AI Pentest Campaigns
A campaign is a planned set of module runs against one or more authorized targets. Campaigns turn individual checks into repeatable assessment workflows.
Campaign Inputs
Campaigns include:
- Engagement and session IDs.
- Target IDs.
- Module IDs or module categories.
- Run mode.
- Safety boundary.
- Rate limits.
- Request, token, and time budgets.
- Authorization metadata.
Run Modes
- dry_run: compile and preview the plan without sending live traffic.
- safe_active: run bounded synthetic tests against authorized staging or lab targets.
- active: reserved for explicitly authorized cases and blocked by default in normal workflows.
Demo Campaign Targets
Use the built-in local lab fixtures for repeatable demos and CI-style examples:
- protected_firefish_gateway for gateway-protected prompt injection smoke tests.
- vulnerable_chatbot to demonstrate what a missed prompt injection looks like with safe markers.
- protected_rag_corpus and vulnerable_rag_corpus for RAG boundary and citation checks.
- protected_tool_agent and vulnerable_tool_agent for dry-run tool governance checks.
These campaign targets are fake and deterministic. They never send real traffic, never call live tools, and never expose real secrets.
Campaign Outputs
Campaigns produce:
- Module run results.
- Findings by severity and status.
- Evidence references.
- Attack traces.
- Firefish protection outcomes.
- OWASP and MITRE coverage.
- JSON, Markdown, HTML, and SARIF-like reports.
Coverage Matrix
The coverage matrix shows what was tested by framework mapping:
- Tested.
- Vulnerable.
- Protected.
- Inconclusive.
- Not tested.
This helps operators see assessment gaps without exposing raw payloads.
