AI Red Teaming

更新时间:
复制 MD 格式

AI Red Teaming assesses connected AI models and AI agents for security risks such as prompt injection and data leakage, helping you identify potential attack surfaces and vulnerabilities before deploying to production.

Overview

AI Red Teaming evaluates connected AI models and AI agents for security risks. Add detection objects to run security assessments that identify potential attack surfaces and vulnerabilities.

  • Supported detection objects:

    • AI Model: Detects AI model services that use OpenAI-compatible or Anthropic-compatible APIs. Checks for security risks such as prompt injection and data leakage in large language models accessed via API.

    • AI Agent: Evaluates the security of agent applications deployed on platforms such as Alibaba Cloud Model Studio, Dify, and PAI.

  • Detection results are available for download only; they are neither auto-processed nor synchronized to the Agent Threat list.

AI model detection

Agent Security provides AI Red Teaming model detection, covering prompt injection, jailbreak attacks, obfuscation and smuggling attacks, and command and privacy leakage. This service is in public preview and available without contacting a sales manager.

  1. Access the detection configuration page

    1. Access the Security Center console - Agent Security Center - Agent Overview. In the upper-left corner of the page, select the region where the assets to be protected are located: Chinese Mainland or Outside Chinese Mainland..

    2. Click the AGENTS icon in the central area to go to the Agent list page.

    3. Click the target agent, and then click the AI Red Teaming icon in the central canvas area.

  2. Configure a model

    Note

    To configure multiple models, repeat the following steps for each model.

    1. On the AI Red Teaming page, click Add Model.

    2. In the Add Model Configuration dialog box, configure the following parameters.

      • Model Name: The system automatically synchronizes the models associated with the current agent.

        Important
        • The models available for detection are displayed in the drop-down list.

        • If the current agent has no associated models (MODEL count is 0), the model list is empty and AI Red Teaming model detection cannot be performed.

      • API Key: The API key for calling the model. Methods to obtain the key for some agents include:

      • Endpoint: Required for Dify only. This is the API access URL for the model provider. Contact the model provider to obtain it.

  3. Test the connection

    1. After configuration, click Test Connection.

    2. After the test passes, click OK.

      Note

      If the test fails, see Agent risk detection and protection.

  4. Scan the model

    1. Select a scanning method

      Action

      Scenario

      Steps

      Scan Now

      Verifies a single model. Suitable for quick checks after adding or reconfiguring a model.

      In the Configured Models, click Scan Now in the target model area.

      Scan All

      Detects all models in batch. Suitable for comprehensive security checks or verification after major configuration changes.

      Click Scan All above the Configured Models.

    2. Wait for detection results: Model detection takes time. View the detection progress in the model list area.

    3. Download the report: After detection completes, click Download Report in the target model area to view the detection results.

Comprehensive AI model and Agent detection

Activating the service

The AI Red Teaming console is currently in invite-only testing. To activate the service, contact your sales manager.

Adding detection objects

  1. Log on to the Security Center console.

  2. In the left navigation pane, select Agent Security > AI Red Teaming.

  3. On the AI Red Teaming list page, click Add Detection Target.

  4. On the Target Information page, configure the following parameters. After configuration, click Next to proceed to the connection parameter configuration.

    Parameter

    Description

    Target Name

    A custom name used to identify and manage the detection object.

    Description

    Optional. Enter a description for the detection object.

    Target Type

    AI Model: For model services that use OpenAI-compatible or Anthropic-compatible APIs.

    AI Agent: For agent applications deployed on platforms such as Alibaba Cloud Model Studio and Dify.

    Note

    The parameters available in subsequent steps vary depending on the selected target type.

    Access Method

    Displayed only when Target Type is set to AI Model.

    • OpenAI Compatible: For model services that use the OpenAI Chat Completions API format, such as Alibaba Cloud Model Studio, Azure OpenAI, and various open-source model deployments.

    • Anthropic Compatible: For model services that use the Anthropic Messages API format.

    Quick Access

    Displayed only when Target Type is set to AI Agent. Supported platforms include Alibaba Cloud Model Studio, Dify, Agent Run, PAI, and AgentKit.

  5. On the Connection Parameters tab, configure the connection parameters based on the target type. After configuration, click Next to proceed to connection verification.

    AI Model Parameters

    Parameter

    Description

    Streaming Output

    Specifies whether to enable streaming output. Default value: Enabled.

    API Address

    The API endpoint of the AI model.

    For example, the OpenAI-compatible API endpoint for Alibaba Cloud Model Studio is https://dashscope.aliyuncs.com/compatible-mode/v1.

    API Key

    The access key used for authentication.

    For example, Alibaba Cloud Model Studio users can create an API key on the API Key Management page in the Model Studio console.

    Model Name

    The name of the model to test. Examples for Alibaba Cloud Model Studio: qwen-plus, qwen-max.

    Platform

    Select the platform to which the AI model belongs from the drop-down list, such as Alibaba Cloud Model Studio.

    AI Agent Parameters

    Basic Parameters

    Parameter

    Description

    Streaming Output

    Specifies whether to enable streaming output.

    Important

    Streaming output is enabled by default for PAI and cannot be disabled.

    API Address

    The API endpoint of the agent.

    • PAI: Format: http://{uid}.{region}.pai-eas.aliyuncs.com/api/predict/{serviceName}/v1/chat/completions. Replace {uid}, {region}, and {serviceName} with the actual PAI-EAS service configurations.

    • Alibaba Cloud Model Studio: https://dashscope.aliyuncs.com/api/v1/apps/{appId}/completion, where {appId} is the Model Studio application ID.

    • Dify: Format: http://{host}/v1/chat-messages. Replace {host} with the actual Dify service endpoint.

    • Agent Run: Format: https://{workspaceId}.agentrun-data.{region}.aliyuncs.com/agent-runtimes/{agentName}/endpoints/Default/invocations/openai/v1/chat/completions. Replace {workspaceId}, {region}, and {agentName} with the actual Agent Run configurations.

    • AgentKit: Format: https://{id}.apigateway-{region}.volceapi.com/invoke. Replace {id} and {region} with the actual Agent Kit gateway configurations.

    API Key

    The access key used for authentication.

    For example, Alibaba Cloud Model Studio users can create an API key on the API Key Management page in the Model Studio console.

    Model Name

    Displayed only for the PAI platform. Enter the model name.

    Advanced Settings (Optional)

    Parameter

    Description

    HTTP Method

    The request method: GET, POST, or PUT. Default value: POST.

    Authentication Method

    Select an authentication method: None, Bearer Token, or Custom Header.

    Authentication Header Name

    Displayed only when Authentication Method is set to Custom Header. Enter a custom authentication header name.

    Timeout Period

    The request timeout period, in milliseconds. Default value: 30000.

    Request Template

    The request body template, preset by platform.

    JSONPath

    The response parsing path, preset by platform.

    Request Header

    Custom request headers in JSON format.

  6. On the Test Connection tab, confirm the configured target details. Then, click Connectivity Test to verify that the configured parameters can connect to the AI service.

    Important
    • Click Save only after the connectivity test passes. If the test fails, verify that the API endpoint, API key, and model name are correct.

    • The connectivity test verifies only network connectivity, the API key, and the API Address. It does not run an actual detection task.

    • Testing: The button displays a loading animation.

    • Test passed: The button changes to a success state, and the Save button becomes available.

    • Test failed: The failure reason is displayed in the Connection test failed. prompt area. If the failure is caused by network issues, click Retry to run the test again.

Configuring detection intensity (optional)

  1. Click the image icon next to the target detection object, and select Configure Detection Task from the Actions menu.

  2. In the Configure Detection Task panel, select a detection intensity:

    Important

    The system uses Quick Scan by default.

    Detection Intensity

    Description

    Applicable Scenario

    Quick Scan

    Uses common basic attack techniques for detection. Estimated time: 10 to 20 minutes.

    Suitable for routine quick verification.

    Standard Scan

    Covers advanced attack techniques in addition to basic ones. Estimated time: 30 to 40 minutes.

    Suitable for comprehensive security assessments before going live.

  3. Click OK to save the configuration.

Running detection

Important
  • When the detection status is Preparing, In queue, or Checking, the Check button is unavailable. Wait for the previous detection task to complete.

  • The default detection intensity is Quick Scan.

  1. Select detection objects:

    • Single detection: Click Check in the Actions column next to the target detection object.

    • Batch detection: Select multiple detection objects, and then click Check below the AI Red Teaming list.

  2. In the confirmation dialog box, click OK.

  3. After the detection task is created, the list automatically refreshes and the detection status updates.

Viewing detection tasks and reports

  1. Click the image icon next to the target detection object, and select Test Records from the Actions menu. Alternatively, click the number in the Scan Count column.

  2. In the Detection Records panel, view detection details. Filter by Detection Strength and Scan Progress.

    Column

    Description

    Scan Task ID

    The unique identifier of the detection task.

    Detection Strength

    Fast detection or standard detection.

    Scan Start Time

    The start time of the detection task.

    Scan End Time

    The completion time of the detection task.

    Scan Task Progress

    The task execution progress. Displays the completion percentage while running.

    Risk Level

    The risk level detected in this scan.

  3. View Report: After detection completes, click View Report in the Actions column to view the security assessment report for the agent or model. The report includes an overview, security score, attack distribution, risk matrix, attack technique analysis, attack intent analysis, attack case details, and security recommendations.

  4. Download Report: After detection completes, click Download Report in the Actions column to download and save the security report locally.

Stopping or deleting detection tasks

  1. Click the image icon next to the target detection object, and select Test Records from the Actions menu. Alternatively, click the number in the Scan Count column.

  2. In the Detection Records panel, click Stop or Delete in the Actions column next to the target task.

    Action

    Applicable To

    Effect

    Stop

    Incomplete tasks only

    Terminates the scan and retains the detection record.

    Delete

    Tasks in all states

    Terminates the scan and deletes the detection record.

Managing detection objects

Modifying detection object

  1. On the AI Red Teaming list page, click the image icon next to the target detection object, and select Configure Target from the Actions menu.

  2. In the Configure Target panel, you can modify the Streaming Output toggle, API Address, API Key, and Advanced Settings. For parameter descriptions, see Connection Parameters.

  3. After modifying the parameters, click Connectivity Test to verify the new configuration.

    Important

    If the test fails, verify that the modified API endpoint, API key, and model name are correct, and try again.

  4. After the test passes, click OK to save the changes.

Deleting a detection object

  1. Select detection objects:

    • Single deletion: Click Delete in the Actions menu (accessible via the image icon) next to the target detection object.

    • Batch deletion: Select multiple detection objects, and then click Delete below the AI Red Teaming list.

  2. In the confirmation dialog box, click OK.

  3. After the deletion is successful, the detection object is removed from the list.

Billing

Free of charge during the public preview period.

FAQ

What do I do if a connectivity test fails?

If the connectivity test fails for an AI Model detection object, check the following possible causes:

  • Network unreachable: Verify that Security Center in the current region can access the API endpoint of the AI model. If the AI model is deployed in a private network, configure network connectivity policies.

  • Invalid or expired API key: Verify that the API key is valid and has not expired. Manually call the API using a curl command to confirm.

  • Incorrect model name: Verify that the model name matches the name provided by the AI model service provider.

  • Invalid API endpoint format: Verify that the API endpoint URL is correct and accessible.