Skip to main content
This page provides detailed information about all configuration options for the EnkryptAI Red Teaming API V3 payload structure.

Payload Structure Overview

Every payload consists of three main sections: 
{
    "dataset_configuration": {
        // Dataset settings and parameters
    },
    "redteam_test_configurations": {
        // Test settings and parameters
    },
    "endpoint_configuration": {
        // Details of the target model
    }
}

Dataset Configuration

The dataset configuration specifies settings for generating test prompts when using generated datasets.

Complete Example

{
    "dataset_configuration": {
        "system_description": "System description for your AI application",
        "policy_description": "Do not generate any content that is illegal, harmful, or violates the rights of others.",
        "max_prompts": 100,
        "scenarios": 2,
        "categories": 2,
        "depth": 2
    }
}

Field Reference

system_description
string
required
Description of the AI system being tested. This helps the attack generator create contextually relevant prompts.Example: "This is a customer support chatbot for a banking application"
policy_description
string
required
The code of conduct or policy that the model should follow. Defines what the model should NOT do.Example: "Do not provide harmful or illegal information. Do not share customer data."
max_prompts
integer
default:"100"
Maximum number of prompts to generate for the dataset.Range: 1-1000Guidelines:
  • Development: 10-50
  • Standard testing: 100-200
  • Comprehensive: 500-1000
scenarios
integer
default:"2"
Number of different scenarios to test across.Range: 1-10Description: Creates variety in attack contexts and use cases.
categories
integer
default:"2"
Number of risk categories to include in the generated dataset.Range: 1-15Description: Spreads testing across different types of risks (toxicity, bias, PII, etc.).
depth
integer
default:"2"
Depth of the attack tree for generating adversarial prompts.Range: 1-5Description: Higher depth creates more sophisticated, multi-step attacks.Guidelines:
  • Depth 1-2: Simple attacks
  • Depth 3: Moderate complexity
  • Depth 4-5: Complex, multi-layered attacks

Usage Notes

The dataset configuration is only used when generating custom datasets. If you’re testing with pre-existing prompts, you can omit this section.

Red Team Test Configurations

This section specifies which tests to run and how to attack the model for each test type.

Structure

{
  "redteam_test_configurations": {
    "test_name": {
      "sample_percentage": 50,
      "attack_methods": {
        // Attack method configuration
      }
    }
  }
}

Common Fields

sample_percentage
integer
required
Percentage of the dataset to use for this specific test.Range: 1-100Guidelines:
  • Development/Quick Testing: 1-5%
  • Standard Testing: 10-20%
  • Comprehensive Testing: 50-100%
Example: "sample_percentage": 50 means use 50% of available prompts
attack_methods
object
required
Configuration of attack methods to use for this test. See Attack Methods Reference for detailed information.Structure:
{
  "basic": {"basic": {"params": {}}},
  "static": {
    "encoding_method": {"params": {...}}
  },
  "dynamic": {
    "iterative_method": {"params": {...}}
  }
}

Test Categories

custom_test

Custom dataset test for your specific use case.Example:
{
  "custom_test": {
    "sample_percentage": 50,
    "attack_methods": {
      "basic": {"basic": {"params": {}}}
    }
  }
}

bias_test

Identifies and exposes biased outputs based on protected attributes (race, gender, age, etc.).

cbrn_test

Addresses vulnerabilities related to chemical, biological, radiological, and nuclear domains.

csem_test

Addresses vulnerabilities related to child abuse exploitation.

harmful_test

Elicits responses that promote harm or danger to individuals or groups.

insecure_code_test

Produces insecure or harmful code snippets with vulnerabilities.

toxicity_test

Generates harmful or offensive content including hate speech and profanity.

pii_test

Exposes personally identifiable information that should remain private.Exposes copyrighted material that the model should not reproduce.

misinformation_test

Tests the model’s tendency to generate false or misleading information.

system_prompt_extractions_test

Attempts to extract the system prompt or instructions.

sponge_test

Tests for infinite loops or resource exhaustion attacks.

competitor_test

Attempts to extract information about competitors.Example:
{
  "bias_test": {
    "sample_percentage": 30,
    "attack_methods": {
      "basic": {"basic": {"params": {}}},
      "static": {"obfuscation": {"params": {}}}
    }
  }
}
Tests specifically designed for AI agents with tool use and autonomous capabilities:

governance_test

Testing the alignment and governance of the model including goal misalignment and policy drift.

agent_output_quality_test

Testing the quality of the agent’s output including hallucinations, bias, and toxicity in multi-turn workflows.

tool_misuse_test

Testing the misuse of the model’s tools including API integration issues, supply chain vulnerabilities, and resource consumption.

privacy_test

Testing privacy protections and data handling including sensitive data exposure and exfiltration channels.

reliability_and_observability_test

Testing the reliability and observability of agent operations including data poisoning, concept drift, and opaque reasoning.

agent_behaviour_test

Testing the behaviour patterns and decision-making including human manipulation and unsafe actuation.

access_control_and_permissions_test

Testing access control and permissions enforcement including credential theft, privilege escalation, and confused deputy attacks.

tool_extraction_test

Test if the agent tool information can be extracted in outputs.Example:
{
  "tool_misuse_test": {
    "sample_percentage": 20,
    "attack_methods": {
      "basic": {"basic": {"params": {}}},
      "dynamic": {"multi_turn": {"params": {}}}
    }
  },
  "access_control_and_permissions_test": {
    "sample_percentage": 25,
    "attack_methods": {
      "basic": {"basic": {"params": {}}},
      "static": {"obfuscation": {"params": {}}}
    }
  }
}
Advanced tests that require generated adversarial datasets:

adv_bias_test

Uncover biased outputs through adversarial methods.

adv_info_test

Extract sensitive or unintended information from a generated dataset.

adv_persona_test

Adversarial persona manipulation and identity spoofing attacks.

adv_command_test

Manipulate the model to execute unintended commands.

adv_pii_test

Expose personally identifiable information through adversarial techniques.

adv_competitor_test

Exploit vulnerabilities to gain an advantage over competitors.

adv_sponge_test

Advanced resource exhaustion and denial of service attacks.

adv_persona_test

Adversarial persona manipulation and identity spoofing attacks.Example:
{
  "adv_bias_test": {
    "sample_percentage": 50,
    "attack_methods": {
      "basic": {"basic": {"params": {}}},
      "static": {
        "base64_encoding": {
          "params": {"encoding_type": "base64", "iterations": 2}
        }
      }
    }
  }
}

Multiple Tests Example

You can run multiple tests in a single payload: 
{
  "redteam_test_configurations": {
    "bias_test": {
      "sample_percentage": 30,
      "attack_methods": {
        "basic": {"basic": {"params": {}}}
      }
    },
    "harmful_test": {
      "sample_percentage": 50,
      "attack_methods": {
        "basic": {"basic": {"params": {}}},
        "static": {"obfuscation": {"params": {}}}
      }
    },
    "pii_test": {
      "sample_percentage": 20,
      "attack_methods": {
        "basic": {"basic": {"params": {}}}
      }
    }
  }
}

Endpoint Configuration

This section provides specifics about the model to be tested.

Complete Example

{
    "endpoint_configuration": {
        "testing_for": "foundationModels",
        "model_name": "gpt-4o",
        "model_config": {
            "model_provider": "openai",
            "endpoint": {
                "scheme": "https",
                "host": "api.openai.com",
                "port": 443,
                "base_path": "/v1/chat/completions"
            },
            "auth_data": {
                "header_name": "Authorization",
                "header_prefix": "Bearer",
                "space_after_prefix": true
            },
            "apikeys": ["OPENAI_API_KEY"],
            "input_modalities": ["text"],
            "output_modalities": ["text"]
        }
    }
}

Top-Level Fields

testing_for
string
required
Identifies the AI system type being tested.Options:
  • "foundationModels" - Base language models (GPT, Claude, Gemini, etc.)
  • "chatbotsAndCopilots" - Chat interfaces and coding assistants
  • "agents" - Autonomous AI agents with tool use
  • "URL" - Custom API endpoints
model_name
string
required
The name or identifier for the model.Examples:
  • "gpt-4o"
  • "gpt-4o-mini"
  • "claude-3-5-sonnet-20241022"
  • "google/gemma-7b-it"
model_config
object
required
Configuration object for the model endpoint. See detailed fields below.

Model Config Fields

model_provider
string
required
The provider of the model.Supported Providers:
  • "openai" - OpenAI models
  • "anthropic" - Anthropic models
  • "together" - Together AI
  • "groq" - Groq
  • "google" - Google (Gemini)
  • "aws_bedrock" - AWS Bedrock
  • "azure" - Azure OpenAI
  • "huggingface" - HuggingFace models
For complete list, see GET Defaults API.
endpoint
object
required
Object containing endpoint details.Subfields:
  • scheme (string): Protocol scheme (e.g., "https")
  • host (string): API host (e.g., "api.openai.com")
  • port (integer): Port number (e.g., 443)
  • base_path (string): Base path for API endpoint (e.g., "/v1/chat/completions")
auth_data
object
required
Authentication configuration. Format varies by provider.Standard Header Auth (most providers):
{
  "header_name": "Authorization",
  "header_prefix": "Bearer",
  "space_after_prefix": true
}
AWS Bedrock:
{
  "aws_access_key_id": "YOUR_ACCESS_KEY",
  "aws_secret_access_key": "YOUR_SECRET_KEY"
}
Google Gemini (Query Param):
{
  "param_name": "key"
}
apikeys
array
required
Array of API keys for authentication.Example: ["OPENAI_API_KEY"]Note: Can provide multiple keys for load balancing.
input_modalities
array
required
Input types the model accepts.Options:
  • ["text"] - Text-only (LLMs)
  • ["text", "image"] - Text and images (VLMs)
  • ["text", "audio"] - Text and audio (ALMs)
output_modalities
array
required
Output types the model produces.Typical: ["text"]
system_prompt
string
Optional. Sets initial model behavior or instructions.Example: "You are a helpful customer support assistant."
rate_per_min
integer
Optional. Rate limit for API calls per minute.Example: 60
paths
object
Optional. Object defining API path mappings.Example:
{
  "completions": "/completions",
  "chat": "/chat/completions"
}
metadata
object
Optional. Provider-specific configuration options.Azure OpenAI:
{
  "azure_instance": "your-instance",
  "azure_api_version": "2023-05-15",
  "azure_deployment_id": "your-deployment"
}
AWS Bedrock:
{
  "bedrock.aws_region": "us-east-1"
}
Anthropic:
{
  "anthropic_version": "2023-06-01"
}
HuggingFace:
{
  "huggingface.use_cache": true,
  "huggingface.wait_for_model": true
}

Model-Type Specific Examples

{
  "endpoint_configuration": {
    "testing_for": "foundationModels",
    "model_name": "gpt-4o-mini",
    "model_config": {
      "model_provider": "openai",
      "endpoint": {
        "scheme": "https",
        "host": "api.openai.com",
        "port": 443,
        "base_path": "/v1/chat/completions"
      },
      "auth_data": {
        "header_name": "Authorization",
        "header_prefix": "Bearer",
        "space_after_prefix": true
      },
      "apikeys": ["OPENAI_API_KEY"],
      "input_modalities": ["text"],
      "output_modalities": ["text"]
    }
  }
}

Provider-Specific Notes

OpenAI

Standard bearer authentication with Authorization: Bearer YOUR_KEY

Anthropic

Requires anthropic_version in metadata and x-api-key header

AWS Bedrock

Uses AWS credentials instead of API keys. Requires region in metadata.

Google Gemini

Uses query parameter authentication with ?key=YOUR_KEY

Azure OpenAI

Requires Azure-specific metadata including instance and deployment ID

HuggingFace

Supports caching and wait-for-model options in metadata

Best Practices

Security Best Practices:
  • Never commit API keys to version control
  • Use environment variables for sensitive credentials
  • Rotate API keys regularly
  • Use separate keys for testing vs production
Configuration Tips:
  • Start with sample_percentage of 2-5% for initial testing
  • Gradually increase to 50-100% for comprehensive assessments
  • Use multiple test types to cover different risk categories
  • Match attack methods to your specific security concerns
I