Walkthroughs

Step-by-step guided walkthroughs covering red team tools, engagement methodology, defense implementation, platform-specific testing, and full engagement workflows.

Walkthroughs bridge the gap between understanding a concept and executing it independently. While the curriculum sections explain what techniques exist and why they work, and labs challenge you to apply them with minimal guidance, walkthroughs show you exactly how to do something, step by step. They are the guided practice that builds confidence before independent application.

Each walkthrough follows a consistent structure: context for what you are about to do and why, prerequisites and setup, step-by-step instructions with expected outputs at each stage, explanation of what is happening and why, common problems and how to resolve them, and next steps for extending what you learned. This structure makes walkthroughs useful both as first-time learning aids and as reference material you return to when you need to refresh a specific workflow.

Walkthrough Categories

The walkthroughs span five categories that cover the full spectrum of AI red teaming activities.

Tool walkthroughs provide hands-on guides for the most important tools in the AI red teaming ecosystem. Garak is covered extensively, from running your first vulnerability scan through custom probe creation, multi-model comparison, CI/CD integration, detector customization, generator plugins, MCP probe setup, and reporting analysis. PyRIT walkthroughs cover Microsoft's AI red teaming framework, from initial campaign setup through advanced automation. Promptfoo walkthroughs demonstrate safety regression testing. Additional tools covered include Burp Suite AI extensions, Inspect AI, Counterfit, HarmBench, NeMo Guardrails, Langfuse for observability, and Ollama for local model testing. Each tool walkthrough takes you from installation through practical use against realistic targets.

Methodology walkthroughs provide step-by-step guidance for the operational aspects of AI red teaming. Pre-engagement checklists ensure nothing is missed during engagement setup. Engagement kickoff guides structure the initial client interactions. Reconnaissance workflow walkthroughs demonstrate systematic information gathering. Attack surface mapping guides show how to enumerate and prioritize targets. Attack execution walkthroughs demonstrate structured attack campaigns. Threat modeling workshops guide facilitated threat assessment sessions. Scoping checklists, rules of engagement templates, test plan development, evidence collection methods, and executive summary writing are all covered with concrete examples and templates.

Defense implementation walkthroughs show how to build and deploy the defenses that red teamers need to understand and bypass. Guardrail setup, content filter deployment, monitoring configuration, incident response preparation, rate limiting, input sanitization, semantic similarity detection, canary token deployment, prompt classification, output content classification, Unicode normalization, instruction hierarchy enforcement, and multi-layer input validation are all covered with working implementations. Understanding how defenses are built makes you better at finding their weaknesses.

Platform walkthroughs provide platform-specific guidance for the major AI deployment environments. AWS Bedrock, Azure OpenAI, Google Vertex AI, HuggingFace, Databricks/MLflow, and other platforms each have distinct security models, configuration options, and testing approaches. These walkthroughs show you how to conduct security assessments within each platform's specific environment, accounting for platform-specific access controls, logging, and security features.

Engagement walkthroughs demonstrate complete assessment workflows for common AI deployment types. The chatbot engagement walkthrough covers the most common assessment target. RAG engagement walkthroughs address the specific challenges of testing retrieval-augmented systems. Agent engagement walkthroughs cover agentic systems with tool access. API engagement walkthroughs focus on direct model API testing. Multi-model engagement walkthroughs address systems that route between multiple models. Each provides a complete workflow from initial reconnaissance through final report delivery.

What You'll Find in This Section

• Tool Walkthroughs -- Step-by-step guides for Garak, PyRIT, Promptfoo, Burp Suite AI, Inspect AI, Counterfit, HarmBench, NeMo Guardrails, Langfuse, Ollama, and Python automation frameworks
• Methodology Walkthroughs -- Engagement kickoff, reconnaissance workflow, attack execution, report writing, pre-engagement checklists, threat modeling workshops, scoping, rules of engagement, test planning, evidence collection, and executive summary writing
• Defense Implementation -- Guardrails setup, monitoring deployment, incident response preparation, content filter configuration, rate limiting, input sanitization, canary tokens, prompt classifiers, and multi-layer validation
• Platform Walkthroughs -- AWS Bedrock, Azure OpenAI, Google Vertex AI, HuggingFace, Databricks/MLflow, and other platform-specific assessment guides
• Engagement Walkthroughs -- Complete assessment workflows for chatbot, RAG, agent, API, and multi-model engagement types

Prerequisites

Walkthrough prerequisites vary by category:

• Tool walkthroughs -- Python installed, API keys for target models, basic command-line comfort
• Methodology walkthroughs -- Familiarity with Red Team Methodology and Tradecraft
• Defense walkthroughs -- Basic understanding of AI defense concepts from Defense & Mitigation
• Platform walkthroughs -- Account access to the relevant cloud platform
• Engagement walkthroughs -- Completion of beginner and intermediate Labs