What is AI red teaming?

AI red teaming is adversarial testing of an AI system — deliberately probing for prompt injection, jailbreaks, data leakage, harmful outputs, and abuse — to find weaknesses before attackers do. The report captures scope, findings, and fixes.

How should findings be classified?

Use a consistent severity scale — critical, high, medium, low — based on impact and exploitability. Critical means reliable exploitation with serious impact (data exfiltration, RCE via tools); low means a minor or hard-to-reproduce issue.

What evidence should each finding include?

A reproducible proof of concept: the exact prompt or input, the observed output, the conditions, and the success rate across attempts. Reproducibility is what separates a finding from a hunch.

Why include a scope section?

Scope defines what was and was not tested, the rules of engagement, and any constraints. Without it, readers cannot tell whether a clean result means "secure" or "not tested", which is the most common reporting failure.

Does this tool transmit anything?

No. The report is generated locally in your browser from your inputs. Nothing is uploaded, so you can document sensitive engagements safely.

AI Red Teaming Report Template

AI red teaming report template

A red team exercise is only as valuable as the report that comes out of it. A scattered list of “we got it to say a bad thing” tells stakeholders nothing actionable. This tool generates a structured, professional report template tailored to AI systems — with a clear scope, attack categories, severity-classified findings, reproducible evidence format, and remediation recommendations — so your results drive fixes instead of gathering dust.

How it works

You name the system under test, describe the scope and rules of engagement, and select the attack categories you exercised (prompt injection, jailbreak, data exfiltration, harmful content, tool abuse, denial-of-wallet, and more). The tool assembles a Markdown report skeleton: executive summary, scope, methodology, a per-finding template with severity, reproduction steps, evidence, and impact, and a prioritized remediation table. Copy it into your own document and fill in the findings. Everything runs locally in the browser.

Tips for a strong report

Lead with scope. State plainly what was and was not tested. A clean section with no testing behind it is the most dangerous kind of false assurance.
Make every finding reproducible. Exact input, exact output, conditions, and success rate. If a teammate cannot reproduce it, it is not yet a finding.
Classify by impact and exploitability together. A reliable low-impact issue and an unreliable high-impact one are not the same — say which is which.
Tie each finding to a concrete fix. The remediation table is the part leadership reads; make the owner and severity unambiguous.