RedTeam ML API
БесплатноНе проверенEnables security teams to run controlled adversarial penetration tests against authorized ML/LLM API endpoints, scoring responses and generating evidence for co
Описание
Enables security teams to run controlled adversarial penetration tests against authorized ML/LLM API endpoints, scoring responses and generating evidence for compliance frameworks such as SOC 2, ISO 27001, and GDPR.
README
Professional AI/ML API penetration testing and red-team simulation over MCP.
RedTeam ML API MCP is a defensive red-team simulator for ML and LLM APIs.
It exposes MCP tools and a CLI that let a security team run controlled test packs against an authorized AI/ML API endpoint, score the responses, generate evidence, and align results to SOC 2, ISO 27001, and GDPR control areas.
Mindset Shift
This project is designed as an adversarial validation plane for AI systems.
The mindset shift is:
- From prompt lists to measurable security controls.
- From one-time red-team demos to continuous adversarial regression.
- From model safety only to full AI system safety: model, prompt, RAG, tools, identity, UI, and deployment.
- From guardrails as a checkbox to guardrails as evidence-backed controls.
- From pass/fail reports to release decisions with owners, evidence, and remediation.
For AWS-facing work, position it as:
RedTeam ML API MCP validates whether Bedrock Guardrails, application policies, RAG boundaries, and agent tool controls are working before release.
AI API Pentest Mode
The red-team value is the pentest workflow:
- Define authorized scope and rules of engagement.
- Perform safe endpoint recon without infrastructure exploitation.
- Run adversarial AI test campaigns.
- Capture evidence for each case.
- Calculate bypass rate by category.
- Map failures to guardrail and architecture controls.
- Align results to SOC 2, ISO 27001, and GDPR control areas.
- Produce JSON and HTML artifacts for security review.
This is designed for authorized AI/ML API penetration testing. It does not perform credential attacks, destructive actions, third-party scanning, or infrastructure exploitation.
Low-Impact Safety
The runner is built to avoid unnecessary pressure on target systems:
- Default delay between test cases.
- Per-request timeout.
- Optional max-case limit.
- Dry-run mode that validates scope without sending prompts.
- Explicit
--authorizedgate for pentest mode.
Example low-impact run:
redteam-ml-api pentest \
--target-url http://127.0.0.1:8765/chat \
--pack aws_2026_professional \
--authorized \
--delay-seconds 1.0 \
--max-cases 5
Core Idea
Many ML APIs are deployed with weak safety, privacy, or operational controls. This project tests those controls before production by simulating realistic but safe adversarial requests.
The simulator focuses on:
- Prompt-injection resilience.
- Sensitive data leakage.
- Unsafe model behavior.
- Excessive confidence or hallucinated policy claims.
- Weak API contract behavior.
- Regression testing between model versions.
Infrastructure Diagram
flowchart LR
Operator["Security / MLOps Operator"] --> Client["MCP Client\n(Codex, Claude, Cursor, etc.)"]
Client --> Server["RedTeam ML API MCP Server\nstdio JSON-RPC"]
Server --> Packs["Attack Packs\nJSON test cases"]
Server --> Runner["Test Runner\nrate limits + request templates"]
Runner --> Target["Authorized ML API\n/score, /chat, /predict"]
Target --> Runner
Runner --> Evaluator["Response Evaluator\nleakage + refusal + policy checks"]
Evaluator --> Store["Local Evidence\nJSON reports"]
Store --> Client
Client --> Report["Risk Summary + Remediation Plan"]
Workflow
sequenceDiagram
participant U as Operator
participant C as MCP Client
participant M as RedTeam MCP Server
participant A as Attack Pack
participant T as Target ML API
participant E as Evaluator
U->>C: Run red-team pack against staging API
C->>M: tools/call run_red_team
M->>A: Load prompt-injection / leakage cases
loop Each test case
M->>T: Send authorized HTTP request
T-->>M: Return model/API response
M->>E: Score response
end
E-->>M: Findings + risk score
M-->>C: Structured report
C-->>U: Summary and fixes
MCP Tools
list_attack_packs
Lists available local test packs.
run_red_team
Runs an attack pack against an authorized target.
Input:
{
"target_url": "http://localhost:8000/chat",
"pack": "baseline_safe",
"method": "POST",
"timeout_seconds": 10
}
evaluate_text
Scores a single response for risk signals.
Input:
{
"text": "model response here"
}
generate_report
Creates a compact remediation report from a previous run result.
generate_operating_model
Creates a strategic operating-model brief for security teams, red teams, AI architects, platform teams, and executive sponsors.
It maps red-team categories to guardrail controls, architecture controls, owners, and release decisions.
run_ai_api_pentest
Runs an authorized AI/ML API pentest workflow with scope, recon, campaign execution, evidence, metrics, release decision, and saved report artifacts.
Quick Start
cd "/Users/r.jqaim/renad-repo/RedTeam-ML-PenTest-MCP"
python3 -m venv .venv
. .venv/bin/activate
pip install -e ".[dev]"
python -m pytest
Run the demo API:
scripts/start_mock_api.sh
Open the browser health check:
http://127.0.0.1:8765/
Try a sample browser request:
http://127.0.0.1:8765/chat?input=hello
Stop the demo API when finished:
scripts/stop_mock_api.sh
Run the simulator in another terminal:
redteam-ml-api run --target-url http://127.0.0.1:8765/chat --pack baseline_safe
Run the professional 2026 AWS-facing pack:
redteam-ml-api run --target-url http://127.0.0.1:8765/chat --pack aws_2026_professional --report
Generate the mindset-shift operating model:
redteam-ml-api brief --target-url http://127.0.0.1:8765/chat --pack aws_2026_professional
Run a pentest engagement:
redteam-ml-api pentest \
--target-url http://127.0.0.1:8765/chat \
--pack aws_2026_professional \
--tester "Red Team" \
--environment "staging" \
--authorized
Run from a reusable config file:
redteam-ml-api pentest --config examples/pentest_scope.json
Authenticated API example:
redteam-ml-api pentest \
--target-url https://api.example.com/chat \
--authorized \
--bearer-token "$API_TOKEN" \
--header "X-Environment: staging" \
--input-field message \
--delay-seconds 1.0
Reports are saved under:
reports/
Or run the full demo:
scripts/demo_pentest.sh
More details:
Start the MCP server:
redteam-ml-api-mcp
MCP Client Config
{
"mcpServers": {
"redteam-ml-api": {
"command": "python",
"args": ["-m", "redteam_ml_api_mcp.server"],
"cwd": "/Users/r.jqaim/renad-repo/RedTeam-ML-PenTest-MCP"
}
}
}
Safety Boundary
This project is for authorized defensive testing only. It does not exploit infrastructure, bypass authentication, scan third-party systems, or generate malware. Attack packs are plain JSON so teams can review exactly what is being sent.
Установка RedTeam ML API
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/rnadjqaim/RedTeam-ML-PenTest-MCPFAQ
RedTeam ML API MCP бесплатный?
Да, RedTeam ML API MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для RedTeam ML API?
Нет, RedTeam ML API работает без API-ключей и переменных окружения.
RedTeam ML API — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить RedTeam ML API в Claude Desktop, Claude Code или Cursor?
Открой RedTeam ML API на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Gmail
Read, send and search emails from Claude
автор: GoogleSlack
Send, search and summarize Slack messages
автор: SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare RedTeam ML API with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории communication
