NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
Deliverablesdeliverable
deliverable
public-sample

AI Red-Team Findings Register

A technical companion to the executive summary with structured findings, severity, reproduction summary, affected boundary, evidence, remediation, and validation status.

14-28 pages
Scope AI Red Team & Adversarial TestingScope AI Product Security AssessmentScope Agentic Workflow Security & Hardening
Client deliverable
public-sample
14-28 pages
System
Northstar Support Cloud / Customer Support Copilot
Environment
staging with production-like synthetic tenant data

# AI Red-Team Findings Register

Sample Deliverable

Executive Summary

This findings register is the technical companion to the AI red-team executive summary. It captures each validated finding, affected boundary, safe reproduction summary, evidence, business impact, remediation, validation criteria, owner, and release decision.

The public sample avoids payload-level exploit detail while preserving the structure needed for engineering remediation.

Heads up

Public sample notice

This is a shortened, synthetic excerpt prepared as a public sample. A client version would include system-specific evidence, implementation references, architecture screenshots, control test results, owner sign-offs, and full supporting documentation. This sample uses Northstar Support Cloud / Customer Support Copilot as the synthetic reference system. This sample is not legal advice, not a compliance certification, not an audit opinion, not a warranty, and not proof that any unreviewed system is secure.
Decision · blocked

Findings register decision

Two validated critical findings block retrieval expansion and customer-visible execution until remediation and retest are complete.

Metrics

Findings Register Snapshot

Findings
4
Critical
2
High
2
Validated
4
Release blockers
2
Note

A finding is only useful if it can be fixed and retested

Good red-team findings do not stop at impact. They name the affected boundary, evidence, owner, remediation, and validation standard.

Findings register

Risk register

AI Red-Team Findings Register

The findings register tracks severity, affected boundary, evidence, remediation, validation, and release decision.

Risks
0
Open
0
Critical
0
Decisions
0
Roadmap
0
Controls
0
Data unavailable
content/deliverables/data/ai-red-team-findings-register.json
No risks array found.

Finding summary

Red-team finding summary

IDFindingSeverityBoundaryRelease decision
ART-001Unauthorized retrieval can reach restricted support contextCriticalretrievalblocks retrieval expansion
ART-002Retrieved content can influence model instruction hierarchyHighretrievalrequires remediation before source expansion
ART-003Sensitive customer message action can be queued with thin approval contextCriticalapprovalblocks customer-visible execution
ART-004AI trace schema does not fully reconstruct tool policy decisionsHightracerequires remediation before broad agent expansion

Priority findings

Findings

Priority Findings

Finding · critical

Unauthorized retrieval can reach restricted support context

Evidence: rag-authz-negative-test

Negative tests showed that restricted support context can enter the retrieval candidate set when chunk metadata lacks complete source ACL inheritance.

Finding · critical

Sensitive customer message action can be queued with thin approval context

Evidence: approval-context-test

The system can queue customer-visible response actions without presenting enough evidence for meaningful human approval.

Finding · high

Retrieved content can influence model instruction hierarchy

Evidence: indirect-prompt-injection-test

Synthetic retrieved content containing malicious instructions influenced the model's rationale and answer shape.

Finding · high

AI trace schema does not fully reconstruct tool policy decisions

Evidence: trace-schema-review

Trace records capture tool calls but do not consistently capture policy inputs, denied action class, and approval decision rationale.

Validation criteria

Checklist

Validation criteria before closure

Restricted chunks are excluded before retrieval candidates are available.
Retrieved instructions are ignored or treated as untrusted context.
Approval bundles show target, evidence, rationale, diff, blast radius, rollback, reviewer, and trace reference.
Tool traces capture action class, policy inputs, decision, denial reason, target object, and approval state.
Release gate blocks expansion until retest passes.
Artifact

Related artifact: AI Red Team Assessment Executive Summary

The executive summary communicates the business decision and release blockers.

/deliverables/ai-red-team-executive-summary
Artifact

Related artifact: AI Red-Team Remediation Roadmap

The remediation roadmap sequences fixes and retest work.

/deliverables/ai-red-team-remediation-roadmap