Start a Scan

Table of Contents

Start a Scan

Learn how to start a scan in AI Red Teaming for Prisma AIRS.

Where Can I Use This?	What Do I Need?
Prisma AIRS (AI Red Teaming)	Prisma AIRS AI Red Teaming License Prisma AIRS AI Red Teaming Deployment Profile

One complete assessment of an AI system using AI Red Teaming is considered as a scan. A scan is carried out by sending attack payloads to an AI system in the form of attack prompts.

AI Red Teaming offers three modes of scanning an AI system: Attack Library, Agent, and Custom Attack. Attack library uses a regularly updated list of attack prompts against a target to check for its resilience against that attack technique. Agent uses a power LLM Agent that crafts attack prompts customized to the target and enhances the attacks based on the responses, and a Custom Attack scan allows you to upload and run your own prompt sets against target LLM endpoints alongside AI Red Teaming's built-in attack library.

This page is organized into the following sections:

Red Teaming using Attack Library Scan
Red Teaming using Agent Scan
Red Teaming using Custom Prompt Sets

Red Teaming using Attack Library Scan

To run an Attack Library Scan:

Log in to Strata Cloud Manager.
Navigate to AI SecurityAI Red TeamingScans.

In the AI Red Teaming dashboard, select + New Scan.

You can also start a new scan from the Scans page.

If a scan was previously configured, it appears in the list of past scans. The list of past scans includes the fields described in the following table:

Field	Scan Name	Scan Type	Target	Status	Risk Score	Actions
Description	The name of the scan.	The type of scan.	The target of the scan.	The scan status.	The risk score.	Any actions taken as a result of the scan. Select View Report for more information.

In the Start a new Scan screen, configure Scan Details:

The Scan Details page illustrates the number of scans available for each Scan Type.
1. Enter the Scan Name
2. Use the drop-down to Select Target. If a target fails to appear in the list of available targets, it means that no target has been configured. Before you initiate a scan, you'll need to add a target; you can reuse the target for future scans. To create a new target, click Go to Targets:
3. Select the Scan Type:
  Red Teaming using Attack Library—This represents a curated library of pre-defined attacks for comprehensive threat simulation.
  Red Teaming using Agent—This represents an autonomous multi-agent system for dynamic threat simulation and evaluation.
  Red Teaming using Custom Prompt Sets—This type of attack is a simulation of users-defined custom attack prompt sets.
Select Next: Attack Library Specification.
In the Attack Library Specifications page, configure Scan Categories:
1. Select Security categories for adversarial testing of security vulnerabilities and potential exploits.
  
  In some cases, some categories require prerequisites on the target to run successfully. In such cases, a dialog appears indicating that the categories requires additional configuration. For example, Indirect Prompt Injection, the target must be able to upload files.
2. Select Safety categories for testing harmful or toxic content and ethical misuse scenarios.
3. Select a Compliance framework across security and safety standards.
Select Next: Advanced Configurations.
In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
Enable Rate Limits for applications on the target endpoint.
1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
3. Provide a Sample Exception JSON.
Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
2. Provide a Sample Exception JSON.
Click Start Scan.
It will take a few minutes to complete a scan.
View the scan results.
1. Navigate to AI SecurityAI Red TeamingScans to view the scan results in the Scans page.
2. View the status of your scan and risk score.
3. Select View Report for the detailed report.

Red Teaming using Agent Scan

Use the information in this section to run an agent scan:

Log in to Strata Cloud Manager.
Navigate to AI SecurityAI Red TeamingScans.

In the Red Teaming dashboard, select + New Scan.

You can also start a new scan from the Scans page.

If a scan was previously configured, it appears in the list of past scans. The list of past scans includes the fields described in the following table:

Field	Scan Name	Scan Type	Target	Status	Risk Score	Actions
Description	The name of the scan.	The type of scan.	The target of the scan.	The scan status.	The risk score.	Any actions taken as a result of the scan. Select View Report for more information.

In the Start a new Scan screen, configure Scan Details:

The Scan Details page illustrates the number of scans available for each Scan Type.
1. Enter the Scan Name.
2. Use the drop-down to Select Target. If a target fails to appear in the list of available targets, it means that no target has been configured. Before you initiate a scan, you'll need to add a target; you can reuse the target for future scans. To create a new target, click Go to Targets:
3. Select Red Teaming using Agent for the Scan Type.
The Agent Specification page allows you to select the type of scan mode, either completely automated, or, human augmented; each of these steps are described separately below:
1. Select Human Augmented for goals and attacks that are crafted by the agent leveraging user inputs. You can optionally specify Additional Target Details using the drop-down menu to select the Base Model used by your AI system. Enter a Use Case (for example, custom support bot). Include a System Prompt; this prompt is displayed by your AI system.
2. Select Completely Augmented for goals and attacks that are crafted independently by the agent.
Next: Advanced Configurations.
In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
Enable Rate Limits for applications on the target endpoint.
1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
3. Provide a Sample Exception JSON.
Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
2. Provide a Sample Exception JSON.
Start Scan.
It will take a few minutes to complete the scan.
View the scan results.
1. Navigate to AI SecurityAI Red TeamingScans to view the scan results in the Scans page.
2. View the status of your scan and risk score.
3. Select View Report for the detailed report.

Red Teaming using Custom Prompt Sets Scan

To run a Custom Attack scan:

Log in to Strata Cloud Manager.
Navigate to AI SecurityAI Red TeamingCustom Attacks.

The Custom Attack Prompts Sets screen is empty if prompt sets are not configured.
Add Prompt Set to get started. After you add one you can reuse it across scans.
1. In the Add Prompt Set screen:
  Specify a Prompt set name, for example, Precision Strike Set.
  (Optional) Include a Description.
  (Optional) Include a Custom Property.
2. Add Prompt Set
  The new Prompt Set screen (for Precision Strike Set) appears.
  
  You can use the option to Upload .csv file. Once uploaded, the Prompt Set screen refreshes to display additional prompts.
  
  If you attempt to upload a CSV file containing properties that don't match the properties defined for the prompt set, you're prompted to either Ignore CSV Properties, or, Override CSV Properties:
  
  Some prompts require manual validation. In such cases, an error message appears:
3. Select Add Prompt to complete the process.
All prompts undergo automatic validation. This can take up to 5-10 minutes. The process of validating a prompt involves interpreting and generating an attack goal for the prompt. This is done by our proprietary LLMs.
If automatic validation fails, you'll be prompted to manually validate the prompt by adding a goal for the prompt. Else you can also choose to skip the prompt.
Manage prompt sets and take actions based on the validation status.
Run Red Teaming using Custom Prompt Sets.
1. Navigate to AI SecurityAI Red TeamingScans and start a + New Scan.
2. Enable Red Teaming using Custom Prompt Sets scan type.
3. Select your desired custom prompt sets in the Custom Attack Specifications. Only enabled prompt sets are displayed in the Custom Attack Specifications drop-down list.
4. Configure Advanced Configurations: Rate Limits and Guardrails/Content Filters.
  Enable Rate Limits for applications on the target endpoint.
  Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
  Specify the Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
  Provide a Sample Exception JSON.
  
  Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
  Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
  Provide a Sample Exception JSON.
5. Start Scan.
  It will take few minutes to complete the scan.
6. View the scan results.
  Navigate to AI SecurityAI Red TeamingScans to view the scan results in the Scans page.
  View the status of your scan and risk score.
  Select View Report for the detailed report.