Views:
Specify a target AI model and select the attack objective, technique, and modifier to scan in the command line interface (CLI) using TrendAI™'s hosted infrastructure. For self-hosted configuration, see Configure self-hosted AI scan settings.

Procedure

  1. Create an application programming interface (API) key for your AI model.
    Important
    Important
    When adding the API key, you must select a role with all AI Scanner permissions. If your organization does not have an existing user role with the necessary permissions, create a custom role or contact your administrator.
    For more information, see API Keys.
    1. Go to AdministrationAPI Keys.
    2. Click Add API key.
    3. Enter a name, role, expiration time, and description.
      TrendAI™ recommends storing your API key for AI Scanner under the name $V1_API_KEY.
    4. Click Add.
    5. Copy and retain the API key.
  2. Download and install the TrendAI™ Artifact Scanner command-line interface (CLI).
  3. Configure the scan settings in the CLI.
    1. Store the TrendAI Vision One™ API key as an environment variable:
      export TMAS_API_KEY=<your_vision_one_api_key>
    2. Add TrendAI™ Artifact Scanner CLI to your path:
      export PATH="/path/to/tmas/binary/directory:$PATH"
    3. Start TrendAI™ Artifact Scanner AI Scanner:
      • For the US TrendAI Vision One™ region, run this command: ./tmas aiscan llm -i
      • For other TrendAI Vision One™ regions, add the region flag. For example, for the JP region, run this command: ./tmas aiscan llm -i --region=ap-northeast-1
    4. Select the target type.
      • Model Endpoint (OpenAI-compliant): Select this option for LLM endpoints that implement the OpenAI API specification. You must provide the OpenAI API endpoint URL, API key, and model ID.
      • AI Application Endpoint (Custom): Select this option for AI applications with custom API interfaces. You must provide the endpoint URL, API key (optional), and the JSON keys that identify where to embed prompts in the request body and where to extract responses.
      Tip
      Tip
      If the request or response schema for a custom endpoint involves an array or nested JSON structure, use config mode instead of interactive mode. For more information, see the config mode instructions below.
    5. Follow the CLI wizard to name the group, enter the target API endpoint, supply the API key, and configure the remaining target settings.
    6. Select one or more attack objectives, techniques, and modifiers from the provided options.
    7. Select Yes to save the scan configuration and specify a file name.
    8. When the scan completes, go back to AI Scanner to view the full results.
  4. You can also run a scan using a YAML configuration file instead of the interactive wizard.
    TrendAI™ recommends config mode for automated or CI/CD pipeline integration, repeatable testing, and custom AI application endpoints with complex request or response structures.
    1. Store the target endpoint API key as an environment variable:
      export TARGET_API_KEY=<your_target_api_key>
    2. Create a YAML configuration file that defines the target, scan settings, and attack objectives.
      For custom AI application endpoints, use the custom section to define the HTTP method, headers, request body template, and response body template. Use the {{prompt}} placeholder to indicate where AI Scanner inserts attack prompts, and the {{response}} placeholder to indicate where AI Scanner extracts the model response.
      For configuration examples, see AI Scanner config examples for custom AI applications.
    3. Run the scan with the configuration file:
      ./tmas aiscan llm -c config.yaml
      To specify a region, add the region flag:
      ./tmas aiscan llm -c config.yaml --region ap-northeast-1
      To save results to a file:
      ./tmas aiscan llm -c config.yaml --output json=results.json,markdown=report.md
  5. View the results of the scan in AI Scanner.
    For more information on the results available in AI Scanner, see AI Scanner scan results.
Comments (0)