Red Teaming

Risk Profiles

Risk assessments, top vulnerabilities, incident monitoring, and more.

Overview

The risk profile page is where you view all past risk assessments and get insights into your AI application’s most critical vulnerabilities, risk issues, and assessment pass rates.

Each risk assessment shows key metrics including CVSS score, vulnerability coverage, attack surface, and remediation priority. The following sections explain each metric.

Risk profile page

Key Metrics

CVSS score

The Common Vulnerability Scoring System (CVSS) is an industry-standard framework for measuring vulnerability severity. It provides a numerical score from 0.0 to 10.0:

ScoreSeverity
0.0None
0.1 – 3.9Low
4.0 – 6.9Medium
7.0 – 8.9High
9.0 – 10.0Critical

The score is calculated based on exploitability and impact to confidentiality, integrity, and availability. Higher scores signal vulnerabilities that should be prioritized.

Remediation priority

A classification indicating the urgency of addressing a vulnerability, ranging from P0 (critical) to P4 (low). You can assign remediation priorities to specific vulnerabilities on the platform to help your team triage findings.

  • P0 — critical issues requiring immediate remediation
  • P1 — high-priority issues to address soon
  • P2 — medium-priority issues for planned remediation
  • P3 — low-priority issues for deferred mitigation
  • P4 — informational findings

Vulnerability coverage

Vulnerability coverage represents the breadth of your assessment — how many distinct vulnerability categories were evaluated. Higher coverage means the system was tested across a wider range of risk domains.

Maintaining high coverage ensures your AI application is evaluated across diverse risk categories rather than a limited subset.

Attack surface

The attack surface is the total set of input vectors, interfaces, and interaction pathways through which a model can be influenced or exploited.

A larger attack surface increases potential exposure if not properly secured. Reducing and tightly controlling the attack surface helps limit opportunities for exploitation.

Test Cases

Each risk assessment generates a set of adversarial test cases. The test cases section displays every attack that was run against your AI application.

Risk assessment test cases

Each test case includes:

  • Input — the adversarial prompt generated based on a specific vulnerability and attack, sent to your AI application
  • Output — the response your AI application produced
  • Vulnerability — the vulnerability tested (e.g., Bias, BFLA, BOLA)
  • Vulnerability type — the specific type within the vulnerability (e.g., for Bias: gender, race, religion)
  • Attack method — the adversarial technique used to enhance the base attack (e.g., Roleplay, Linear Jailbreaking)

Each test case has a status of passed, failed, or errored. A failed status means your AI application generated an unsafe response to the adversarial input.

Download Assessments

Click Download Report to export a PDF overview of your risk assessment. The report includes an executive summary, CVSS scores, vulnerability breakdowns, and remediation recommendations — designed to be shared with non-technical stakeholders such as compliance teams, security reviewers, and leadership.

PDF report generation is currently in beta. Formatting and content may change as we refine the output.

Next steps

Now that you understand how to read your risk assessments:

Frameworks & Policies

Customize your security frameworks to expand vulnerability coverage and fine-tune attack configurations.

Red Team Using DeepTeam

Run red teaming programmatically via deepteam for CI/CD integration and custom attack development.