ASAPP Introduces Continuous Red‑Team Testing to Secure Enterprise AI Systems
What Happened – ASAPP unveiled “Continuous Red Teaming,” a service that embeds Promptfoo’s adversarial AI testing into its model‑evaluation pipeline. The platform now runs automated checks for more than 50 LLM‑specific vulnerability types, delivering real‑time risk metrics for customers.
Why It Matters for TPRM –
- AI‑driven SaaS solutions can become attack surfaces once they move from static Q&A to autonomous actions.
- Continuous, metric‑driven testing gives third‑party risk teams verifiable evidence of a vendor’s security posture, reducing reliance on one‑off audits.
- The framework aligns with OWASP Top 10 for LLMs and the NIST AI Risk Management Framework, providing audit‑ready artifacts for procurement and compliance reviews.
Who Is Affected – Enterprises that embed large‑language‑model (LLM) agents in customer‑facing or internal workflows (e.g., contact‑center SaaS, knowledge‑base RAG solutions, AI‑enabled automation platforms).
Recommended Actions –
- Request ASAPP’s Attack Success Rate (ASR) dashboards and benchmark data during vendor due‑diligence.
- Verify that the Continuous Red Teaming controls map to your organization’s AI‑risk policies (OWASP LLM, NIST AI RMF).
- Incorporate continuous AI‑security testing clauses into contracts and SLA metrics for all AI‑model providers.
Technical Notes – The testing covers core model integrity (jailbreak, hallucinated authority), data‑privacy (prompt injection, cross‑session PII leakage), and agentic/operational security (unauthorized tool‑calling, internal reconnaissance). It leverages automated graders to reduce human bias and continuously tracks the Attack Success Rate for each model update. Source: Help Net Security