AxioRankZero-Trust for AI Agents
Open the console

Red-team testing

Attack your agents before someone else does.

Run a corpus of real agent attacks against your live detectors and policies, not a sandbox. See exactly what your posture catches and what slips through, then apply the suggested fix for every miss in one click.

Open the consoleSee the benchmark

real corpus · scored against your posture · one-click remediation

posture run
caught 15 of 15 attacks
missed 0
benign all allowed
every miss ships a one-click policy fix
0
Scenarios in the corpus
0
Attack categories
0
Evasion techniques
CI
Gate on every push

What's in the corpus

Single calls, multi-step chains, and the tricks attackers actually use.

The corpus is versioned, so a posture score stays interpretable as it grows. Each scenario carries the protective outcome a sound posture must produce, and the benign controls keep an over-eager posture honest.

Single-call attacks

Live secrets in arguments, destructive commands, PII egress, and prompt injection, each with the outcome it must trigger.

Multi-step kill chains

Stateful sequences where one step reads untrusted data and a later step exfiltrates it, caught by value-level provenance.

Evasion techniques

Homoglyphs, zero-width characters, and nested encodings that normalized detection must see through.

Benign controls

Legitimate calls that must not be blocked, so a high catch rate cannot hide a wall of false positives.

Run it

Pick a family and watch your posture handle it.

Choose an attack family and run it. Each scenario shows the protective outcome the default posture produces. On your own workspace, the runner scores these against your actual rules.

Attack family
3 scenarios in this family. Run it to see the protective outcome the default posture produces for each.
3scenarios
3 attacks, all caught

0 benign controls allowed, no false positive.

corpus 2026.06.13. On your workspace the runner scores these against your live rules and offers a one-click fix for any miss.

Every miss has a fix

A failure is a suggestion, not just a red mark.

When a scenario is missed, the report carries a concrete remediation in the same shape as a policy rule, so closing the gap is a click, not a research project.

# a missed secret-in-arguments scenario suggests
{
  "tool_pattern": "*",
  "action": "deny",
  "signalCategory": "secret",
  "rationale": "Deny any tool call whose arguments contain a live secret."
}

Free gets a teaser

Every plan can run a capped, representative subset. Pro and above run the full corpus with history, so you can watch your posture score move over time.

Shift it left

Fail the build when your posture regresses.

Run the corpus in CI against the policies you are about to ship. If a change quietly weakens a rule, the gate catches it before it reaches production.

# score the workspace posture against the corpus
npx @axiorank/cli red-team run --fail-under 100
Pro and above

Keep exploring

Continue across the control plane.

AI detection

A model adjudicates held calls and scores prompts and completions for toxicity and groundedness.

Open

Threat intelligence

A cross-tenant feed with a k-anonymity floor that enriches every verification.

Open

Agent identity

Short-lived signed tokens that verify locally and cannot be replayed.

Open

MCP gateway

Every tool call scored, policed, and logged on the hot path in under 100 ms.

Open

Enforcement benchmark

The model-free harness behind our published catch and false-positive rates.

Open

Detection docs

How normalized detection catches the homoglyph and nested-encoding tricks.

Open

Know what your posture actually catches.

Run the corpus against your live rules, fix every miss, and keep the score from slipping with a gate in CI.

Open the consoleCompare plans