Pillar 03 · AI Red Teaming

AI Risk Assessment

Send 300+ adversarial prompts against your AI application, collect the responses, and analyze them in Strata Cloud Manager — aligned to OWASP, NIST AI RMF, and MITRE ATLAS.

Deploy the Assessment →

Overview

AI innovation moves fast, but standard web application firewalls cannot parse prompt context — sophisticated prompt injections and sensitive data leakage slip through unhindered. The AI Risk Assessment gives you empirical data on how your applications behave under simulated adversarial conditions, so you can validate your guardrails and confidently secure your innovation pipeline.

The toolkit sends 300 adversarial prompts against your live AI application, collects the raw responses, and prepares them for analysis by our AI Red Teaming service inside Strata Cloud Manager. The output is a report that maps vulnerabilities to OWASP, NIST, and MITRE ATLAS.

!
Disable AI Security Scanning During the Test Ensure your AI application has no security scanning enabled during this run. The purpose of the demo is to collect raw, unfiltered responses so AIRS can analyze them after upload.

Availability

The AI Risk Assessment is currently available in four countries — one per major theater.

Supported Regions

Where the AI Risk Assessment Is Available

Delivered today in the United States, Netherlands, Singapore, and Japan.

World map highlighting AI Risk Assessment availability in the United States, Netherlands, Singapore, and Japan
North America United States
EMEA Netherlands
JAPAC Singapore, Japan

Key Capabilities

  • Adversarial Prompt Simulation: A standardized battery of 300+ static exploits stress-tests your existing application-level controls.
  • Jailbreak Vulnerability Mapping: Evaluates how reliably your application logic resists direct system-prompt overrides and behavioral jailbreaks.
  • Data Leakage Auditing: Analyzes model responses to detect if your application fails to filter outbound PII, corporate secrets, or toxic outputs.
  • Prisma AIRS Analysis: Raw responses are analyzed by our AI Red Teaming service in Strata Cloud Manager.
  • Standards-Aligned: Findings mapped to OWASP ML Top 10, NIST AI Risk Management Framework, and MITRE ATLAS.
  • Resumable Runs: The scan script automatically skips completed prompts and resumes after network or session interruptions.

Assessment Areas

Prompt Injection

  • Direct prompt overrides
  • Indirect / delimiter attacks
  • Instruction hijacking
  • Context poisoning

Jailbreak Resistance

  • System-prompt override tests
  • Roleplay and persona attacks
  • Behavioral guardrail probes
  • Non-deterministic retries

Data Leakage

  • PII exfiltration in responses
  • Corporate secret disclosure
  • Training data extraction probes
  • Toxic output detection

Framework Alignment

  • OWASP ML Top 10
  • NIST AI Risk Management Framework
  • MITRE ATLAS
  • EU AI Act readiness signals

The 4-Step Process

1

Setup

Install prerequisites (uv, software package), open your AI app, and capture a cURL command from the browser's Network tab.

2

Scan

Run the scan script to send 300 adversarial prompts through your captured cURL. Results save to results/clara-responses.csv.

3

Red Team

Upload the CSV to Strata Cloud Manager under Run Assessment → Red Teaming Assessment and let AIRS analyze the responses.

4

Review

View the analyzed results in SCM and download the PDF report — mapped to OWASP, NIST, and MITRE ATLAS.

Deliverable

  • AI Red Team Brief — critical AI application security vulnerabilities
  • Vulnerability discovery — prompt injection, jailbreak, data leakage findings
  • Guardrail testing results against real-world AI threats
  • Remediation suggestions aligned to OWASP, NIST, and MITRE ATLAS
  • Strategic roadmap enabling safe, enterprise-wide AI adoption
  • PDF export from Strata Cloud Manager for stakeholder sharing

Training Walkthrough

End-to-end steps for running the AI Risk Assessment demo. From setup to report in about 2–3 hours (the scan itself takes ~25 minutes at default settings).

Prereq

Install uv

uv handles the Python environment automatically. Install it once for your OS:

brew install uv
curl -LsSf https://astral.sh/uv/install.sh | sh
powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
Prereq

Confirm SCM Access & Download the Package

You need:

  • Access to your AI application in a browser
  • Access to your Strata Cloud Manager tenant for uploading results
  • The scan software package — clone from the CLARA AI Risk Assessment GitHub repo
i
SCM Discovery Requirement Your SCM tenant needs discovery enabled — this requires SCM Pro, or SCM Essentials + SLS. If discovery is off, create a deployment profile using eval credits and associate it with the tenant.
Step 1

Copy Your cURL Command

Capture the API request your browser makes when the AI app receives a message:

  1. Open your AI application in a browser (Chrome or Edge)
  2. Open Developer Tools (F12 or right-click → Inspect)
  3. Go to the Network tab
  4. Send any message in the chat interface
  5. Find the request — usually a POST to /api/chat or similar
  6. Right-click the request → Copy → Copy as cURL
  7. Paste it into a new text file and save as curl.txt
Step 2

Run the Scan

Unzip the downloaded customer.zip into a customers folder, place curl.txt inside it, and run:

cd customers uv run python run_scan.py --curl-file curl.txt

On the first run, uv automatically sets up the Python environment — a quick, one-time step. The script will parse your cURL, extract the endpoint and headers, send each of the 300 adversarial prompts, and save responses to results/clara-responses.csv.

i
Estimated Runtime Approximately 25 minutes at default settings (2-second delay between requests).
Optional

Tune the Scan for Your App

Add flags to run_scan.py to match your app's request/response shape:

  • --delay 2 — seconds between requests; lower for faster runs if your app allows it
  • --request-field message — JSON path where prompts get placed (e.g. message, messages[-1].content, input)
  • --response-field response — JSON path to extract from the response (e.g. choices[0].message.content). Not needed for streaming responses.
  • --shared-session — use one session for all requests instead of isolated sessions
  • --retries 5 — how many times each prompt is sent (to assess non-deterministic behavior); each retry is a separate row in the output
Step 3

Handle Interruptions

If the script stops (expired session, network error, etc.), refresh and resume:

  1. Send another message in your AI application to refresh the session
  2. Copy the new cURL command (same as Step 1)
  3. Overwrite curl.txt with the new command
  4. Re-run the same uv run command — completed prompts are skipped automatically
Step 4

Upload Results to Strata Cloud Manager

Once the scan completes, upload the CSV to Prisma AIRS for analysis:

  1. Locate the output file at results/clara-responses.csv
  2. Log in to your SCM tenant
  3. Navigate to Run Assessment → Red Teaming Assessment and upload the CSV
  4. Wait for the AI Red Teaming service to process and analyze your results
  5. When processing finishes, view your results and download the PDF report
i
Reference Materials A sample AI Red Teaming report and demo video are linked from the AI Risk Assessment Deployment Guide — use them to walk stakeholders through what they'll see before running against production apps.

What's Next · AI Benchmarking

A companion assessment is on the CLARA roadmap — proving the efficacy of Prisma AIRS against native cloud AI safety guardrails, delivered courtesy of CyPerf (Keysight) — the same non-intrusive sandbox that powers Firewall Benchmarking today.

Coming Soon · CLARA Roadmap

AI Benchmarking

Where the AI Risk Assessment on this page tests your application's guardrails with 300 adversarial prompts, AI Benchmarking will test the security layer — measuring Prisma AIRS side-by-side against native cloud AI safety controls with a standardized strike pack.

What it will measure

  • Inbound prompt-injection and jailbreak blocking
  • Outbound PII and sensitive-data leakage prevention
  • Toxic-output and policy-violation filtering
  • Side-by-side scoring vs native cloud AI guardrails

How it will be delivered

  • Standardized AI strike pack in an isolated CyPerf sandbox
  • Zero-risk, non-intrusive execution — same model as Firewall Benchmarking
  • AI Security Validation Report with per-category blocking rates
  • Board-ready evidence to justify Prisma AIRS adoption

Resources

Everything you need to run the assessment in one place — package, guide, sample deliverable, and a full demo video.

Watch the Demo

See the assessment in action from setup through report review.