-collapse analysis · arXiv 2024 | This does not claim all synthetic data causes collapse. |
| A full self-replicating multi-LoRA ecology could preserve behavior across transition graph carriers. | Cognivirus architectural synthesis | EvidenceStrong architectural inference | OWASP LLM03: Supply Chain · OWASP Gen AI Security Project 2025 OWASP LLM06: Excessive Agency · OWASP Gen AI Security Project 2025 OWASP LLM08: Vector and Embedding Weaknesses · OWASP Gen AI Security Project 2025 Mithril Security PoisonGPT demonstration · Mithril Security 2023 HiddenLayer safetensors conversion research · HiddenLayer 2024 Nature model-collapse paper · Nature 2024 CycloneDX ML-BOM · CycloneDX 2024 | This page does not claim that this entire apex pattern has already appeared as a named malware family, CVE, or single confirmed incident. It maps a plausible compound failure mode from documented component risks. |
| A named “Cognivirus malware” currently exists. | Do not claim | EvidenceDo not claim | None | Do not claim this. Cognivirus is an analytical metaphor for behavioral persistence, not a confirmed malware family. |