⚔️ ADM Battle ConsoleRed attacks · Blue defends · Green remediates

🔎 Search eventsBrowse all 10,000 variantsGitHub repository
connecting…

Agentic Defense Matrix (ADM) is a defense-in-depth system for AI agents that can plan tasks and call tools. Instead of relying only on prompt filtering, it watches what agents actually do — at the API gateway, the policy engine, and the operating-system level — and contains the blast radius when something goes wrong.

This console shows a live security exercise running on the deployed system:

  • RED Red team continuously attacks the system with thousands of adversarial prompts and tool-call attempts — prompt injection, reverse shells, data exfiltration, container escape, and more. On a landing it can ask the hosted LLM for an adaptive next step and persist a successful attack chain.
  • BLUE Blue team (the gateway, SIEM, and policy engine) detects the attacks and blocks them at the boundary.
  • GREEN Green team automatically remediates any attack that slips through — LLM triage decides revoke / which agent to restart, and writes a SOC summary to the dashboard.

Every event is logged to a database and scored, so you can see in real time how well the defenses hold. The scoreboard below updates every few seconds; the feed on the left streams each attack and defense as it happens.

System status

checking…

LLM backend (Groq → X.AI failover)

checking…

Battle scoreboard

Attacks
click for details
Block rate
click for details
Detection rate
click for details
Landed
click for details
Remediations
click for details
Mean time to remediate
click for details
Residual risk
click for details

Live battle feed

Waiting for events…

By technique — blocked ▏landed

blocked (blue)landed (red)
Loading…

Recent sessions (attack → remediation)

techniquetargetattackremediation / MTTR
No sessions yet.

Successful attack chains

statusstepsstrategyremediation summary
No successful attack chains yet.

Red team attack matrix

These 30 rows are the base attack classes. At runtime the red team deterministically expands them into 10,000 enumerated campaign variants (RT-00001 … RT-10000). On a landing, adaptive LLM mutation can append follow-up steps to an attack chain. Browse all 10,000 variants

IDAttackTechnique
RT-001Prompt InjectionIndirect injection via RAG context
RT-002Tool Chainingread_secret → external_send chain
RT-003RAG PoisoningInject malicious URLs into knowledge base
RT-004Reverse Shellbash -i >& /dev/tcp/... via tool call
RT-005Confused DeputyTrick agent into privilege escalation
RT-006Token TheftReplay captured JWT
RT-007Egress ExfiltrationDNS tunnel / HTTP POST to external
RT-008Container EscapeMount host filesystem attempts
RT-009Rate Abuse1000 req/min automated probing
RT-010State DriftModify agent context mid-session
RT-011LLM Supply ChainCompromised Ollama model
RT-012Log InjectionCrafted payloads in user input
RT-013TOCTOU RaceRace condition in policy check
RT-014DNS RebindingBypass egress filter via DNS
RT-015Privilege EscalationExploit Watchdog → root
RT-016Indirect Tool OutputInject malicious instructions in tool output
RT-017Multi-Turn ContextBuild trust then exploit across turns
RT-018Encoding InjectionBase64/hex encoded payloads
RT-019Multi-LanguageInjection in multiple languages
RT-020Nested InjectionNested system/user/assistant markers
RT-021Social EngineeringFake admin/emergency commands
RT-022Payload ObfuscationVariable splitting, concatenation
RT-023Supply ChainMalicious package installation
RT-024Time-BasedDelayed trigger injection
RT-025Resource ExhaustionLarge payloads, concurrent requests
RT-026Memory PoisoningPoison agent conversation memory
RT-027Cross-SessionContaminate other sessions
RT-028Token ExtractionExtract API keys/tokens
RT-029Denial of ServiceExcessive token generation
RT-030Side ChannelData exfiltration via encoding

Endpoint

or use ?api=…&gw=… in the URL