# Scanning Agents Highflame provides two primary testing surfaces: adversarial testing for agent behavior and supply chain validation for model artifacts. * **Red Team** to find weaknesses in prompts, tools, orchestration, and agent workflows. * **Palisade** to verify that the models powering those systems are safe to promote and deploy. #### 1. Red Teaming for Agent and Workflow Security *Best when you want to test how an agent behaves under adversarial conditions.* Highflame Red Team evaluates the full system, not just the base model. It helps teams simulate realistic attacks against prompts, tools, orchestration logic, external integrations, and agent decision paths. Choose this path when you want to: * Assess an existing agent or workflow before broad rollout. * Find prompt injection, data leakage, unsafe tool use, and policy bypass issues. * Generate findings that can drive remediation and stronger runtime guardrails. Typical workflow: 1. Define the application, workflow, or agent you want to test. 2. Select a scan profile or testing category that matches your risk concerns. 3. Run the assessment against a staging or controlled target. 4. Review findings, severity, and attack traces in Highflame. 5. Turn those results into remediation work or a stronger runtime policy. *** #### 2. Palisade for Model Supply Chain Security *Best when you want to verify model artifacts before they enter development or production environments.* Palisade focuses on the trustworthiness of the model artifact itself. It helps teams detect unsafe serialization, provenance issues, malicious payloads, and model supply chain risks before those artifacts are allowed into downstream systems. Choose this path when you want to: * Scan model artifacts during CI/CD or release workflows. * Catch unsafe or compromised model files before deployment. * Add artifact validation alongside runtime controls and red-team testing. Typical workflow: 1. Identify the model artifacts and sources you want to evaluate. 2. Run Palisade in a local validation step or CI pipeline. 3. Review findings, provenance data, and output such as JSON or SARIF. 4. Decide which findings should be blocked, quarantined, or escalated for release. 5. Add the scan to your regular model promotion workflow. *** #### How These Two Paths Work Together These are complementary testing surfaces: * **Red Team** tells you how your agent system behaves under attack. * **Palisade** tells you whether the underlying model artifact should be trusted in the first place. Teams often use Red Team to improve runtime policy and use Palisade to harden the supply chain feeding those systems. #### Next Steps * Read [**Agent Red Teaming**](https://docs.highflame.ai/documentation/red-teaming/agent-red-teaming) for the full product overview. * Read the [**Model Supply Chain Scan**](https://docs.highflame.ai/documentation/red-teaming/model-supply-chain-scan) for the Palisade overview.