Skip to content

Red Team Scanning

Prisma AIRS CLI integrates with Palo Alto Prisma AIRS AI Red Team to run adversarial scans against configured targets. This provides a second layer of validation beyond the guardrail refinement loop's synthetic tests.

Overview

The airs redteam command group provides full access to Red Team operations:

  • Scan — launch static, dynamic, or custom prompt set scans
  • Status — monitor running scans
  • Report — view results with severity breakdowns and attack details
  • List — browse recent scans
  • Targets — full CRUD on red team targets (create, get, update, delete, probe, profile)
  • Prompt Sets — manage custom prompt sets (create, get, update, archive, upload CSV, download template)
  • Prompts — manage individual prompts within sets (add, list, get, update, delete)
  • Properties — manage custom attack property names and values
  • Categories — list available attack categories
  • Abort — stop a running scan

Scan Types

Type Description
STATIC Runs AIRS-maintained adversarial attack patterns from the attack library
DYNAMIC Goal-driven multi-turn attacks using an adversarial agent
CUSTOM Runs your custom prompt sets (e.g., those generated by airs runtime topics generate --create-prompt-set)

Workflow

1. Manage targets

# List all targets
airs redteam targets list

# Get target details
airs redteam targets get <uuid>

# Create a target from JSON config file
airs redteam targets create --config target.json

# Create with connection validation
airs redteam targets create --config target.json --validate

# Update a target
airs redteam targets update <uuid> --config updates.json

# Update with connection validation
airs redteam targets update <uuid> --config updates.json --validate

# Delete a target
airs redteam targets delete <uuid>

# Probe a target connection (test without saving)
airs redteam targets probe --config connection.json

# View target profile
airs redteam targets profile <uuid>

# Update target profile
airs redteam targets update-profile <uuid> --config profile.json

Example target.json: 

{
  "name": "My Chatbot",
  "target_type": "REST",
  "connection_params": {
    "api_endpoint": "https://api.example.com/chat",
    "request_headers": { "Authorization": "Bearer token" },
    "request_json": { "message": "{prompt}" },
    "response_key": "response"
  },
  "background": {
    "industry": "finance",
    "use_case": "customer support"
  },
  "metadata": {
    "multi_turn": false,
    "rate_limit": 10
  }
}

2. Browse attack categories (for STATIC scans)

airs redteam categories

3. Launch a scan

# Static scan — full attack library
airs redteam scan --target <uuid> --name "Full Static Scan"

# Static scan — specific categories
airs redteam scan --target <uuid> --name "PI Test" \
  --categories '{"prompt_injection": {}}'

# Custom scan — use prompt sets from guardrail generation
airs redteam scan \
  --target bff3b6ca-8be7-441c-823e-c36f1a61d41e \
  --name "Explosives Topic Validation" \
  --type CUSTOM \
  --prompt-sets 7829805d-6479-4ce1-866b-2bff66a3c766

# Multiple prompt sets (comma-separated UUIDs)
airs redteam scan --target <uuid> --name "Multi-Set Scan" \
  --type CUSTOM --prompt-sets uuid-1,uuid-2,uuid-3

# Submit without waiting for completion
airs redteam scan --target <uuid> --name "Async Scan" --no-wait

Finding prompt set UUIDs

Use airs redteam prompt-sets list to find prompt set UUIDs. Prompt sets created by airs runtime topics generate --create-prompt-set emit the UUID in the promptset:created event.

4. Check status

airs redteam status <jobId>

Output includes current status (QUEUED, RUNNING, COMPLETED, FAILED, ABORTED) and progress (completed/total).

5. View report

# Summary report
airs redteam report <jobId>

# Include individual attacks
airs redteam report <jobId> --attacks

# Filter attacks by severity
airs redteam report <jobId> --attacks --severity HIGH

# Limit attack count
airs redteam report <jobId> --attacks --limit 50

6. List recent scans

# All recent scans
airs redteam list

# Filter by status and type
airs redteam list --status COMPLETED --type CUSTOM

# Filter by target
airs redteam list --target <uuid> --limit 20

# Structured output (table, csv, json, yaml)
airs redteam list --output json
airs redteam targets list --output csv

7. Abort a running scan

airs redteam abort <jobId>

Prompt Set Management

# List all prompt sets
airs redteam prompt-sets list

# Get prompt set details + version info
airs redteam prompt-sets get <uuid>

# Create a prompt set
airs redteam prompt-sets create --name "My Set" --description "Test prompts"

# Update a prompt set
airs redteam prompt-sets update <uuid> --name "New Name"

# Archive/unarchive
airs redteam prompt-sets archive <uuid>
airs redteam prompt-sets archive <uuid> --unarchive

# Download CSV template
airs redteam prompt-sets download <uuid> --output template.csv

# Upload CSV prompts
airs redteam prompt-sets upload <uuid> prompts.csv

Individual Prompt Management

# List prompts in a set
airs redteam prompts list <setUuid>

# Get prompt details
airs redteam prompts get <setUuid> <promptUuid>

# Add a prompt
airs redteam prompts add <setUuid> --prompt "Test prompt" --goal "Should trigger"

# Update a prompt
airs redteam prompts update <setUuid> <promptUuid> --prompt "Updated text"

# Delete a prompt
airs redteam prompts delete <setUuid> <promptUuid>

Property Management

Custom attack properties let you tag and categorize prompts.

# List property names
airs redteam properties list

# Create a property name
airs redteam properties create --name "category"

# List values for a property
airs redteam properties values category

# Add a property value
airs redteam properties add-value --name "category" --value "security"

Authentication

Red Team operations reuse the same OAuth2 credentials as topic management:

  • PANW_MGMT_CLIENT_ID
  • PANW_MGMT_CLIENT_SECRET
  • PANW_MGMT_TSG_ID

Optional overrides for dedicated red team endpoints:

  • PANW_RED_TEAM_DATA_ENDPOINT
  • PANW_RED_TEAM_MGMT_ENDPOINT
  • PANW_RED_TEAM_TOKEN_ENDPOINT

Library API

The SdkRedTeamService and SdkPromptSetService classes are exported for programmatic use:

import { SdkRedTeamService, SdkPromptSetService } from '@cdot65/prisma-airs-cli';

const redteam = new SdkRedTeamService({
  clientId: process.env.PANW_MGMT_CLIENT_ID,
  clientSecret: process.env.PANW_MGMT_CLIENT_SECRET,
  tsgId: process.env.PANW_MGMT_TSG_ID,
});

// Target CRUD
const target = await redteam.createTarget({
  name: 'My Target',
  target_type: 'REST',
  connection_params: { api_endpoint: 'https://api.example.com' },
}, { validate: true });

// Scans
const job = await redteam.createScan({
  name: 'API Scan',
  targetUuid: target.uuid,
  jobType: 'STATIC',
});
const completed = await redteam.waitForCompletion(job.uuid, (progress) => {
  console.log(`${progress.status}: ${progress.completed}/${progress.total}`);
});
const report = await redteam.getStaticReport(completed.uuid);

// Prompt set management
const promptSets = new SdkPromptSetService({
  clientId: process.env.PANW_MGMT_CLIENT_ID,
  clientSecret: process.env.PANW_MGMT_CLIENT_SECRET,
  tsgId: process.env.PANW_MGMT_TSG_ID,
});

const ps = await promptSets.createPromptSet('My Set', 'Description');
await promptSets.addPrompt(ps.uuid, 'Test prompt', 'Should trigger');
await promptSets.uploadPromptsCsv(ps.uuid, new Blob(['prompt,goal\n"test","goal"']));