Quick Start
From login to your first attack result in under 10 minutes
Get from zero to your first breach finding as fast as possible. Pick your path based on what you're testing.
Which path is right for you?
| I want to test… | Use |
|---|---|
| An API with an endpoint URL or API key | Path A — Web Console (5 min) |
| A chatbot on a website that requires login | Path B — Adapter (15 min) |
Path A — Web Console (API target)
Step 1 — Register your target URL
Go to Settings → Allowlist → Request new target.
- Target pattern: the domain or IP of your API (e.g.
api.yourcompany.com) - Pattern type:
domain - Purpose: brief description of the engagement
Submit and wait for approval (typically 1 business day). You can complete steps 2–4 while you wait.
Step 2 — Create a project
Go to Projects → New Project. Give it a name (e.g. Q3 LLM Audit).
Step 3 — Add an API target
Inside the project, go to Targets → Add Target.
OpenAI-Compatible (most common):
Endpoint URL: https://api.yourcompany.com/v1/chat/completions
API Key: sk-...
Model: gpt-4o (or your model name)
Custom REST/curl — paste your curl command:
curl -X POST https://api.yourcompany.com/chat \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"message": "{{PROMPT}}"}'
Click Test Connection — you should see a green checkmark before saving.
Step 4 — Add goals
Go to Goals → Import from preset and choose a category that matches your system (General, Finance, Telecom, etc.).
Start with 3–5 goals for your first run.
Step 5 — Launch
Click Launch Attack. Select your goals and set max turns to 10 (default).
The attack runs in the background — you'll see results in the Assessments tab within a few minutes.
What to look for
Any goal with status Breached (red) is a confirmed guardrail gap. Click into it to see the exact prompt that succeeded and why the Judge scored it as a breach.
Path B — Adapter (browser chatbot)
Step 1 — Register your target URL
Same as Path A — go to Settings → Allowlist and submit the domain of the website hosting the chatbot (e.g. chat.yourbank.com).
Step 2 — Install the Adapter
Download from Adapter in the left sidebar. See Installation for platform-specific steps (including the macOS Gatekeeper workaround).
Step 3 — Create an API key
Go to Settings → API Keys → New Key. Copy it immediately — it's shown only once.
Step 4 — Create a project and goals
Same as Path A — create a project and add goals.
Step 5 — Log in to the Adapter
Open the Adapter. Enter your API key (stk_...) and click Sign In.
Step 6 — Add a session for your target
Go to Sessions → New Session. A browser window opens — log in to the target chatbot as a normal user. Close the window when done.
Step 7 — Start the attack
In the Adapter, go to Projects, select your project and target, then click Start Attack.
The Adapter automates the browser — you'll see each prompt and response in the Live Activity panel in real time.
Keep the Adapter app open while the attack runs. Results upload to the Web Console automatically when complete.