Seeded Data Overview¶
Every piece of sensitive data in the lab is intentionally planted, tracked, and scored. This section documents what was seeded, where it lives, and how aipostex is expected to find it.
All planted data uses obviously fake values (FAKE prefixes, ACME Corp, invalid SSN checksums) but follows realistic formats — AWS keys start with AKIA, connection strings use valid postgresql:// syntax, JWTs have proper header structure. aipostex's detection patterns match them the same way they'd match real credentials.
Summary¶
| Source | Host | Items | Categories |
|---|---|---|---|
| Filesystem artifacts | ailab-dev | 35+ | API keys, MCP configs, AWS/GCP creds, training data, shell history |
| Ollama system prompts | ailab-dev | 2 models | DB creds, JWT tokens, service accounts, webhooks |
| ChromaDB | ailab-ml | 4 collections, 25+ docs | SSNs, credit cards, DB creds, financials, prompt injections |
| MLflow | ailab-ml | 3 experiments, 2 registered models | Connection strings, HF tokens, PagerDuty keys, model versions |
| Ray | ailab-ml | 3 jobs | AWS keys, Snowflake, Kafka, Vault, Stripe, runtime-env markers, artifact paths |
| LiteLLM config | ailab-ml | 1 file | Aggregated API keys (4 providers) |
| W&B mock | ailab-ml | Project/run fixtures | API keys, DB URLs, telemetry metadata |
| Serving mocks | ailab-ml | Kubeflow, TF Serving, framework mocks | Pipeline and model-serving metadata |
| Weaviate | ailab-ds | 3 classes, 12+ objects | SSNs, salaries, API keys, board strategy |
| Qdrant | ailab-ds | 3 collections, 10+ points | Pentest findings, IR playbooks, license admin |
| pgvector | ailab-ds | Public tables | PII, credentials, salaries, internal docs |
| A2A fixtures | ailab-app | Agent cards and task history | Agent metadata and task-history credentials |
| Jupyter notebooks | both dev/ds | 2 notebooks | API keys, DB creds, connection strings |
By Host¶
ailab-dev (172.16.50.10)¶
The developer workstation produces the most findings. Filesystem artifacts alone account for 35+ items — .env files, MCP configs, cached tokens, shell history, training data, and Modelfiles. The two custom Ollama models add another ~15 credentials embedded in system prompts.
ailab-ml (172.16.50.20)¶
The ML platform's value is concentrated in network services rather than filesystem sprawl. ChromaDB holds 25+ documents across 4 collections. MLflow stores connection strings and tokens in experiment parameters and artifact metadata, plus registered models (acme-churn-ensemble, acme-fraud-bert) with versions linked to real runs:/ sources. Ray jobs expose secrets via runtime environment variables and write deterministic artifacts to /tmp/ray-lab-artifacts/ for job-artifacts and runtime-env validation. The LiteLLM config aggregates API keys for 4 providers into a single YAML file. W&B, Kubeflow, TF Serving, and serving-framework mocks add model-platform metadata coverage.
ailab-ds (172.16.50.30)¶
The data science server uses different tools (Weaviate, Qdrant, and pgvector) to demonstrate tool fragmentation across teams. Weaviate holds SSNs, salaries, and API keys. Qdrant's security-findings collection contains a pentest report describing the lab itself — a deliberately meta finding. pgvector adds SQL-backed embedding tables with PII, credentials, and operational notes.
ailab-app (172.16.50.40)¶
The shared app host adds A2A agent cards, seeded task history, and validation surfaces for active workflows. These fixtures are intentionally small, but they let the scoring and contract layers validate agent metadata, task-history leakage, and post-exploitation callback behavior.
Noise Collections¶
Every vector database includes at least one collection of benign, non-sensitive content alongside the sensitive collections. These test aipostex's ability to differentiate signal from noise. See Noise Collections for details.
Manifest¶
All 170 planted findings are tracked in scoring/manifest.json. The scoring system validates aipostex output against this manifest in both standard and strict modes, with false-positive detection against noise collections.