For Red Team Testers

Hello, Red Teamer! Here you'll learn how to find and stop AI vulnerabilities before they can be exploited. Highflame Red provides a robust red teaming setup to test your AI resources against a wide variety of adversarial attacks. In this case, we'll use one of Highflame's built-in applications as our target to get you started.

Identify Your Target Application

A target application is any AI-powered endpoint you want to test. We'll start with lab1, a sample app bundled with Highflame Red designed with vulnerabilities for you to find.

Register the Target in Highflame

Before you can scan an application, you need to tell Highflame about it.

1. Navigate to the Applications > Add Application.

2. In the configuration form, enter the details for lab1:

   1. Application Name: Lab1-Test-Target

   2. Description: A sample chatbot for red team testing.

   3. API Request Configuration:

      1. URL: For the lab application provided by your Highflame instance, like https://<custom_lab_endpoint>/v1/redteam/lab1/chat.

      2. Method: POST.

      3. Payload Template: Highflame needs to know how to format the request. The lab1 application expects a JSON payload. Highflame will automatically inject the attack prompt into the first prompt, query user_input, or request field it finds in the payload.

3. Click Save. Now your target is registered and ready to be tested.

Configure and Launch a Scan

From here, you can put the adversarial agents to work.

1. Go back to the Applications list, click on your Lab1-Test-Target application, and select the Redteam Assessments tab.

2. Click Create New Assessment to begin setting up a scan.

3. Scan Settings:

   1. Max Duration: Leave the default for your first scan.

   2. Test Cases per Category: Set this to a low number like 10 for a quick first scan.

4. Scan Type: Choose a preset scan profile, like OWASP LLM Top 10, which covers the most critical AI security risks.

5. Scan Categories: Review the vulnerability categories included in the OWASP profile and click Next.

6. Click Run Scan to begin. From here, Highflame Red's specialized AI agents will begin their work.

Analyze the Report

When the scan status changes to completed, you can review the findings.

1. From the Redteam Assessments list, click on the completed scan to open the report.

2. Executive Summary: High-level metrics like total tests run, vulnerabilities found, and the overall success rate

3. Vulnerability Analysis: Breakdown of vulnerabilities by severity and category, immediately telling you where to find your most pressing security issues.

4. Drill Down: Scroll down to the detailed results and find a category that had failures, like Prompt Injection, and click Show Details. You can see:

   1. The Attack: The exact prompt sent.

   2. The Response: The AI system's full response.

   3. The Analysis: Highflame's LLM judge explains why the response was flagged as a vulnerability.

   4. Mitigation Advice: Actionable recommendations to fix the issue.

You've successfully completed your first automated AI red team test and found vulnerabilities that you can work with your development teams to address.

What's Next?

• Learn in Model Red Teaming how to test models for flaws.

• Explore advanced attack engines and scan configurations with Agent Red Teaming.