~ / directory / wiz-sitf
WS
Mixed · AI Red Teaming · reviewed 2026-04

Wiz SITF

Open-source SDLC Infrastructure Threat Framework — supply chain attack analysis with 70+ techniques.

Visit github.com/wiz-sec-public/SITF
01

What it does

The SDLC Infrastructure Threat Framework from Wiz — an open-source framework for analysing supply chain attacks across five SDLC pillars: Endpoint/IDE, VCS, CI/CD, Registry, and Production. Includes an interactive attack flow visualiser, 70+ techniques, auto-generated controls matrix, and Claude AI skills for automated analysis.

02

Security relevance

Supply chain security is increasingly relevant to AI — model poisoning, package manipulation, and CI/CD compromise directly affect AI pipelines. SITF maps real-world attacks (CircleCI breach, tj-actions, Shai-Hulud-2) to techniques and controls, providing evidence-based defence prioritisation.

03

When to use it

Use when building threat models for AI development pipelines or analysing supply chain incidents. The interactive visualiser runs in-browser with no server needed. Requires understanding of SDLC security concepts and supply chain attack patterns. Complements MITRE ATLAS with SDLC-specific focus.

04

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 2 in LLM, 1 in Agentic.

LLM Top 10 · 2025 · 2/10 covered
01
02
03
04
05
06
07
08
09
10
LLM03 · Supply Chain LLM05 · Improper Output Handling
Agentic Top 10 · 2026 · 1/10 covered
01
02
03
04
05
06
07
08
09
10
ASI04 · Agentic Supply Chain Vulnerabilities
05

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: Wiz SITF
slug: wiz-sitf
type: Mixed
category: AI Red Teaming
url: https://github.com/wiz-sec-public/SITF

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM03, LLM05]
  asi:  [ASI04]

complexity:    Expert Required
pricing:       —
audience:      Red Team
lifecycle:     [scope]

tags: [Open Source, Supply Chain, Threat Model, Wiz]