Prisma AIRS
Get Started with Prisma AIRS AI Red Teaming
Table of Contents
Get Started with Prisma AIRS AI Red Teaming
Prisma AIRS AI Red Teaming provides automated security vulnerability scanning for AI
systems and LLM-powered applications through comprehensive attack simulation and
assessment.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Prisma AIRS supports automated AI Red Teaming. It scans any AI system (AI models,
applications, or agents) for safety, security, and compliance risks.
Prisma AIRS AI Red Teaming Core Components
There are a few concepts to consider when using AI Red Teaming; targets and
scans.
Target
A Target is the system or endpoint you want to perform red teaming on
using AI Red Teaming. It serves as the focal point for testing and evaluating
the security and resilience of your application or model.
Target is a specific endpoint or component of an AI system that undergoes
vulnerability scanning and assessment. A target in AI Red Teaming can be:
- Models—First party or third party models with a defined endpoint for simulation.
- Applications—AI powered systems designed for specific tasks or objectives.
- Agents—Specific application subtype where AI models are in charge of the control flow.
AI Red Teaming is designed to work seamlessly
with REST APIs and streaming APIs.
This flexibility allows you to test a wide range of targets, ensuring
comprehensive red teaming capabilities for your LLM and LLM-powered
applications.
Scan
A Scan represents a complete assessment of an AI system. During a scan, AI
Red Teaming evaluates the system's security and robustness by sending carefully
crafted attack payloads (also known as attacks) to the Target.
AI Red Teaming provides three distinct modes for scanning AI systems:
| Scan Type | Description |
|---|---|
|
Red Teaming using Attack Library
| This scan uses a curated and regularly updated list of predefined attack scenarios. These attacks are designed based on known vulnerabilities and best practices in red teaming. |
|
Red Teaming using Agent
|
This scan utilizes dynamic attack generation powered by
an LLM attacker. This mode allows for real-time
generation of attack payloads, making it highly adaptive
to the specific behavior and responses of the
Target.
|
|
Red Teaming using Custom prompt Sets
|
This scan allows you to upload and run your own prompt
sets against target LLM endpoints alongside AI Red
Teaming's built-in attack library.
|
By combining these modes, AI Red Teaming
ensures a thorough and effective assessment of your AI system's defenses.
Report
Findings of any given AI Red Teaming scan are presented in the form of a Scan
Report.
The report provides:
- Map Results to AI Security Frameworks—Customizable filtered views that map attack outcomes directly to industry-standard compliance frameworks such as Open Worldwide Application Security Project (OWASP), National Institute of Standards and Technology (NIST), and MITRE.
- Detailed Risk Scores—Attack success rates alongside heuristic risk scores, providing quantifiable metrics to validate and measure your defensive capabilities.
- Full Visibility into Attacks—Full visibility into each attack, including a complete breakdown of how the attack sequence unfolded.
How Prisma AIRS AI Red Teaming Works?
Prisma AI Red Teaming interacts with your applications and models, referred to as
Targets, in much the same way as an end user would. This interaction
enables Prisma AIRS AI Red Teaming to simulate realistic scenarios and identify
vulnerabilities or weaknesses in your application's or model's behavior. By
mimicking end-user actions, it ensures that its findings are relevant and applicable
to real-world use cases.
The attack library is updated every two weeks with state of the art attacks from
academic research, internal threat research, and bug bounty community.
Prisma AIRS AI Red Teaming executes prompts repeatedly to evaluate AI systems with
inconsistent behaviors and captures the full range of variable responses in the
assessment reports.
Benefits
Using Prsima AIRS AI Red Teaming helps you to achieve the following:
- Comprehensive and up-to-date AI threat coverage.
- Contextual risk analysis relevant to business use cases.
- Continuous assessment to get insights over time across all assets.
