openapi: 3.1.0 info: title: Palo Alto Networks Prisma AIRS AI Red Teaming API description: >- Prisma AIRS AI Red Teaming API for automated AI vulnerability assessment. Provides programmatic control over red teaming scans that probe AI applications and LLM endpoints for security vulnerabilities. The API enables defining scan targets (AI model endpoints), launching automated attack simulations across configurable attack categories, and retrieving detailed vulnerability reports. Attack categories cover prompt injection, jailbreaking, data exfiltration, hallucination induction, toxic content generation, and other AI-specific threat vectors. Part of the Prisma AI Runtime Security platform. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.sase.paloaltonetworks.com/ai-red-teaming description: Prisma AIRS AI Red Teaming API production server. security: - oauth2Bearer: [] tags: - name: Attack Categories description: Available attack category reference data. - name: Scans description: Vulnerability scan lifecycle management. - name: Targets description: AI scan target definition and management. paths: /v1/targets: post: operationId: createScanTarget summary: Palo Alto Networks Create Scan Target description: >- Creates a new scan target representing an AI application or LLM endpoint to be assessed. Targets define the endpoint URL, the type of AI interface (chat completions, custom API, etc.), and the authentication configuration needed to interact with the endpoint during the red teaming scan. tags: - Targets requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ScanTargetRequest' examples: CreateScanTargetRequestExample: summary: Default createScanTarget request x-microcks-default: true value: name: Primary Agent 91 description: On violation blocked incident traffic monitoring. type: huggingface endpoint_url: https://api.acme-systems.org/696e96 model: PA-3260 auth_config: &id004 type: basic header_name: Corporate Sensor 86 credential: example-credential system_prompt: example-system_prompt responses: '201': description: Scan target created successfully. content: application/json: schema: $ref: '#/components/schemas/ScanTarget' examples: CreateScanTarget201Example: summary: Default createScanTarget 201 response x-microcks-default: true value: target_id: '296460' name: Branch Policy 32 description: Detected violation Security incident threat violation malware firewall policy incident rule rule. type: openai_chat endpoint_url: https://vpn.example.com/8fea53 model: PA-5250 created_at: '2025-11-15T21:07:35Z' updated_at: '2024-07-13T20:05:13Z' '400': description: Invalid request body or endpoint unreachable. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateScanTarget400Example: summary: Default createScanTarget 400 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateScanTarget401Example: summary: Default createScanTarget 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateScanTarget403Example: summary: Default createScanTarget 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '409': description: A target with this name already exists. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateScanTarget409Example: summary: Default createScanTarget 409 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateScanTarget500Example: summary: Default createScanTarget 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK get: operationId: listScanTargets summary: Palo Alto Networks List Scan Targets description: >- Returns the list of scan targets configured for the tenant. Each target represents an AI application endpoint that can be selected when starting a vulnerability scan. tags: - Targets parameters: - name: type in: query description: Filter targets by interface type. schema: type: string enum: - openai_chat - anthropic_messages - custom_http - huggingface example: huggingface - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of targets to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Scan targets returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/ScanTarget' examples: ListScanTargets200Example: summary: Default listScanTargets 200 response x-microcks-default: true value: total: 516 offset: 395 limit: 914 items: - target_id: '296460' name: Branch Policy 32 description: Detected violation Security incident threat violation malware firewall policy incident rule rule. type: openai_chat endpoint_url: https://vpn.example.com/8fea53 model: PA-5250 created_at: '2025-11-15T21:07:35Z' updated_at: '2024-07-13T20:05:13Z' '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListScanTargets400Example: summary: Default listScanTargets 400 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListScanTargets401Example: summary: Default listScanTargets 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListScanTargets403Example: summary: Default listScanTargets 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListScanTargets500Example: summary: Default listScanTargets 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/targets/{target_id}: get: operationId: getScanTarget summary: Palo Alto Networks Get Scan Target Details description: Returns full details for a specific scan target by ID. tags: - Targets parameters: - name: target_id in: path required: true description: Unique identifier of the scan target. schema: type: string example: '583704' responses: '200': description: Scan target details returned. content: application/json: schema: $ref: '#/components/schemas/ScanTarget' examples: GetScanTarget200Example: summary: Default getScanTarget 200 response x-microcks-default: true value: target_id: '296460' name: Branch Policy 32 description: Detected violation Security incident threat violation malware firewall policy incident rule rule. type: openai_chat endpoint_url: https://vpn.example.com/8fea53 model: PA-5250 created_at: '2025-11-15T21:07:35Z' updated_at: '2024-07-13T20:05:13Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanTarget401Example: summary: Default getScanTarget 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanTarget403Example: summary: Default getScanTarget 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '404': description: Scan target not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanTarget404Example: summary: Default getScanTarget 404 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanTarget500Example: summary: Default getScanTarget 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteScanTarget summary: Palo Alto Networks Delete Scan Target description: >- Deletes a scan target. Targets with active or pending scans cannot be deleted until scans complete. tags: - Targets parameters: - name: target_id in: path required: true description: Unique identifier of the scan target to delete. schema: type: string example: '101292' responses: '204': description: Scan target deleted successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteScanTarget401Example: summary: Default deleteScanTarget 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteScanTarget403Example: summary: Default deleteScanTarget 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '404': description: Scan target not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteScanTarget404Example: summary: Default deleteScanTarget 404 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '409': description: Target has active scans and cannot be deleted. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteScanTarget409Example: summary: Default deleteScanTarget 409 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteScanTarget500Example: summary: Default deleteScanTarget 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/scans: post: operationId: startVulnerabilityScan summary: Palo Alto Networks Start Vulnerability Scan description: >- Starts a new AI vulnerability scan against a registered target. Specify the attack categories to test and optionally provide custom prompts to supplement the built-in attack library. The scan runs asynchronously; use GET /v1/scans/{scan_id} to monitor progress and GET /v1/scans/{scan_id}/results to retrieve the completed report. tags: - Scans requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ScanRequest' examples: StartVulnerabilityScanRequestExample: summary: Default startVulnerabilityScan request x-microcks-default: true value: target_id: '645262' attack_categories: &id005 - example-attack_categories_item - example-attack_categories_item custom_prompts: &id006 - example-custom_prompts_item - example-custom_prompts_item max_attacks_per_category: 740 responses: '201': description: Vulnerability scan started successfully. content: application/json: schema: $ref: '#/components/schemas/Scan' examples: StartVulnerabilityScan201Example: summary: Default startVulnerabilityScan 201 response x-microcks-default: true value: scan_id: '588456' target_id: '410241' target_name: Production Agent 95 status: running attack_categories: &id001 - example-attack_categories_item progress: 0.36 total_attacks: 275 completed_attacks: 880 vulnerabilities_found: 746 error_message: example-error_message started_at: '2025-08-08T22:13:06Z' completed_at: '2024-11-03T18:50:01Z' '400': description: Invalid request body or target not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: StartVulnerabilityScan400Example: summary: Default startVulnerabilityScan 400 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: StartVulnerabilityScan401Example: summary: Default startVulnerabilityScan 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: StartVulnerabilityScan403Example: summary: Default startVulnerabilityScan 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '409': description: A scan is already in progress for this target. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: StartVulnerabilityScan409Example: summary: Default startVulnerabilityScan 409 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: StartVulnerabilityScan500Example: summary: Default startVulnerabilityScan 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/scans/{scan_id}: get: operationId: getScanStatus summary: Palo Alto Networks Get Scan Status description: >- Returns the current status and progress of a vulnerability scan. When status is completed, use GET /v1/scans/{scan_id}/results to retrieve the full vulnerability report. tags: - Scans parameters: - name: scan_id in: path required: true description: Unique identifier of the vulnerability scan. schema: type: string example: '734547' responses: '200': description: Scan status returned. content: application/json: schema: $ref: '#/components/schemas/Scan' examples: GetScanStatus200Example: summary: Default getScanStatus 200 response x-microcks-default: true value: scan_id: '588456' target_id: '410241' target_name: Production Agent 95 status: running attack_categories: *id001 progress: 0.36 total_attacks: 275 completed_attacks: 880 vulnerabilities_found: 746 error_message: example-error_message started_at: '2025-08-08T22:13:06Z' completed_at: '2024-11-03T18:50:01Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanStatus401Example: summary: Default getScanStatus 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanStatus403Example: summary: Default getScanStatus 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '404': description: Scan not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanStatus404Example: summary: Default getScanStatus 404 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanStatus500Example: summary: Default getScanStatus 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/scans/{scan_id}/results: get: operationId: getScanResults summary: Palo Alto Networks Get Scan Results and Report description: >- Returns the detailed vulnerability report for a completed scan. The report includes an overall risk score, vulnerability findings organized by attack category, specific attack prompts that succeeded, and remediation recommendations. Only available when the scan status is completed. tags: - Scans parameters: - name: scan_id in: path required: true description: Unique identifier of the completed scan. schema: type: string example: '783198' - name: category in: query description: Filter results by attack category. schema: type: string example: standard - name: severity in: query description: Filter findings by severity level. schema: type: string enum: - informational - low - medium - high - critical example: high responses: '200': description: Scan results and report returned. content: application/json: schema: $ref: '#/components/schemas/ScanReport' examples: GetScanResults200Example: summary: Default getScanResults 200 response x-microcks-default: true value: scan_id: '428692' target_id: '819001' target_name: Branch Agent 03 overall_risk_score: 2.13 total_attacks_executed: 817 vulnerabilities_found: 907 category_summaries: &id007 - category_id: '482152' category_name: Staging Firewall 89 attacks_executed: 371 vulnerabilities_found: 428 risk_score: 33.91 - category_id: '228990' category_name: Staging Sensor 95 attacks_executed: 409 vulnerabilities_found: 670 risk_score: 53.57 findings: &id008 - finding_id: '841657' category_id: '121939' category_name: Branch Gateway 62 severity: low title: Primary Sensor 11 description: Applied Security on activity traffic investigation configured investigation activity on configured. attack_prompt: example-attack_prompt model_response: VM-300 remediation: example-remediation generated_at: '2026-12-07T01:42:19Z' '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanResults400Example: summary: Default getScanResults 400 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanResults401Example: summary: Default getScanResults 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanResults403Example: summary: Default getScanResults 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '404': description: Scan not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanResults404Example: summary: Default getScanResults 404 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '409': description: Scan is not yet completed. Results are not available. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanResults409Example: summary: Default getScanResults 409 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetScanResults500Example: summary: Default getScanResults 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/attack-categories: get: operationId: listAttackCategories summary: Palo Alto Networks List Available Attack Categories description: >- Returns the list of available attack categories that can be selected when starting a vulnerability scan. Each category represents a class of AI security vulnerabilities tested using automated adversarial prompts. tags: - Attack Categories responses: '200': description: Attack categories returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/AttackCategory' examples: ListAttackCategories200Example: summary: Default listAttackCategories 200 response x-microcks-default: true value: total: 620 items: - category_id: '244722' name: Production Sensor 88 description: Endpoint applied on monitoring on detected firewall malware detected. attack_count: 293 severity_range: &id002 min: low max: informational examples: &id003 - example-examples_item - example-examples_item - category_id: '244722' name: Production Sensor 88 description: Endpoint applied on monitoring on detected firewall malware detected. attack_count: 293 severity_range: *id002 examples: *id003 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAttackCategories401Example: summary: Default listAttackCategories 401 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAttackCategories403Example: summary: Default listAttackCategories 403 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAttackCategories500Example: summary: Default listAttackCategories 500 response x-microcks-default: true value: error: example-error message: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: f62400eb-5426-47bb-acc1-166eb163d06c x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: oauth2Bearer: type: http scheme: bearer bearerFormat: JWT description: >- OAuth 2.0 Bearer token for SASE platform authentication. Obtain using the client_credentials grant with your SASE service account client ID and client secret. schemas: ScanTarget: type: object properties: target_id: type: string description: Unique identifier of the scan target. example: '296460' name: type: string description: Display name of the scan target. example: Branch Policy 32 description: type: string description: Description of the target AI application. example: Detected violation Security incident threat violation malware firewall policy incident rule rule. type: type: string enum: - openai_chat - anthropic_messages - custom_http - huggingface description: AI interface type of the target endpoint. example: openai_chat endpoint_url: type: string format: uri description: URL of the AI application endpoint. example: https://vpn.example.com/8fea53 model: type: string description: AI model name or identifier used by the endpoint. example: PA-5250 created_at: type: string format: date-time example: '2025-11-15T21:07:35Z' updated_at: type: string format: date-time example: '2024-07-13T20:05:13Z' ScanTargetRequest: type: object required: - name - type - endpoint_url properties: name: type: string description: Display name for the scan target. maxLength: 256 example: Primary Agent 91 description: type: string description: Optional description of the target application. example: On violation blocked incident traffic monitoring. type: type: string enum: - openai_chat - anthropic_messages - custom_http - huggingface description: AI interface type of the target endpoint. example: huggingface endpoint_url: type: string format: uri description: URL of the AI application endpoint to scan. example: https://api.acme-systems.org/696e96 model: type: string description: AI model name to include in requests (e.g., gpt-4o, claude-3-5-sonnet-20241022). example: PA-3260 auth_config: type: object description: Authentication configuration for the target endpoint. properties: type: type: string enum: - bearer_token - api_key_header - basic - none description: Authentication method. example: basic header_name: type: string description: Header name for API key authentication. example: Corporate Gateway 37 credential: type: string description: Authentication credential value (API key or token). writeOnly: true example: example-credential example: *id004 system_prompt: type: string description: >- System prompt to include in requests to the target. Used to scope red teaming attacks to the intended application context. maxLength: 8192 example: example-system_prompt Scan: type: object properties: scan_id: type: string description: Unique identifier of the scan. example: '588456' target_id: type: string description: ID of the scan target being assessed. example: '410241' target_name: type: string description: Display name of the scan target. example: Production Agent 95 status: type: string enum: - pending - running - completed - failed - cancelled description: Current status of the scan. example: running attack_categories: type: array items: type: string description: Attack categories included in this scan. example: *id001 progress: type: number format: float description: Scan completion progress from 0.0 to 1.0. minimum: 0.0 maximum: 1.0 example: 0.36 total_attacks: type: integer description: Total number of attack probes to be executed. example: 275 completed_attacks: type: integer description: Number of attack probes completed so far. example: 880 vulnerabilities_found: type: integer description: Number of vulnerabilities discovered so far. example: 746 error_message: type: string description: Error description if the scan failed. example: example-error_message started_at: type: string format: date-time description: Timestamp when the scan started. example: '2025-08-08T22:13:06Z' completed_at: type: string format: date-time description: Timestamp when the scan completed. example: '2024-11-03T18:50:01Z' ScanRequest: type: object required: - target_id - attack_categories properties: target_id: type: string description: ID of the scan target to assess. example: '645262' attack_categories: type: array items: type: string minItems: 1 description: >- Attack category identifiers to include in the scan. Use GET /v1/attack-categories to retrieve available category IDs. example: *id005 custom_prompts: type: array items: type: string description: >- Optional custom adversarial prompts to include alongside the built-in attack library. Useful for testing application-specific threat scenarios. maxItems: 100 example: *id006 max_attacks_per_category: type: integer description: >- Maximum number of attack probes per category. Limits scan duration for large attack libraries. If omitted, all available attacks for each category are executed. minimum: 1 maximum: 1000 example: 740 ScanReport: type: object properties: scan_id: type: string description: Unique identifier of the scan. example: '428692' target_id: type: string description: ID of the assessed target. example: '819001' target_name: type: string description: Display name of the assessed target. example: Branch Agent 03 overall_risk_score: type: number format: float description: Overall vulnerability risk score from 0.0 (no risk) to 10.0 (critical). minimum: 0.0 maximum: 10.0 example: 2.13 total_attacks_executed: type: integer description: Total number of attack probes executed. example: 817 vulnerabilities_found: type: integer description: Total number of vulnerabilities discovered. example: 907 category_summaries: type: array description: Vulnerability summary per attack category. items: type: object properties: category_id: type: string example: '298745' category_name: type: string example: Corporate Gateway 46 attacks_executed: type: integer example: 157 vulnerabilities_found: type: integer example: 72 risk_score: type: number format: float example: 11.02 example: *id007 findings: type: array description: Individual vulnerability findings. items: $ref: '#/components/schemas/VulnerabilityFinding' example: *id008 generated_at: type: string format: date-time description: Timestamp when the report was generated. example: '2026-12-07T01:42:19Z' VulnerabilityFinding: type: object properties: finding_id: type: string description: Unique identifier of the finding. example: '299305' category_id: type: string description: Attack category identifier. example: '468963' category_name: type: string description: Human-readable attack category name. example: Staging Sensor 12 severity: type: string enum: - informational - low - medium - high - critical description: Severity level of the vulnerability. example: high title: type: string description: Brief title describing the vulnerability. example: Branch Agent 11 description: type: string description: Detailed description of the vulnerability and its impact. example: Applied applied configured incident rule incident threat. attack_prompt: type: string description: The adversarial prompt that revealed the vulnerability. example: example-attack_prompt model_response: type: string description: >- The AI model's response to the attack prompt, demonstrating the vulnerability. May be truncated. example: PA-3260 remediation: type: string description: Recommended steps to mitigate the vulnerability. example: example-remediation AttackCategory: type: object properties: category_id: type: string description: Unique identifier for the attack category. example: '244722' name: type: string description: Human-readable category name. example: Production Sensor 88 description: type: string description: Description of the vulnerability class this category tests. example: Endpoint applied on monitoring on detected firewall malware detected. attack_count: type: integer description: Number of built-in attack probes in this category. example: 293 severity_range: type: object description: Severity range of vulnerabilities this category can discover. properties: min: type: string enum: - informational - low - medium - high - critical example: high max: type: string enum: - informational - low - medium - high - critical example: medium example: *id002 examples: type: array items: type: string description: Example attack type names within this category. example: *id003 ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Policy investigation blocked activity on activity suspicious configured configured suspicious. request_id: type: string description: Request identifier for support correlation. example: f62400eb-5426-47bb-acc1-166eb163d06c