>
    Strata Copilot
    Get Started with Prisma AIRS AI Red Teaming
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. AI Red Teaming
    4. Identify AI System Risks with AI Red Teaming
    5. Get Started with Prisma AIRS AI Red Teaming
    Download PDF
    Prisma AIRS

    Get Started with Prisma AIRS AI Red Teaming

    Table of Contents

    Get Started with Prisma AIRS AI Red Teaming

    Prisma AIRS AI Red Teaming provides automated security vulnerability scanning for AI systems and LLM-powered applications through comprehensive attack simulation and assessment.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS (AI Red Teaming)
    • Prisma AIRS AI Red Teaming License
    Prisma AIRS supports automated AI Red Teaming. It scans any AI system (AI models, applications, or agents) for safety, security, and compliance risks.

    Prisma AIRS AI Red Teaming Core Components

    There are a few concepts to consider when using AI Red Teaming; targets and scans.

    Target

    A Target is the system or endpoint you want to perform red teaming on using AI Red Teaming. It serves as the focal point for testing and evaluating the security and resilience of your application or model.
    Target is a specific endpoint or component of an AI system that undergoes vulnerability scanning and assessment. A target in AI Red Teaming can be:
    • Models—First party or third party models with a defined endpoint for simulation.
    • Applications—AI powered systems designed for specific tasks or objectives.
    • Agents—Specific application subtype where AI models are in charge of the control flow.
    AI Red Teaming is designed to work seamlessly with REST APIs and streaming APIs.
    This flexibility allows you to test a wide range of targets, ensuring comprehensive red teaming capabilities for your LLM and LLM-powered applications.

    Scan

    A Scan represents a complete assessment of an AI system. During a scan, AI Red Teaming evaluates the system's security and robustness by sending carefully crafted attack payloads (also known as attacks) to the Target.
    AI Red Teaming provides three distinct modes for scanning AI systems:
    Scan TypeDescription
    Red Teaming using Attack Library
    		This scan uses a curated and regularly updated list of predefined attack scenarios. These attacks are designed based on known vulnerabilities and best practices in red teaming.
    Red Teaming using Agent
    This scan utilizes dynamic attack generation powered by an LLM attacker. This mode allows for real-time generation of attack payloads, making it highly adaptive to the specific behavior and responses of the Target.
    Red Teaming using Custom prompt Sets
    This scan allows you to upload and run your own prompt sets against target LLM endpoints alongside AI Red Teaming's built-in attack library.
    By combining these modes, AI Red Teaming ensures a thorough and effective assessment of your AI system's defenses.

    Report

    Findings of any given AI Red Teaming scan are presented in the form of a Scan Report.
    The report provides:
    • Map Results to AI Security Frameworks—Customizable filtered views that map attack outcomes directly to industry-standard compliance frameworks such as Open Worldwide Application Security Project (OWASP), National Institute of Standards and Technology (NIST), and MITRE.
    • Detailed Risk Scores—Attack success rates alongside heuristic risk scores, providing quantifiable metrics to validate and measure your defensive capabilities.
    • Full Visibility into Attacks—Full visibility into each attack, including a complete breakdown of how the attack sequence unfolded.

    How Prisma AIRS AI Red Teaming Works?

    Prisma AI Red Teaming interacts with your applications and models, referred to as Targets, in much the same way as an end user would. This interaction enables Prisma AIRS AI Red Teaming to simulate realistic scenarios and identify vulnerabilities or weaknesses in your application's or model's behavior. By mimicking end-user actions, it ensures that its findings are relevant and applicable to real-world use cases.
    The attack library is updated every two weeks with state of the art attacks from academic research, internal threat research, and bug bounty community.
    Prisma AIRS AI Red Teaming executes prompts repeatedly to evaluate AI systems with inconsistent behaviors and captures the full range of variable responses in the assessment reports.

    Benefits

    Using Prsima AIRS AI Red Teaming helps you to achieve the following:
    • Comprehensive and up-to-date AI threat coverage.
    • Contextual risk analysis relevant to business use cases.
    • Continuous assessment to get insights over time across all assets.

    © 2026 Palo Alto Networks, Inc. All rights reserved.