Run your first simulation
Three steps to ship a controlled Breach & Attack Simulation against an LLM endpoint.
Create your account and target
Register, generate an API token, and register the first allowed target. Targets must match your scope policy; out-of-scope endpoints are rejected.
Checklist
- Register a tenant and verify your email.
- Generate an API token from Settings → API keys.
- POST /v1/runs with your first target and the `quick` profile.
Pick a scenario catalogue
Choose a built-in catalogue (quick / deep / OWASP LLM only) or author a custom one. Each scenario is a paraphrase-resilient probe with a deterministic grader.
Checklist
- Pick a scenario catalogue from the run creation dialog.
- Adjust scenario parameters if your endpoint expects a specific format.
- Set the target_scope: which domains and paths the engine may probe.
Run and read the findings
Trigger the run, watch the dashboard stream events, and open the evidence pack when it finishes. Each finding ships with a prioritized remediation plan.
Checklist
- Start the run (idempotent via Idempotency-Key).
- Read findings; sort by severity and brittleness.
- Export the evidence pack and assign actions to your team.