Click to create a new test configuration.
Next you’ll need to choose a “Target Name”—a name for your AI system under test. This name will identify these security test results in the future, as well as grouping subsequent tests of the same system together to track the risk posture over time.
There are preset templates for the most common API structures to choose from including OpenAI, HuggingFace, Azure, and Anthropic. If you’re testing an AI model hosted with one of these vendors then choose the relevant option. If not, choose “Custom” to fully control how to interface Mindgard with a custom API.
Below is an example configuration for a custom API.
API Endpoint
The API endpoint URI must accept HTTP POST requests representing user input to the AI model or application. Mindgard will POST testing inputs to this URI.API Key
This key will be used for Bearer authentication. Alternatively, if your application uses a custom authentication scheme, you can use the Headers field below to specify custom authentication headers.Headers
Fill in a comma separated list of any HTTP headers Mindgard should include on outbound POST requests to your API Endpoint. You may find your browser devtools useful to observe HTTP headers that may be necessary on requests to your target API.
Selector
The Selector is a JSON Path expression (https://jsonpath.com), that tells Mindgard how to identify your Model’s response within the API response. Your browser devtools may be useful to observe the structure of your API response to determine what this should be set to. In the example in the below screenshot $.text would be used to match the text response from the LLM chatbot.
Request Template
The Request Template tells Mindgard how to format an outbound request to your test target API. Your browser devtools may be useful to observe the structure of the outbound request.
There are two template placeholders you must include in your Request Template.
— Mindgard will replace this placeholder with a testing input as part of an attack technique.
— Mindgard will replace this with the system prompt you specify below. This will allow you to test how the system behaves with different system instructions.
The screenshot above would require a Request Template of:
| “ |
|---|
System Prompt
Here you may include the system prompt for the AI model. If you’re testing a model inference API directly, you may wish to include the real system prompt used by your application to simulate its performance as part of the wider application. If the system prompt is not relevant to your tests, you may place a benign placeholder here e.g. “Please answer the following question:” If you include a relevant system prompt here, Mindgard will include in its testing an evaluation of whether the system prompt instructions can be bypassed.Managing Test Configurations
Once you’ve set up your test target you can find it again and schedule tests against it from the Test Configurations page.
Test Options
When you schedule a test you can customize your test with relevant settings to the context from the risk management checklist earlier in this guide.
The Domain option allows you to choose to test with datasets and goals relevant to your system domain. For example, the Finance domain covers scenarios like abuse to enable fraud or money laundering. The SQL Injection option covers scenarios such as abuse of an LLM component to bypass a Web Application Firewall (WAF) and expose an SQL Injection vulnerability to exploit.
The Duration option controls a tradeoff between speed of the test, and the confidence of any scores given. All dynamic testing of inherently non-deterministic AI systems has inherent limitations in confidence of results. A mitigation for these phenomena is running tests for longer with more samples to increase confidence. The tradeoff in doing so is that tests will subsequently take longer to complete, and increase your AI model hosting costs.
The default of Fast runs a small sample set and gives rapid visibility of risks. We recommend that you use this option while you are exploring initial risks. Fast may also be the best option for CI/CD integrations if you have a very short time budget for tests in your build pipeline. The Thorough option – which runs the tests for longer – is a good balance for many customers. Extensive runs security tests to high confidence, and is the setting Mindgard uses for collection of threat intelligence on foundational and open source models. The time duration and cost of running at this setting may be prohibitive.