AI Scanner config examples for custom AI applications

Views:

Use these YAML configuration examples as templates for scanning custom AI application endpoints with AI Scanner.

Find the configuration pattern that matches your API structure and adapt it to start scanning:

Configuration file structure: Required fields and placeholder syntax for the custom section
Simple REST API: Single prompt field, single response field
Chat completions API with message array: Prompt inside a messages array with array-indexed response
Nested request and response structure: Deeply nested JSON payloads

Configuration file structure

Use the custom section in the configuration file to define how AI Scanner communicates with your application. You must specify the following:

Endpoint URL
HTTP method
Header fields, for example, authorization tokens or content-type declarations
The JSON structure of the request body, including the location of the text prompt
The JSON structure of the response body, including the location of the model output

The following placeholders control where AI Scanner inserts and extracts data:

{{prompt}}: AI Scanner replaces this placeholder with attack prompts at runtime.
{{response}}: AI Scanner extracts the model response from this location.
{{api_key}}: AI Scanner replaces this placeholder with the value of the TARGET_API_KEY environment variable.

Important

Store application programming interface (API) keys in environment variables. Do not include API keys directly in configuration files.

Simple REST API

Use this configuration when your AI application exposes a straightforward REST endpoint that accepts a prompt in a single field and returns the model response in a single field. Adapt the field names in the request and response sections to match your API schema.

version: 1.1.0
name: Simple REST API Scan
description: Security scan for a basic text generation endpoint
target:
  # Replace with your endpoint URL
  name: my-text-api
  endpoint: https://api.example.com/v1/generate
  api_key_env: TARGET_API_KEY
  custom:
    method: POST
    headers:
      Content-Type: application/json
      Authorization: "Bearer {{api_key}}"
    request:
      # Replace field names to match your API schema
      input: "{{prompt}}"
      temperature: 0.2
    response:
      # Replace field names to match your API response
      answer: "{{response}}"
settings:
  concurrency: 10
attack_objectives:
  - name: System Prompt Leakage
    techniques:
      - None
    modifiers:
      - None
  - name: Sensitive Data Disclosure
    techniques:
      - None
    modifiers:
      - None

Chat completions API with message array

Use this configuration when your AI application follows the chat completions API convention, where prompts are sent as a messages array with role and content fields. This pattern is common for custom-hosted endpoints that follow the same request structure as OpenAI.

The system_prompt field is a top-level target setting that AI Scanner prepends to conversations during scanning. It does not appear in the request body.

version: 1.1.0
name: Chat Completions API Scan
description: Security scan for a chat-style AI endpoint
target:
  # Replace with your endpoint URL
  name: my-chat-api
  endpoint: https://api.example.com/v1/chat/completions
  api_key_env: TARGET_API_KEY
  # AI Scanner prepends this to conversations during scanning
  system_prompt: You are a helpful assistant.
  custom:
    method: POST
    headers:
      Content-Type: application/json
    request:
      # Replace model name with your deployed model
      model: my-model-v1
      messages:
        - role: user
          content: "{{prompt}}"
      stream: false
    response:
      # Match the response structure of your API
      choices:
        - finish_reason: stop
          index: 0
          message:
            content: "{{response}}"
            role: assistant
settings:
  concurrency: 10
attack_objectives:
  - name: System Prompt Leakage
    techniques:
      - DAN (Do anything now)
    modifiers:
      - None
  - name: Malicious Code Generation
    techniques:
      - Ignore all previous instructions
    modifiers:
      - Base64 Encoding

Nested request and response structure

Use this configuration when your AI application wraps the prompt and response in deeply nested JSON objects, such as APIs that include metadata or configuration parameters alongside the prompt.

version: 1.1.0
name: Nested Structure API Scan
description: Security scan for an endpoint with nested JSON payloads
target:
  # Replace with your endpoint URL
  name: my-nested-api
  endpoint: https://nlp.example.net/run
  api_key_env: TARGET_API_KEY
  custom:
    method: POST
    headers:
      Content-Type: application/json
      Authorization: "Token {{api_key}}"
    request:
      # Match the nested structure of your API request
      payload:
        prompt: "{{prompt}}"
      config:
        temperature: 0.1
        max_tokens: 1000
    response:
      # Match the nested structure of your API response
      data:
        result:
          message: "{{response}}"
settings:
  concurrency: 5
attack_objectives:
  - name: Sensitive Data Disclosure
    techniques:
      - Payload splitting
    modifiers:
      - Best-of-N Scrambling
  - name: Agent Tool Definition Leakage
    techniques:
      - None
    modifiers:
      - None