See Firefish stop AI risk before action.
The public demo uses synthetic examples and fake targets. It shows the same product story as the operator app without exposing raw malicious content or real secrets.
AI Pentest scenario
A tester creates an authorized local campaign against deterministic fake agent, gateway, and synthetic RAG target fixtures such as vulnerable_chatbot, protected_firefish_gateway, vulnerable_rag_corpus, and protected_tool_agent. Firefish runs safe modules, records whether the gateway blocked or reported issues, and produces redacted findings.
1. Scope
Targets: vulnerable_tool_agent and protected_tool_agent. RAG sources: vulnerable_rag_corpus and protected_rag_corpus. Authorization: localhost lab only.
2. Campaign
Modules: recon, RAG citation integrity, tool-send approval, synthetic canary leakage, and output handling.
3. Gateway result
Firefish blocks unsafe external-send behavior, flags source confusion for review, and stores evidence by hash and redacted preview.
4. Report
The report lists findings, OWASP/MITRE mappings, Firefish protection outcomes, and coverage matrix counts without raw payloads.
Why this matters
Security teams need to know whether AI applications can resist prompt injection, indirect RAG instructions, unsafe tool calls, leakage, and output handling failures. Firefish helps test those paths with safe synthetic payloads before real attackers find them.
