Agent red-teaming

Find out if your AI agent can be socially engineered.

Run multi-turn attack packs against your agent. Get the exact transcript where it breaks.

Runs locally · Transcripts stay private
[img: attack transcript — agent vs. synthetic attacker]

Attack surface

Agents get talked into things humans wouldn't.

They trust fake authority

Claim to be an admin and many agents just comply.

They follow hidden instructions

Text in a doc or page can hijack the agent mid-task.

They leak and misuse tools

Under pressure, agents exfiltrate data or call the wrong tool.

Attack your agent. Read the transcript. Gate it.

Runs locally. Transcripts stay yours.

1

Connect your agent

Run roleplay.sh against your agent in its own environment.

2

Pick attack packs

Choose authority, urgency, injection, exfiltration, tool-misuse.

3

Run multi-turn attacks

Synthetic attackers push across many turns, not one prompt.

4

Triage and gate CI

Own each finding and block regressions on every commit.

The platform

One platform to red-team your agent end to end.

Built for agent builders, not security teams.

Attack Packs

Multi-turn attacks across six social-engineering classes.

Local Runner

Runs in your environment. Transcripts stay private.

Workbench Triage

Review, assign, and own every finding.

CI Regression Gating

Block manipulations from sneaking back in.

Pricing

Start solo. Scale to your team.

Collaboration is included. Run as many attack packs as your work needs.

Builder

$49/mo

Solo builders, one or more agents

  • Local runner
  • Core attack pack
  • Workbench triage
  • CI regression gating
  • Transcripts stay local
Start with Builder
Most popular

Team

$199/mo

3–5 users

  • Everything in Builder
  • Shared triage & ownership
  • Project-scoped API keys
Get started now

Runs locally

See how your agent breaks under pressure.

One agent. A few minutes. A full transcript.

Get started now
Runs locally·Transcripts stay private