>
    Strata Copilot
    Targets
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. AI Red Teaming
    4. Identify AI System Risks with AI Red Teaming
    5. Get Started with Prisma AIRS AI Red Teaming
    6. Targets
    Download PDF
    Prisma AIRS

    Targets

    Table of Contents

    Targets

    Learn how to add a AI Red Teaming target in Prisma AIRS.
    Where Can I Use This?What Do I Need?
    • Prisma AIRS (AI Red Teaming)
    • Prisma AIRS AI Red Teaming License
    • Prisma AIRS AI Red Teaming Deployment Profile
    Before running any scan, you need to add a Target that you want to test.
    Prisma AIRS AI Red Teaming supports REST and streaming APIs as targets. If you are using a model hosted on Hugging Face or a model served by OpenAI there are pre-configured connection methods also available which will make it easier for you to configure your target. Each of these connection methods are described on this page.

    Add a New Target

    Use Strata Cloud Manager to add a Red Teaming target.
    The connection method for a target endpoint varies based on the chosen method. For example, for a Databricks connection method, you'll specify additional configuration options like authentication method and connection details. Each connection method is described separately below.
    Creating a new target comprises the following:
    • Step 1: Specify details for the target. You'll need to include a name for the target, and the type of target (an application, agent, or model). After including a name for the target, you'll need to establish the connection method by indicating the protocol or method for connecting to the target endpoint.
    • Step 2: Next, add and verify parameters for the target. You'll specify API details (for example, the API key and endpoint) and model details, like the model name and if the model is streaming.
    • Step 3: Verify and edit the JSON structure of the request.
    • Step 4: Optionally configure additional advanced options, like setting rate limits and guardrails/content filters.
    You can save your configuration changes without applying updates at any time using the Save for Later option. A temporary version of the target configuration appears in the list of available targets with the status appearing as Draft.
    1. Log in to Strata Cloud Manager.
    2. Navigate to AI SecurityAI Red TeamingTargets.
    3. Select + New Target.
      If target endpoints were previously configured, they'll show up as a list of available targets. You can edit these existing targets, or, remove them:
    4. In the Add a new target screen, first specify Target Details:
      1. In the Target Description section, include a Target Name (for example, OpenAI GPT 3.5 Turbo).
      2. Select the Target Type: Application, Agent, or Model.
      3. Specify the Connection Method for connecting to the target endpoint. Supported connection methods include OpenAI, Hugging Face, Databricks, AWS Bedrock, and Rest API or Streaming. Each of these connection methods are described below.
        Rest API or Streaming are considered custom connection methods. For these connection methods, you'll need to determine if the endpoint is public or private. See Rest API or Streaming Connection Method below.
        The connection method for a target endpoint varies based on the chosen method. See the following sections for details for each connection method.

    Connection Methods

    Following are the different connection methods with which you can add a target.
    • Open AI and Hugging Face Connection Method
    • Databricks Connection Method
    • AWS Bedrock Connection Method
    • Rest API or Streaming Connection Method

    Open AI and Hugging Face Connection Method

    Use Open AI and Hugging Face connection method for adding targets.
    Use this information in this section to configure target endpoints for Open AI and Hugging Face.
    1. After specifying Target Details, set theConnection Method to Open AI or Hugging Face.
    2. Click Next: Add/Verify Parameters.
    3. In the Add/Verify Parameters page, you'll need to set the authentication mechanism and additional connection details:
      1. In the API Details section, enter the API Key.
      2. Enter the API Endpoint. For example, https://api.openai.com/v1/chat/completions.
      3. Specify Model Details. Enter a Model Name (for example, gpt 3.5 turbo), configure Model Streaming by enabling or disabling it.
    4. Select Next: Verify & Edit JSON.
    5. In the Verify & Edit JSON page, specify the JSON structure of the request.
    6. Click Next: Advanced Configurations.
      In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
    7. Enable Rate Limits for applications on the target endpoint.
      1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
      2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
      3. Provide a Sample Exception JSON.
    8. Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
      1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
      2. Provide a Sample Exception JSON.
    9. Select Add Target.
      Once the target is created you can start a scan, or view previously created targets:

    Databricks Connection Method

    Use Databricks connection method for adding targets.
    Databricks connection methods use the Databricks Connect client library for IDEs, the JDBC/ODBC drivers for BI tools like Excel, and, HTTP connections for connecting to external services (for example, IBM's Watsonx). When you use the Databricks connection method you set the authentication method and additional details about the connection.
    1. After specifying Target Details, set the Connection Method to Databricks.
    2. Select Next: Add/Verify Parameters.
    3. In the Add/Verify Parameters page, you'll need to set the authentication mechanism and additional connection details. In the Databricks Authentication Mechanism section, select the Authentication Type (either an Access Token, or a Service Principal):
      1. Select Access Token to authenticate using a personal Databricks access token.
      2. Enter an Access Token.
      3. Alternately, you can use a Service Principal as the Authentication Type for the connection. In this scenario, you'll authenticate using service principals for programmatic access.
      4. For the Service Principal authentication type, specify the Client ID and enter the corresponding Secret.
    4. In the Databricks Connection Details section:
      1. Specify the API Endpoint (for example, www.google.co.in).
      2. Enter a Model Name (for example, gpt-3.5-turbo).
    5. Click Next: Verify & Edit JSON.
    6. In the Verify & Edit JSON page, specify the JSON structure of the request.
    7. Click Next: Advanced Configurations.
      In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
    8. Enable Rate Limits for applications on the target endpoint.
      1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
      2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
      3. Provide a Sample Exception JSON.
    9. Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
      1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
      2. Provide a Sample Exception JSON.
    10. Select Add Target.
      Once the target is created you can start a scan, or view previously created targets:

    AWS Bedrock Connection Method

    Use AWS Bedrock connection method for adding targets.
    An AWS Bedrock connection method leverages the fully managed service provided by Amazon Web Services to facilitate the ability to build and scale generative AI applications. When you use the AWS Bedrock connection method you configure AWS authentication and model details.
    1. After specifying Target Details, set the Connection Method to AWS Bedrock.
    2. Select Next: Add/Verify Parameters.
    3. In the Add/Verify Parameters page, you'll need to set the authentication mechanism and additional connection details. In the AWS Authentication Details section:
      1. Specify the Region.
      2. Enter the IAM Access ID.
      3. Enter the IAM Access Secret.
      4. Optionally enter the Session Token.
    4. In the Model Details section:
      1. Enter a Model Name. For example, gpt 3.5 turbo.
      2. Enable or disable Model Streaming.
    5. Select Next: Verify & Edit JSON.
    6. In the Verify & Edit JSON page, specify the JSON structure of the request.
    7. Click Next: Advanced Configurations.
      In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
    8. Enable Rate Limits for applications on the target endpoint.
      1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
      2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
      3. Provide a Sample Exception JSON.
    9. Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
      1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
      2. Provide a Sample Exception JSON.
    10. Select Add Target.
      Once the target is created you can start a scan, or view previously created targets:

    Rest API or Streaming Connection Method

    Use Rest API or Streaming connection method for adding targets.
    Use this information in this section to configure a custom method for connecting to the endpoint, either Rest API or Streaming.
    About Custom Connection Methods
    Prisma AIRS AI Red Teaming supports REST and streaming APIs as targets. If you are using a model hosted on Hugging Face or a model served by OpenAI there are pre-configured connection methods also available which will make it easier for you to configure your target.
    If you are adding a REST or Streaming API endpoint, you need to select if it is a public endpoint that can be accessed over the internet or a private endpoint. If you are using a private endpoint, you can select either:
    • IP whitelisting. A static IP address is shown that will be used by AI Red Teaming to access your target. Make a note of this IP address as it will have to be whitelisted by your infrastructure or IT team to be able to access the Target.
    1. After specifying Target Details, set the Connection Method to Rest API or Streaming.
    2. Configure Endpoint Accessibility. This field indicates if your endpoint is Public or Private (secured within a private network).
      1. Select IP Whitelisting and verify the allowable list of IP addresses to your firewall to establish a connection:
      2. Select Network Management to configure private channels for endpoint connectivity. If a network channel was previously configured, it appears as an option in a drop-down menu.
        If channels were previously created, they appear as options in a drop-down menu. Click Go to Network management to create a channel to establish or manage your network channels.
    3. Select Next: Choose Method. Use this page to select whether you want to import a cURL string, or enter the details manually.
      To configure the API request, you can use a cURL to import a sample request, or manually configure the request:
      • Using a cURL to import sample Request. The easiest method to import the request format is to use a cURL string that captures all the necessary headers for your request. Once you click next AI Red Teaming will extract all the necessary information from the cURL string.
      • Manually configure all headers. You can configure the API endpoint and all necessary headers by selecting the Manual Entry option.
      1. Configure the input request JSON based on the requirement of your application. Make sure the value where the user prompt is expected is replaced with {INPUT}. This is the value where AI Red Teaming will add its attack prompts and send to the target application.
        For example, if your cURL string is as follows:
        
curl \
-X POST \
-H "Authorization: <api_token>" \
-H "Content-Type: application/json" \
-d '{
    "messages": [
        {
            "role": "system",
            "content": "You are a helpful assistant."
        },
        {
            "role": "user",
            "content": "<prompt>"
        }
    ],
    "temperature": 0.7
}' \
https://<model_endpoint_url>
        Replace the <prompt> with {INPUT}.
        To accommodate testing with different system prompts and hyperparameters without modifying the original request, the following approach can be implemented:
        • Multiple Targets with Different System Prompts. When testing different system prompts on the same model, you can create multiple target configurations with identical settings except for the system prompt. This allows for direct comparison of the impact of different system prompts while keeping other variables constant.
        • Hyperparameter Testing. For testing other hyperparameters:
            1. Create separate target configurations for each set of hyperparameters you want to test.
            1. Keep all other settings identical across these targets, changing only the specific hyperparameter(s) you're evaluating.
      2. Configure the API Response.
        The easiest way to configure the Response is to first get a sample response from your target and paste the entire JSON here. Then replace the LLM output with {RESPONSE}. This is the value that will be used to determine if the response was a successful attack or a failed attack. For example, if the response structure is as follows:
        
{
  "id": "",
  "object": "chat.completion",
  "created": 1732070187,
  "model": "meta-llama-3.1",
  "choices": [
    {
      "index": 0,
      "message": {
        "role": "assistant",
        "content": "It seems like you haven't provided any input yet. Could you please provide more context or information about what you need help with?"
      },
      "finish_reason": "stop",
      "logprobs": null
    }
  ]
}
        Paste the payload as it and replace the value for the key content with {RESPONSE}, like as follows:
        
{
  "id": "",
  "object": "chat.completion",
  "created": 1732070187,
  "model": "meta-llama-3.1",
  "choices": [
    {
      "index": 0,
      "message": { "role": "assistant", "content": "{RESPONSE}" },
      "finish_reason": "stop",
      "logprobs": null
    }
  ]
}
    4. Select Next: Add/Verify Parameters.
      1. In the Add/Verify Parameters page, enter API Details. This URL represents the API endpoint. For example, https://api.openai.com/v1/chat/completions.
      2. Next, determine if you want to enable HTML Headers. Use this option to enter any custom HTTP headers required for authentication. Once enabled, a list of configured HTML Headers appears. You can delete an existing header, or, click Add New for a new HTML header.
    5. In the Verify & Edit JSON page, specify the JSON structure of the request.
    6. Click Next: Advanced Configurations.
      In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
    7. Enable Rate Limits for applications on the target endpoint.
      1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
      2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
      3. Provide a Sample Exception JSON.
    8. Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
      1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
      2. Provide a Sample Exception JSON.
    9. Select Add Target.
      Once the target is created you can start a scan, or view previously created targets:

    © 2025 Palo Alto Networks, Inc. All rights reserved.