Attack simulations
A simulation is one controlled run of probes against your LLM application — scoped to an allowed target, executed by our engine, and graded against OWASP LLM Top 10 and MITRE ATT&CK.
Key points
- Every simulation has an explicit target_scope; out-of-scope targets are rejected.
- Probes are deterministic and replayable: the same Idempotency-Key returns the same run.
- Each run emits findings, a coverage score, and an evidence pack.
- Simulation profiles range from quick (≈5 minutes) to deep (≈30 minutes).
01
What a simulation produces
- Per-category findings tagged with OWASP LLM IDs and ATT&CK techniques.
- A coverage score (covered / partial / gap / untested) per category.
- A signed evidence pack with request/response transcripts.
02
When to run one
- Before each release, against a staging endpoint.
- Weekly against production (smoke profile).
- After any change to system prompts, tools, or model versions.