Skip to content

Daystrom

CLI and library for Palo Alto Prisma AIRS AI security

CI License: MIT Node 20+ TypeScript

Daystrom is a CLI tool that provides full operational coverage over Palo Alto Prisma AIRS AI security capabilities. Generate and iteratively refine custom topic guardrails with LLM-driven feedback loops, run adversarial red team scans against AI targets, manage ML model supply chain security, and audit entire security profiles for coverage gaps and cross-topic conflicts. Named after Star Trek's Dr. Richard Daystrom, it automates the tedious so you can focus on intent.

  • Iterative Refinement

    Analyzes false positives and negatives after each iteration, feeding structured feedback to the LLM until coverage meets your threshold.

  • Multi-Provider LLM

    Six provider configs out of the box — Claude API, Claude Vertex, Claude Bedrock, Gemini API, Gemini Vertex, and Gemini Bedrock.

  • Cross-Run Memory

    Persists learnings across runs so the LLM avoids repeating past mistakes. Budget-aware injection keeps prompts focused.

  • Resumable Runs

    Every iteration checkpoints to disk. Resume failed or paused runs from exactly where they left off — no wasted API calls.

  • Block & Allow Intent

    First-class support for both block (blacklist) and allow (whitelist) guardrails with intent-aware test generation and analysis.

  • Test Accumulation

    Optionally carry forward test prompts across iterations with dedup, catching regressions that fresh tests might miss.

  • AI Red Teaming

    Launch static, dynamic, and custom adversarial scans against AI targets. Full CRUD on targets, prompt sets, and prompts via daystrom redteam.

    Red Team

  • Profile Audits

    Evaluate all topics in a security profile at once. Per-topic metrics, composite scores, and cross-topic conflict detection via daystrom audit.

  • Model Security

    Manage ML model supply chain security — security groups, rules, scans, evaluations, violations, and labels via daystrom model-security.

    Model Security

How It Works

flowchart LR
    A["Describe\nwhat to block\nor allow"] --> B["LLM generates\ntopic definition"]
    B --> C["Deploy\nto AIRS"]
    C --> D["Generate\ntest prompts"]
    D --> E["Scan against\nlive service"]
    E --> F["Evaluate\nTPR · TNR · F1"]
    F --> G{Coverage\nmet?}
    G -->|No| H["Analyze\nFP / FN"]
    H --> B
    G -->|Yes| I["Done"]

Get Started

  • Install

    Prerequisites, installation, and credential setup.

    Installation

  • Quick Start

    Run your first command in minutes.

    Quick Start

  • Configure

    LLM providers, tuning parameters, and data locations.

    Configuration

  • Architecture

    Core loop, AIRS integration, memory system, and design decisions.

    Architecture