š Quick Start Guide
Get up and running with perfecX Red-T in just 10 minutes! This guide will walk you through setting up your first AI red team testing environment.
Prerequisites
System Requirements
Minimum
- 4 CPU cores
- 8GB RAM
- 20GB storage
- Docker 20.10+
Recommended
- 8+ CPU cores
- 16GB+ RAM
- 50GB+ SSD
- GPU (optional)
1.Installation
Docker Installation (Recommended)
# Pull the Red-T container docker pull perfecxion/red-t:latest # Create configuration directory mkdir -p ~/.perfecx-red-t/config # Run Red-T with default configuration docker run -d \ --name perfecx-red-t \ -p 8080:8080 \ -p 8443:8443 \ -v ~/.perfecx-red-t/config:/app/config \ -e REDTEAM_LICENSE_KEY="your-license-key" \ perfecxion/red-t:latest # Verify installation docker ps | grep perfecx-red-t
Alternative: Standalone Installation
# Download Red-T CLI curl -L https://releases.perfecxion.ai/red-t/latest/red-t-linux-amd64 -o red-t chmod +x red-t sudo mv red-t /usr/local/bin/ # Initialize configuration red-t init --license-key="your-license-key" # Start Red-T server red-t server --port 8080
2.Initial Configuration
Basic Configuration
Create your first configuration file to define your target AI system:
# ~/.perfecx-red-t/config/targets.yaml
targets:
- name: "production-chatbot"
type: "llm_api"
endpoint: "https://api.yourcompany.com/chat"
auth:
type: "bearer"
token: "${API_TOKEN}"
# Test configuration
test_config:
max_concurrent: 5
timeout: 30
retry_attempts: 3
# Scope definition
scope:
attack_types:
- "prompt_injection"
- "model_inversion"
- "data_poisoning"
- "adversarial_examples"
risk_levels: ["low", "medium", "high"]
# Safety limits
safety:
max_requests_per_minute: 100
stop_on_critical: true
preserve_production: trueEnvironment Setup
# .env file REDTEAM_LICENSE_KEY=your-license-key-here API_TOKEN=your-target-api-token # Database configuration POSTGRES_HOST=localhost POSTGRES_DB=redteam_db POSTGRES_USER=redteam POSTGRES_PASSWORD=secure-password # Security settings JWT_SECRET=your-jwt-secret ENCRYPTION_KEY=your-32-char-encryption-key # Optional: AI model configuration OPENAI_API_KEY=your-openai-key # For enhanced attack generation HUGGINGFACE_TOKEN=your-hf-token # For local model testing
3.Your First Red Team Test
Web Interface
Access the Dashboard: Open http://localhost:8080 in your browser
- Login: Use default credentials (admin/admin) or your configured credentials
- Create Target: Navigate to "Targets" ā "Add New Target"
- Configure Test: Select "Quick Test" from the dashboard
- Choose Attack Types: Select "Prompt Injection" for your first test
- Run Test: Click "Execute Test" and monitor progress
CLI Interface
# Quick vulnerability scan red-t scan --target production-chatbot --type prompt-injection # Run comprehensive assessment red-t assess --target production-chatbot --full-suite # Generate test report red-t report --scan-id scan_123456 --format pdf # Real-time monitoring red-t monitor --target production-chatbot --live
API Testing
# Test via API
curl -X POST http://localhost:8080/api/v1/scans \
-H "Authorization: Bearer your-api-token" \
-H "Content-Type: application/json" \
-d '{
"target_id": "production-chatbot",
"attack_types": ["prompt_injection"],
"intensity": "medium",
"max_duration": 300
}'
# Check scan status
curl -X GET http://localhost:8080/api/v1/scans/scan_123456 \
-H "Authorization: Bearer your-api-token"
# Get results
curl -X GET http://localhost:8080/api/v1/scans/scan_123456/results \
-H "Authorization: Bearer your-api-token"4.š Understanding Your Results
Risk Assessment Score
0-25
Low Risk
26-50
Medium Risk
51-75
High Risk
76-100
Critical Risk
Common Findings
Critical: Prompt Injection Successful
The AI system accepted malicious prompts that could bypass safety filters or extract sensitive information.
High: Model Inversion Detected
Potential training data extraction through carefully crafted queries.
Medium: Rate Limiting Issues
Insufficient rate limiting could enable abuse or denial-of-service attacks.
5.šÆ Next Steps
Immediate Actions
- ā¢ Review and address critical findings
- ā¢ Implement recommended security controls
- ā¢ Set up automated testing schedules
- ā¢ Configure alerting for new vulnerabilities
Advanced Configuration
- ā¢ Custom attack scenarios
- ā¢ API integration
- ā¢ CI/CD pipeline integration
- ā¢ Team collaboration setup
Sample Test Output
perfecX Red-T - AI Security Assessment Report =========================================== Target: production-chatbot Scan ID: scan_20240115_001 Duration: 5m 34s Tests Executed: 47 RISK ASSESSMENT SUMMARY āāāāāāāāāāāāāāāāāāā¬āāāāāāāā¬āāāāāāāāāā ā Risk Level ā Count ā Percent ā āāāāāāāāāāāāāāāāāāā¼āāāāāāāā¼āāāāāāāāāā¤ ā Critical ā 2 ā 4.3% ā ā High ā 5 ā 10.6% ā ā Medium ā 12 ā 25.5% ā ā Low ā 28 ā 59.6% ā āāāāāāāāāāāāāāāāāāā“āāāāāāāā“āāāāāāāāāā VULNERABILITY BREAKDOWN ā¢ Prompt Injection: 3 successful attempts ā¢ Model Inversion: 2 potential data leaks ā¢ Rate Limiting: Bypassed in 4/5 attempts ā¢ Input Validation: 8 filter bypasses ā¢ Authentication: No issues detected RECOMMENDATIONS 1. Implement robust input sanitization 2. Add rate limiting per user/IP 3. Enhance prompt filtering rules 4. Monitor for anomalous query patterns 5. Regular security assessments Full report available at: /reports/scan_20240115_001.pdf
Important Security Notice
Only test systems you own or have explicit permission to test. Red team testing can generate significant load and potentially disruptive traffic. Always coordinate with system owners and follow responsible disclosure practices.