AI Red Team Documentation
Complete guide to our penetration testing service for your chatbots, AI assistants, and LLM systems.
Overview
AI Red Team is a specialized penetration testing service for artificial intelligence systems. Our team tests your chatbots, AI assistants, and autonomous agents against 8'000+ known attack prompts and those discovered by our R&D.
Service Tiers
Three packages adapted to the size and complexity of your AI systems.
Standard
Successful intrusion to 1 protected asset
per engagement
- Up to 50 targets tested
- Success criteria: 1 protected asset reached
- Prompt injection tests
- Jailbreak attempts
- Summary PDF report
- 1h debrief call
Advanced
Reaching 3 defined assets
per engagement
- Up to 200 targets tested
- Success criteria: 3 protected assets reached
- Multi-vector attacks
- RBAC bypass testing
- Multilingual tests (50+ languages)
- Detailed report + roadmap
- Team training session
Enterprise
Multi-LLM, 8000+ prompts tested
per engagement
- Unlimited targets
- Multi-LLM testing (all your AI apps)
- 8000+ known attack prompts tested
- Full Red Team (... patterns)
- LLM supply chain tests
- APT simulation
- Board-ready présentation
- On-site debrief
Testing Methodology
We analyze the 3 vulnerability layers of your AI systems.
LLM Layer
Resistance to jailbreaks and alignment bypasses
- Jailbreaks (DAN, Developer Mode, STAN)
- System instruction bypass
- System prompt extraction
- Context manipulation
- Role confusion
Application Layer
Application wrapper vulnerabilities
- Indirect prompt injection
- RAG data exfiltration
- Session manipulation
- Privilege escalation
- Filter bypass
Intégration Layer
Tool and API abuse
- Function calling abuse
- RAG poisoning
- SQL injection via LLM
- Unauthorized code exécution
- SSRF via plugins
24 Attack Categories
Our tests cover all known attack vectors, aligned with OWASP LLM Top 10.
DIRECT_OVERRIDEDirect instruction override
ROLE_MANIPULATIONAI role manipulation
EXTRACTIONProtected information extraction
FORMAT_TOKENSSpecial token abuse
FAKE_AUTHORITYAuthority impersonation
DAN_JAILBREAKDAN-type jailbreaks
ROLEPLAY_ATTACKRoleplay attacks
HYPOTHETICALMalicious hypothetical scénarios
EMOTIONALEmotional manipulation
GRADUAL_BOUNDARYGradual boundary erosion
CONTEXT_EXPLOITContext exploitation
ENCODINGEncoding bypass
TECHNICALAdvanced technical attacks
MODEL_INFOModel info extraction
HARMFUL_BEHAVIORHarmful behavior induction
SENSITIVE_QUERYSensitive queries
DATA_EXFILTRATIONData exfiltration
Testable System Types
We test any system integrating an LLM.
Chatbots
Customer support, sales, FAQ
Internal assistants
HR, IT, légal
Autonomous agents
AutoGPT, CrewAI, LangGraph
Copilots
Code, docs, productivity
RAG systems
Knowledge bases
Custom GPTs
ChatGPT Teams, plugins
AI Workflows
n8n, Make, Zapier + AI
LLM APIs
Direct intégrations
Deliverables
What you receive at the end of the engagement.
Detailed Report
- Overall vulnerability score (0-100)
- Breakdown by category (24 categories)
- List of vulnerabilities found with criticality
- Proof of exploitation (PoC) for each flaw
- Recommendations prioritized by impact
- Suggested Prompt Guard rules
Executive Summary
- Summary for C-suite/CISO (2 pages)
- Identified business risks
- Comparison with industry benchmarks
- Remediation plan in 30/60/90 days
Secure Delivery
The PDF report is delivered via a single-use link with OTP code sent by SMS. Expires after 72h or first download.
Engagement Process
A structured 4-step process.
SOW & Deposit
Sign Statement of Work defining scope and rules of engagement. 60% deposit payment.
Reconnaissance
Target chatbot analysis, LLM provider identification, feature mapping and entry points.
Test Exécution
Launch ... détection patterns, advanced manual tests, multi-vector attacks based on chosen tier.
Report & Final Payment
Report compilation, results présentation, debriefing. 40% balance due upon delivery.
Frequently Asked Questions
Ready to secure your AI?
Request a custom quote or contact our team to discuss your needs.
Or contact us: redteam@adlibo.com