AI Red Teaming assesses connected AI models and AI agents for security risks such as prompt injection and data leakage, helping you identify potential attack surfaces and vulnerabilities before deploying to production.
Overview
AI Red Teaming evaluates connected AI models and AI agents for security risks. Add detection objects to run security assessments that identify potential attack surfaces and vulnerabilities.
-
Supported detection objects:
-
AI Model: Detects AI model services that use OpenAI-compatible or Anthropic-compatible APIs. Checks for security risks such as prompt injection and data leakage in large language models accessed via API.
-
AI Agent: Evaluates the security of agent applications deployed on platforms such as Alibaba Cloud Model Studio, Dify, and PAI.
-
-
Detection results are available for download only; they are neither auto-processed nor synchronized to the Agent Threat list.
AI model detection
Agent Security provides AI Red Teaming model detection, covering prompt injection, jailbreak attacks, obfuscation and smuggling attacks, and command and privacy leakage. This service is in public preview and available without contacting a sales manager.
-
Access the detection configuration page
-
Access the Security Center console - Agent Security Center - Agent Overview. In the upper-left corner of the page, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland..
-
Click the AGENTS icon in the central area to go to the Agent list page.
-
Click the target agent, and then click the AI Red Teaming icon in the central canvas area.
-
-
Configure a model
NoteTo configure multiple models, repeat the following steps for each model.
-
On the AI Red Teaming page, click Add Model.
-
In the Add Model Configuration dialog box, configure the following parameters.
-
Model Name: The system automatically synchronizes the models associated with the current agent.
Important-
The models available for detection are displayed in the drop-down list.
-
If the current agent has no associated models (MODEL count is 0), the model list is empty and AI Red Teaming model detection cannot be performed.
-
-
API Key: The API key for calling the model. Methods to obtain the key for some agents include:
-
Model Studio: See Obtain an API key.
-
PAI: See Obtain the access address and token.
-
Dify: Contact the model provider to obtain an API key.
-
-
Endpoint: Required for Dify only. This is the API access URL for the model provider. Contact the model provider to obtain it.
-
-
-
Test the connection
-
After configuration, click Test Connection.
-
After the test passes, click OK.
NoteIf the test fails, see Agent risk detection and protection.
-
-
Scan the model
-
Select a scanning method
Action
Scenario
Steps
Scan Now
Verifies a single model. Suitable for quick checks after adding or reconfiguring a model.
In the Configured Models, click Scan Now in the target model area.
Scan All
Detects all models in batch. Suitable for comprehensive security checks or verification after major configuration changes.
Click Scan All above the Configured Models.
-
Wait for detection results: Model detection takes time. View the detection progress in the model list area.
-
Download the report: After detection completes, click Download Report in the target model area to view the detection results.
-
Comprehensive AI model and Agent detection
Activating the service
The AI Red Teaming console is currently in invite-only testing. To activate the service, contact your sales manager.
Adding detection objects
-
Log on to the Security Center console.
-
In the left navigation pane, select Agent Security > AI Red Teaming.
-
On the AI Red Teaming list page, click Add Detection Target.
-
On the Target Information page, configure the following parameters. After configuration, click Next to proceed to the connection parameter configuration.
Parameter
Description
Target Name
A custom name used to identify and manage the detection object.
Description
Optional. Enter a description for the detection object.
Target Type
AI Model: For model services that use OpenAI-compatible or Anthropic-compatible APIs.
AI Agent: For agent applications deployed on platforms such as Alibaba Cloud Model Studio and Dify.
NoteThe parameters available in subsequent steps vary depending on the selected target type.
Access Method
Displayed only when Target Type is set to AI Model.
-
OpenAI Compatible: For model services that use the OpenAI Chat Completions API format, such as Alibaba Cloud Model Studio, Azure OpenAI, and various open-source model deployments.
-
Anthropic Compatible: For model services that use the Anthropic Messages API format.
Quick Access
Displayed only when Target Type is set to AI Agent. Supported platforms include Alibaba Cloud Model Studio, Dify, Agent Run, PAI, and AgentKit.
-
-
On the Connection Parameters tab, configure the connection parameters based on the target type. After configuration, click Next to proceed to connection verification.
AI Model Parameters
Parameter
Description
Streaming Output
Specifies whether to enable streaming output. Default value: Enabled.
API Address
The API endpoint of the AI model.
For example, the OpenAI-compatible API endpoint for Alibaba Cloud Model Studio is
https://dashscope.aliyuncs.com/compatible-mode/v1.API Key
The access key used for authentication.
For example, Alibaba Cloud Model Studio users can create an API key on the API Key Management page in the Model Studio console.
Model Name
The name of the model to test. Examples for Alibaba Cloud Model Studio:
qwen-plus,qwen-max.Platform
Select the platform to which the AI model belongs from the drop-down list, such as Alibaba Cloud Model Studio.
AI Agent Parameters
Basic Parameters
Parameter
Description
Streaming Output
Specifies whether to enable streaming output.
ImportantStreaming output is enabled by default for PAI and cannot be disabled.
API Address
The API endpoint of the agent.
-
PAI: Format:
http://{uid}.{region}.pai-eas.aliyuncs.com/api/predict/{serviceName}/v1/chat/completions. Replace {uid}, {region}, and {serviceName} with the actual PAI-EAS service configurations. -
Alibaba Cloud Model Studio:
https://dashscope.aliyuncs.com/api/v1/apps/{appId}/completion, where{appId}is the Model Studio application ID. -
Dify: Format: http://{host}/v1/chat-messages. Replace {host} with the actual Dify service endpoint.
-
Agent Run: Format:
https://{workspaceId}.agentrun-data.{region}.aliyuncs.com/agent-runtimes/{agentName}/endpoints/Default/invocations/openai/v1/chat/completions. Replace {workspaceId}, {region}, and {agentName} with the actual Agent Run configurations. -
AgentKit: Format:
https://{id}.apigateway-{region}.volceapi.com/invoke. Replace {id} and {region} with the actual Agent Kit gateway configurations.
API Key
The access key used for authentication.
For example, Alibaba Cloud Model Studio users can create an API key on the API Key Management page in the Model Studio console.
Model Name
Displayed only for the PAI platform. Enter the model name.
Advanced Settings (Optional)
Parameter
Description
HTTP Method
The request method: GET, POST, or PUT. Default value: POST.
Authentication Method
Select an authentication method: None, Bearer Token, or Custom Header.
Authentication Header Name
Displayed only when Authentication Method is set to Custom Header. Enter a custom authentication header name.
Timeout Period
The request timeout period, in milliseconds. Default value: 30000.
Request Template
The request body template, preset by platform.
JSONPath
The response parsing path, preset by platform.
Request Header
Custom request headers in JSON format.
-
-
On the Test Connection tab, confirm the configured target details. Then, click Connectivity Test to verify that the configured parameters can connect to the AI service.
Important-
Click Save only after the connectivity test passes. If the test fails, verify that the API endpoint, API key, and model name are correct.
-
The connectivity test verifies only network connectivity, the API key, and the API Address. It does not run an actual detection task.
-
Testing: The button displays a loading animation.
-
Test passed: The button changes to a success state, and the Save button becomes available.
-
Test failed: The failure reason is displayed in the Connection test failed. prompt area. If the failure is caused by network issues, click Retry to run the test again.
-
Configuring detection intensity (optional)
-
Click the
icon next to the target detection object, and select Configure Detection Task from the Actions menu. -
In the Configure Detection Task panel, select a detection intensity:
ImportantThe system uses Quick Scan by default.
Detection Intensity
Description
Applicable Scenario
Quick Scan
Uses common basic attack techniques for detection. Estimated time: 10 to 20 minutes.
Suitable for routine quick verification.
Standard Scan
Covers advanced attack techniques in addition to basic ones. Estimated time: 30 to 40 minutes.
Suitable for comprehensive security assessments before going live.
-
Click OK to save the configuration.
Running detection
-
When the detection status is Preparing, In queue, or Checking, the Check button is unavailable. Wait for the previous detection task to complete.
-
The default detection intensity is Quick Scan.
-
Select detection objects:
-
Single detection: Click Check in the Actions column next to the target detection object.
-
Batch detection: Select multiple detection objects, and then click Check below the AI Red Teaming list.
-
-
In the confirmation dialog box, click OK.
-
After the detection task is created, the list automatically refreshes and the detection status updates.
Viewing detection tasks and reports
-
Click the
icon next to the target detection object, and select Test Records from the Actions menu. Alternatively, click the number in the Scan Count column. -
In the Detection Records panel, view detection details. Filter by Detection Strength and Scan Progress.
Column
Description
Scan Task ID
The unique identifier of the detection task.
Detection Strength
Fast detection or standard detection.
Scan Start Time
The start time of the detection task.
Scan End Time
The completion time of the detection task.
Scan Task Progress
The task execution progress. Displays the completion percentage while running.
Risk Level
The risk level detected in this scan.
-
View Report: After detection completes, click View Report in the Actions column to view the security assessment report for the agent or model. The report includes an overview, security score, attack distribution, risk matrix, attack technique analysis, attack intent analysis, attack case details, and security recommendations.
-
Download Report: After detection completes, click Download Report in the Actions column to download and save the security report locally.
Stopping or deleting detection tasks
-
Click the
icon next to the target detection object, and select Test Records from the Actions menu. Alternatively, click the number in the Scan Count column. -
In the Detection Records panel, click Stop or Delete in the Actions column next to the target task.
Action
Applicable To
Effect
Stop
Incomplete tasks only
Terminates the scan and retains the detection record.
Delete
Tasks in all states
Terminates the scan and deletes the detection record.
Managing detection objects
Modifying detection object
-
On the AI Red Teaming list page, click the
icon next to the target detection object, and select Configure Target from the Actions menu. -
In the Configure Target panel, you can modify the Streaming Output toggle, API Address, API Key, and Advanced Settings. For parameter descriptions, see Connection Parameters.
-
After modifying the parameters, click Connectivity Test to verify the new configuration.
ImportantIf the test fails, verify that the modified API endpoint, API key, and model name are correct, and try again.
-
After the test passes, click OK to save the changes.
Deleting a detection object
-
Select detection objects:
-
Single deletion: Click Delete in the Actions menu (accessible via the
icon) next to the target detection object. -
Batch deletion: Select multiple detection objects, and then click Delete below the AI Red Teaming list.
-
-
In the confirmation dialog box, click OK.
-
After the deletion is successful, the detection object is removed from the list.
Billing
Free of charge during the public preview period.
FAQ
What do I do if a connectivity test fails?
If the connectivity test fails for an AI Model detection object, check the following possible causes:
-
Network unreachable: Verify that Security Center in the current region can access the API endpoint of the AI model. If the AI model is deployed in a private network, configure network connectivity policies.
-
Invalid or expired API key: Verify that the API key is valid and has not expired. Manually call the API using a curl command to confirm.
-
Incorrect model name: Verify that the model name matches the name provided by the AI model service provider.
-
Invalid API endpoint format: Verify that the API endpoint URL is correct and accessible.