Red Teams - Get
Get a redteam by name.
GET {endpoint}/redTeams/runs/{name}?api-version=2025-05-15-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
endpoint
|
path | True |
string (uri) |
Project endpoint. In the form "https://<your-ai-services-account-name>.services.ai.azure.com/api/projects/_project" if your Foundry Hub has only one Project, or to use the default Project in your Hub. Or in the form "https://<your-ai-services-account-name>.services.ai.azure.com/api/projects/<your-project-name>" if you want to explicitly specify the Foundry Project name. |
|
name
|
path | True |
string |
Identifier of the red team run. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Header
| Name | Required | Type | Description |
|---|---|---|---|
| x-ms-client-request-id |
string (uuid) |
An opaque, globally-unique, client-generated string identifier for the request. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The request has succeeded. Headers x-ms-client-request-id: string |
|
| Other Status Codes |
An unexpected error response. Headers x-ms-error-code: string |
Security
OAuth2Auth
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Scopes
| Name | Description |
|---|---|
| https://ai.azure.com/.default |
Examples
RedTeams_Get_MaximumSet
Sample request
GET {endpoint}/redTeams/runs/apwpcf?api-version=2025-05-15-preview
Sample response
{
"id": "tztegmf",
"numTurns": 10,
"attackStrategies": [
"easy"
],
"simulationOnly": true,
"riskCategories": [
"HateUnfairness"
],
"applicationScenario": "qaxxxhjp",
"tags": {
"key1287": "gbklekkgmxkfbhehgh"
},
"properties": {
"key9280": "fwzjtipl"
},
"status": "owgxaiudnkkeqwlnhtmihvhdkbgd",
"target": {
"type": "TargetConfig"
}
}Definitions
| Name | Description |
|---|---|
|
Attack |
Strategies for attacks. |
|
Azure. |
The error object. |
|
Azure. |
A response containing error details. |
|
Azure. |
An object containing more specific information about the error. As per Microsoft One API guidelines - https://github.com/microsoft/api-guidelines/blob/vNext/azure/Guidelines.md#handling-errors. |
|
Azure |
Azure OpenAI model configuration. The API version would be selected by the service for querying the model. |
|
Red |
Red team details. |
|
Risk |
Risk category for the attack objective. |
AttackStrategy
Strategies for attacks.
| Value | Description |
|---|---|
| easy |
Represents a default set of easy complexity attacks. Easy complexity attacks require less effort, such as translation of a prompt into some encoding, and does not require any Large Language Model to convert or orchestrate. |
| moderate |
Represents a default set of moderate complexity attacks. Moderate complexity attacks require having access to resources such as another generative AI model. |
| difficult |
Represents a default set of difficult complexity attacks. Difficult complexity attacks include attacks that require access to significant resources and effort to execute an attack such as knowledge of search-based algorithms in addition to a generative AI model. |
| ascii_art |
Generates visual art using ASCII characters, often used for creative or obfuscation purposes. |
| ascii_smuggler |
Conceals data within ASCII characters, making it harder to detect. |
| atbash |
Implements the Atbash cipher, a simple substitution cipher where each letter is mapped to its reverse. |
| base64 |
Encodes binary data into a text format using Base64, commonly used for data transmission. |
| binary |
Converts text into binary code, representing data in a series of 0s and 1s. |
| caesar |
Applies the Caesar cipher, a substitution cipher that shifts characters by a fixed number of positions. |
| character_space |
Alters text by adding spaces between characters, often used for obfuscation. |
| jailbreak |
Injects specially crafted prompts to bypass AI safeguards, known as User Injected Prompt Attacks (UPIA). |
| ansii_attack |
Utilizes ANSI escape sequences to manipulate text appearance and behavior. |
| character_swap |
Swaps characters within text to create variations or obfuscate the original content. |
| suffix_append |
Appends an adversarial suffix to the prompt. |
| string_join |
Joins multiple strings together, often used for concatenation or obfuscation. |
| unicode_confusable |
Uses Unicode characters that look similar to standard characters, creating visual confusion. |
| unicode_substitution |
Substitutes standard characters with Unicode equivalents, often for obfuscation. |
| diacritic |
Adds diacritical marks to characters, changing their appearance and sometimes their meaning. |
| flip |
Flips characters from front to back, creating a mirrored effect. |
| leetspeak |
Transforms text into Leetspeak, a form of encoding that replaces letters with similar-looking numbers or symbols. |
| rot13 |
Applies the ROT13 cipher, a simple substitution cipher that shifts characters by 13 positions. |
| morse |
Encodes text into Morse code, using dots and dashes to represent characters. |
| url |
Encodes text into URL format. |
| baseline |
Represents the baseline direct adversarial probing, which is used by attack strategies as the attack objective. |
Azure.Core.Foundations.Error
The error object.
| Name | Type | Description |
|---|---|---|
| code |
string |
One of a server-defined set of error codes. |
| details |
An array of details about specific errors that led to this reported error. |
|
| innererror |
An object containing more specific information than the current object about the error. |
|
| message |
string |
A human-readable representation of the error. |
| target |
string |
The target of the error. |
Azure.Core.Foundations.ErrorResponse
A response containing error details.
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
Azure.Core.Foundations.InnerError
An object containing more specific information about the error. As per Microsoft One API guidelines - https://github.com/microsoft/api-guidelines/blob/vNext/azure/Guidelines.md#handling-errors.
| Name | Type | Description |
|---|---|---|
| code |
string |
One of a server-defined set of error codes. |
| innererror |
Inner error. |
AzureOpenAIModelConfiguration
Azure OpenAI model configuration. The API version would be selected by the service for querying the model.
| Name | Type | Description |
|---|---|---|
| modelDeploymentName |
string |
Deployment name for AOAI model. Example: gpt-4o if in AIServices or connection based |
| type |
string:
Azure |
Type of the model configuration. |
RedTeam
Red team details.
| Name | Type | Default value | Description |
|---|---|---|---|
| applicationScenario |
string |
Application scenario for the red team operation, to generate scenario specific attacks. |
|
| attackStrategies |
List of attack strategies or nested lists of attack strategies. |
||
| displayName |
string |
Name of the red-team run. |
|
| id |
string |
Identifier of the red team run. |
|
| numTurns |
integer (int32) |
Number of simulation rounds. |
|
| properties |
object |
Red team's properties. Unlike tags, properties are add-only. Once added, a property cannot be removed. |
|
| riskCategories |
List of risk categories to generate attack objectives for. |
||
| simulationOnly |
boolean |
False |
Simulation-only or Simulation + Evaluation. Default false, if true the scan outputs conversation not evaluation result. |
| status |
string |
Status of the red-team. It is set by service and is read-only. |
|
| tags |
object |
Red team's tags. Unlike properties, tags are fully mutable. |
|
| target | TargetConfig: |
Target configuration for the red-team run. |
RiskCategory
Risk category for the attack objective.
| Value | Description |
|---|---|
| HateUnfairness |
Represents content related to hate or unfairness. |
| Violence |
Represents content related to violence. |
| Sexual |
Represents content of a sexual nature. |
| SelfHarm |
Represents content related to self-harm. |