Traditional penetration testing is a point-in-time exercise: an engagement runs for two weeks, a report is written, remediations are applied, and the next test is scheduled for six months later. In the meantime, your agent is deployed, your prompt policies evolve, new tools get registered, and the threat landscape shifts. QuilrAI's Red Team Agent takes a different approach: it runs continuously, generating novel attacks against the live Guardian-agent pair every hour, and feeding discoveries back into the Guardian's policy engine automatically.
What Is the Attack Generation Loop?
The Red Team Agent maintains a taxonomy of known attack techniques, prompt injection variants, jailbreak patterns, tool scope violations, RAG poisoning templates, privilege escalation chains, and uses a generative model to create novel instantiations of each technique tailored to the specific agent it is testing. It does not use a fixed test suite: each attack run generates new variations, targeting the specific tool set, data access patterns, and behavioral characteristics of the agent under test. This prevents the common failure mode of security tests that validate controls against the exact attacks they were designed to block, while missing variations.
What Is the Guardian Update Cycle?
When the Red Team Agent discovers a gap, an attack that successfully bypasses the Guardian's current policy, it does not simply log a finding. It generates a policy patch: a specific rule addition or permission boundary adjustment that would have blocked the successful attack. The patch is presented to a human reviewer (or, in automated mode, applied directly for low-risk policies) and pushed to the Guardian within the same operational cycle. The next Red Team run will attempt the same attack against the patched policy, confirming the fix holds.
What Is Attack Taxonomy Coverage?
The Red Team Agent's current taxonomy covers seven attack families: direct prompt injection, indirect injection via tool outputs, RAG store poisoning, tool scope escalation, multi-agent delegation abuse, model-level jailbreaks, and output manipulation attacks. Coverage metrics are tracked per deployment: each attack family has a hit rate (how often novel attacks in that family succeed) and a cycle time (how quickly successful attacks are patched). The dashboard surfaces these metrics in real time, giving security teams a continuous, quantified view of their AI attack surface.
- Red Team Agent generates novel attack variants every hour against the live deployment
- Attack generation is tailored to the specific tools, data patterns, and agent behavior
- Successful attacks trigger automatic policy patch generation for Guardian review
- Seven attack families covered: injection, RAG poisoning, scope escalation, jailbreaks, and more
- Coverage metrics and patch cycle times displayed on the security dashboard in real time
QuilrAI
How QuilrAI addresses this: The Red Team Agent is included in every QuilrAI Guardian deployment. It runs continuously with no manual configuration, generates human-readable findings with policy patch recommendations, and closes the gap between attack discovery and policy remediation from weeks to hours.