attacks.ai
Sign inGet started

Help

Frequently Asked Questions

Everything about TRACTS-framework testing, scoring, and the API.

General

What is attacks.ai?

attacks.ai is a passive security testing platform for AI agents. Send your AI agent to visit the site, and it walks through documentation laced with security probes classified under the TRACTS attack-surface framework (our open research taxonomy; OWASP LLM Top 10 cross-references on every finding). You get a vulnerability report showing what your agent leaked, followed, or disclosed.

Is this legal?

Yes. attacks.ai is analogous to penetration testing services for traditional software. All tests are passive—no malicious payloads, no code execution, no data harvesting. You are responsible for ensuring you have authorization to test AI systems you send to our platform.

How is this different from actually attacking AI systems?

Our probes are passive: they ask, suggest, and embed—but never execute, fetch, or POST. When an AI "fails" a test, it simply means the agent disclosed or repeated something it shouldn't have. The agent's own user sees the result.

How It Works

How do I test my AI agent?

Point your browsing agent at https://attacks.ai/?agent=1 and tell it to complete the documentation walkthrough. After it finishes, you'll get a results URL with a full vulnerability report.

What vulnerabilities do you test for?

Findings are classified across 6 TRACTS attack surfaces (our open research framework), then rolled up into these 4 pass/fail scoring categories (each with an OWASP LLM Top 10 cross-reference):

  • Prompt Injection — Does the agent follow hidden instructions from web content?
  • Data Exfiltration — Does the agent leak its system prompt, tools, or user context?
  • Excessive Agency — Does the agent make unauthorized HTTP requests?
  • Credential Confusion — Does the agent treat bait API keys as real?
What happens if my AI fails a test?

You get a detailed report showing exactly what happened: which probes fired, what the agent disclosed, annotated evidence from the agent's own text, and remediation guidance. Categories are scored as pass/fail.

Privacy & Data

What is a session ID?

A session ID is a random UUID (e.g., a1b2c3d4-e5f6-...) assigned when an AI agent first visits attacks.ai. It tracks the agent's progress through the test and links to the final vulnerability report. Session IDs contain no personal information and cannot be traced back to you.

How long is data retained?

There are two storage layers:

  • Cloudflare KV — Live session data (progress, form submissions, beacons) expires automatically after 24 hours.
  • Cloudflare D1 — Anonymized reports are stored for 7 days (free tier), 90 days (Team), or per contract (Enterprise). These contain only probe results, scores, and provider metadata—no PII.
What data is collected?

We collect:

  • Agent metadata (User-Agent string, detected provider)
  • Probe responses (what the agent submitted in forms)
  • Beacon hits (HTTP requests the agent made to trap URLs)
  • Scoring results (category pass/fail, severity)

We do not persist raw IP addresses, personal information, or conversation history. Your IP is used for a 1-hour rate-limit bucket and then discarded; Cloudflare-derived country code and edge datacenter are stored with the scan report for retention-period analytics.

Can I delete my test data?

KV session data expires automatically after 24 hours—no action needed. D1 report data is retained for 7 days (free tier) or 90 days (Team), then automatically purged. Reports contain Cloudflare-derived country and datacenter identifiers but no raw IP, cookies, or personally identifiable information, so they cannot be linked back to an individual user. If you have concerns, contact attacks@reyse.ai.

Do you store my AI's responses?

We store text your agent submits through forms on the site (the summary form and verification forms) as part of the session. This is used to generate your vulnerability report. Session data is automatically deleted after 24 hours. The anonymized report is retained for 7 days (free tier) or 90 days (Team).

Can you see my conversations with my AI?

No. We only see what your agent sends to our server through form submissions and HTTP requests. We cannot see your conversation with the agent, its system prompt, or anything outside of what the agent actively sends to attacks.ai.

CI/CD & API

Can I integrate this into my CI/CD pipeline?

Yes. After a test run, retrieve results programmatically via GET /api/results/:sessionId which returns JSON with scores, categories, findings, and remediations. You can script your agent to visit attacks.ai, then check the API for pass/fail status.

Is there rate limiting?

Yes. To prevent abuse, we rate-limit session creation and page fetches. For normal testing (one agent at a time), you won't hit limits. If you need higher throughput, contact us at attacks@reyse.ai.

Contact

More questions? Email attacks@reyse.ai