Adapter — Target Categories
The four target categories the Adapter supports and when to use each
The Adapter supports four target categories. Choose the one that best matches what you're testing — the category affects how the Adapter handles discovery, session management, and attack delivery.
Consumer Chat
Label in the Adapter: Consumer chat
Best for: Customer-facing chatbots — support bots, retail assistants, banking chatbots, onboarding flows.
This is the most common category. The target is a chatbot widget or page embedded in a website, typically accessible to any end user without special authentication.
How it works:
- The Adapter opens the target URL in a controlled Chromium browser
- Vision + DOM analysis automatically finds the chat input, submit button, and response area — no hardcoded selectors
- Each attack prompt is typed and submitted as a normal user would
- The AI's response is captured and sent to the Judge for scoring
Session handling: If the chatbot requires login (e.g. logged-in customer portal), create a Session first — see First-Time Setup.
Supported UI patterns:
- Inline chat pages
- Floating widget buttons
- Iframe-embedded widgets
- Shadow DOM components
Agentic / Tool-Calling
Label in the Adapter: Agentic / tool-calling
Best for: LLMs with function-calling enabled — coding assistants, autonomous agents, workflow bots.
Use this when the model can invoke external tools or functions (e.g. search_web, run_code, send_email). Stinger uses specialized attack strategies designed to abuse tool-calling paths rather than just the conversation flow.
What's different vs Consumer Chat:
- Attack strategies target tool invocation, not just natural language responses
- The Judge evaluates both the model's text response and any tool calls it makes
- Discovery phase probes available tools and their schemas before the attack begins
Examples:
- GitHub Copilot / coding assistants with shell execution
- Customer service agents that can look up accounts or issue refunds
- Internal workflow bots connected to company systems
Agentic attacks are more sensitive
Agentic targets often have real side effects — an attack that succeeds might actually invoke a tool. Run agentic attacks against sandbox or test environments, not production systems with live data.
Service API
Label in the Adapter: Service API
Best for: In-product RAG endpoints, internal chat APIs, proprietary REST services.
Use this when the target exposes a non-standard REST API — not OpenAI-compatible, but a custom endpoint your company built. Common in enterprise deployments where the LLM is wrapped in a proprietary API layer.
Configuration: Paste a curl command to describe the endpoint. The Adapter parses the URL, headers, and body structure automatically.
curl -X POST https://internal.yourcompany.com/ai/chat \
-H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"input": "{{PROMPT}}", "context": "customer_support"}'
Use {{PROMPT}} as the placeholder — the Adapter replaces it with each attack prompt.
Difference from Web Console REST target:
This runs through the Adapter's local process, so it can reach internal network endpoints (intranet, VPN-only services) that aren't accessible from Stinger's cloud backend.
Raw LLM API
Label in the Adapter: Raw LLM API
Best for: Direct OpenAI, Anthropic, Google, or compatible API calls.
Use this when you want to attack the base model directly — without a system prompt, without a product wrapper. Useful for benchmarking a model's raw refusal behavior before deploying it in a product.
Supported providers:
- OpenAI (
/v1/chat/completions) - Anthropic Messages API
- Google Gemini
- Any OpenAI-compatible endpoint
Configuration:
| Field | Example |
|---|---|
| Provider | OpenAI / Anthropic / Custom |
| Endpoint URL | https://api.openai.com/v1/chat/completions |
| API Key | sk-... |
| Model | gpt-4o |
| System prompt | Optional — leave blank to attack the base model |
Difference from Web Console OpenAI-Compatible target:
Same underlying API call, but running through the Adapter locally. Choose Adapter when you want to keep API keys off Stinger's cloud backend entirely.
Choosing the right category
| Situation | Category |
|---|---|
| Website chatbot (any user can open it) | Consumer Chat |
| Website chatbot behind company login | Consumer Chat + Session |
| Bot that can call external tools/APIs | Agentic / Tool-Calling |
| Internal API not on the public internet | Service API |
| Raw model API (OpenAI, Anthropic, etc.) | Raw LLM API |
| OpenAI-compatible but cloud-accessible | Web Console (no Adapter needed) |