Architecture
Highflame RedTeam is built on a modular, distributed architecture designed to support large-scale, enterprise-grade Agent testing. The system is optimized for reliability, parallel execution, and extensibility, allowing organizations to continuously probe AI applications for vulnerabilities without disrupting production workflows.
At its core, RedTeam separates control, execution, and analysis concerns. API interactions are decoupled from execution through queue-based processing, while specialized agents collaborate to plan, generate, execute, and evaluate attacks. This design enables RedTeam to scale horizontally, recover gracefully from failures, and adapt to evolving attack techniques.
Execution Overview
The request is received by the RedTeam API server, which validates the input and immediately hands the scan off for asynchronous processing. Rather than executing the scan inline, the API server enqueues the work into a cache-backed task queue. This decoupling enables the system to accept new requests quickly while concurrently executing background scans.
Scan Workers
The request is received by the RedTeam API server, which validates the input and immediately hands the scan off for asynchronous processing. Rather than executing the scan inline, the API server enqueues the work into a cache-backed task queue. This decoupling enables the system to accept new requests quickly while concurrently executing background scans.
Scan Workers
Worker processes consume tasks from the queue and execute them under the coordination of the RedTeam orchestrator, Agent Smith. Agent Smith manages the scan lifecycle, assigns work to specialized agents, and tracks progress across the planning, attack generation, execution, and evaluation phases.
During execution, specialized agents collaborate to perform targeted security testing. The Planner agent determines which attack categories to prioritize. The Generator agent creates attack prompts using templates and vector-based retrieval, and applies one or more Engines to transform those base prompts into sophisticated adversarial inputs. These enhanced attacks are then executed against the target application, and responses are collected for analysis.
The Executor agent sends attacks to the target application and captures responses. The Evaluator agent analyzes responses to identify vulnerabilities and assess severity.
All intermediate state, results, and audit data are persisted in the database, ensuring that scans are durable, recoverable, and fully traceable. Once execution completes, the Reporter agent compiles findings into structured security reports suitable for both technical teams and leadership.
Throughout this process, the queue-based architecture enables horizontal scaling, fault tolerance, and predictable performance. Additional workers can be added to increase throughput, while failures are isolated and recoverable without interrupting the overall system.
Specialized Agents
RedTeam relies on a set of specialized agents, each designed to perform a distinct role in the attack pipeline.
The Planner Agent analyzes the target application and determines which categories of attacks are most relevant. It produces a structured attack plan that prioritizes vulnerabilities and defines an execution strategy.
The Generator Agent is responsible for creating attack prompts. It retrieves relevant base prompts from the vector database, applies templates and contextual variables, and enhances them using attack engines. Generated prompts are validated for quality and relevance before execution.
The Executor Agent carries out attacks against the target application. It supports multiple protocols—including HTTP, gRPC, WebSocket, and direct model calls—and executes attacks concurrently while respecting rate limits. Responses are collected, normalized, and passed downstream for evaluation.
The Evaluator Agent analyzes responses to determine whether vulnerabilities are present. It structures responses, applies LLM-based judgment where appropriate, assigns severity levels, and gathers evidence to support each finding.
Finally, the Reporter Agent compiles results into comprehensive security reports. These reports include executive summaries, detailed findings, attack narratives, remediation guidance, and mappings to frameworks such as OWASP and NIST.
Attack Database and Engine Integration
Attack prompt generation is powered by a vector-based retrieval system. Prompts are indexed as embeddings, categorized by vulnerability type, and retrieved based on semantic similarity to the target application’s characteristics. This allows RedTeam to reuse and adapt high-quality attack patterns while continuously improving coverage and relevance.
Once retrieved, base prompts are systematically enhanced using Engines. Each engine applies a distinct attack methodology—such as obfuscation, abstraction, instruction manipulation, or multi-turn context building—before the prompt is executed. This design allows RedTeam to evolve its attack surface independently of the core orchestration pipeline.
Scalability and Performance
RedTeam is designed to scale horizontally across all layers. Worker processes can be added to increase throughput, API servers can be load-balanced, and queues can be partitioned by scan type. Database scaling strategies, such as sharding, support large volumes of scan data.
Performance is further optimized through connection pooling, Redis-backed caching, batch operations, and fully asynchronous I/O. Resource usage is controlled through configuration, allowing teams to tune concurrency, timeouts, and scan limits to match their environment.
Security and Reliability
Security is enforced at every layer of the RedTeam platform. All APIs require authenticated access, inputs are validated and sanitized, and all communication is encrypted in transit. A complete audit trail is maintained for every operation, supporting compliance and forensic analysis.
Reliability features include continuous health checks, persistent state storage, backup and recovery procedures, and automatic failure handling. Monitoring and observability tools collect metrics, logs, and alerts, giving operators real-time visibility into system health and performance.
Last updated