I Mapped the AI Attack Surface Nobody Else Has: Introducing AAISAF

Yesterday a supply chain attack hit litellm — 97 million monthly downloads. One pip install. SSH keys, AWS credentials, API tokens, git secrets, crypto wallets — all silently exfiltrated in under an hour. This is TA05 in AAISAF — a framework we published today. The Problem: Every company that deployed an AI system in 2023–2026 created an attack surface their security team has never seen. Prompt injection. RAG pipeline poisoning. Agent-to-agent manipulation. MCP server exploitation. Voice AI bypass. Supply chain attacks on AI dependencies. Existing frameworks tell you what to worry about. Nobody told you how to actually test for it. OWASP LLM Top 10 — vulnerability categories, no testing methodology MITRE ATLAS — adversary mapping, no practitioner guidance NIST AI RMF — governance structure, no attack techniques We built the missing layer. What AAISAF Is: AAISAF (AI Security Assessment Framework) is an open-source, technique-level methodology for assessing AI system security. Structured