JP

TOP
Service & Solution
News & Blog
About Us
Contact Us
Service & Solution
assessment-hero-bg

Deep AI Red Team

"Deep" AI Security Assessment Service for AI Agents

Gain visibility into the internal state of AI agents and
detect threats that traditional methods cannot find.
We identify threats and propose specific countermeasures.

  • Gaining visibility into internal states with our proprietary tool "ai-guard"From 27% to 100% threat coverage that traditional methods could not achieve

  • Covers all 15 OWASP Agentic AI threatsExperts contributing to AI safety research worldwide provide assessments with the latest insights

  • Easy deployment with no code modification requiredSimply launch your application via ai-guard to start instrumentation

Contact Us

Challenges in Assessing AI Agent Systems

icon1

73% of Risks Are Hidden Internally

AI agent threats originate from internal processes that are invisible from the outside

  • Memory poisoning manipulates decision-making
  • Dynamic privilege inheritance/delegation is exploited
  • Self-reinforcement amplifies misinformation, etc.

icon2

Blind to Internal States

Traditional methods only examine external interfaces

  • Chat screen input/output is the main assessment target
  • Internal processes remain a black box
  • Only covers 27% of the 15 OWASP Agentic AI threats

icon3

Real Threats Go Undetected

Assessments that don't examine internals cannot detect real risks

  • 73% of threats remain difficult to detect
  • Root causes of issues cannot be identified
  • Unable to implement specific countermeasures, leading to serious breaches in production

You cannot protect what you cannot see

— Incomplete assessments cannot produce effective countermeasures —

Deep AI Red Team can detect AI agent-specific threats

Limitations of Traditional Assessment Methods

73%
Hard to detect

Of the 15 OWASP Agentic AI threats,
11 (73%) are difficult to detect

* Based on our proprietary analysis

Deep AI Red Team's Solution

Gaining Visibility into Internal States with Proprietary Tool

Real-time analysis of system internals (memory, agent interactions, etc.) including multi-agent environments

+

Hybrid Approach: Experts + AI

Combining advanced app-specific scenario design with efficient automated detection

Detect AI agent-specific threats that traditional methods cannot find

5 Key Features of Deep AI Red Team

dART 画像-1

1

Internal State Observability

  • Observe the internal operations of AI agents
  • Monitor memory state, inter-agent communication, privilege inheritance/delegation, etc.
  • Comprehensive tracing based on OpenTelemetry standards

2

Distributed System / Multi-Agent Support

  • Distributed tracing via OpenTelemetry context propagation
  • Unified tracing of multi-agent communication as a single trace
  • Comprehensive assessment of entire distributed AI agent systems
  • Coverage examples: Agent-to-Agent communication, MCP server integration, API integration, etc.

3

Easy Deployment with No Code Modification

  • Simply launch your application via our proprietary ai-guard tool to start instrumentation (no code modification required)
  • Instrumentation examples: AI agent frameworks like OpenAI Agent SDK, HTTP, SQL, MCP servers, etc.

* Instrumentation targets can be flexibly accommodated

4

Human-Led Advanced Attack Scenarios

  • Assessors design and execute adaptive scenarios while observing internal state
  • Vulnerability exploration with deep insights considering internal state
  • Synergy: Our AI security expertise × Internal observability tools

5

AI-Powered Automated Threat Detection

  • Automatically detect certain threats using AI
  • AI automatically determines success/failure of certain attacks
  • Automatic alerts to assessors for anomalous patterns
  • Expected benefits: Improved quality and efficiency

Why Deep AI Red Team?

Comparison Standard Al Red Team Deep Al Red Team
Scope App I/O only Includes internal states: memory, reasoning, inter-agent comms, etc.
Threat Coverage 4 of 15 OWASP threats (27%) All 15 OWASP threats (100%) *
Approach Black-box Black-box + White-box
Scenario Quality Trial & error Strategic, adaptive scenarios tailored to app internals
Distributed Systems Not supported Supported (OTel context propagation)

* For items like T10, T15: assessed by inducing/detecting threat-causing agent behaviors

Gaining Visibility into Internal States and Assessment with ai-guard

Our proprietary tool "ai-guard" collects OpenTelemetry (OTel) data to perform assessments that consider internal state (Patent Pending)

Internal State Visualization and Assessment with ai-guard

From ai-guard Deployment to Assessment and Reporting

  1. STEP

    1

    Environment Setup (Customer)

    - Allow communication to our OpenTelemetry relay server
    - Deploy the ai-guard tool
    - Launch your application via ai-guard

  2. STEP

    2

    Connectivity Verification (NRI Secure)

    - Confirm that OpenTelemetry trace data is flowing correctly to our environment

  3. STEP

    3

    Assessment Execution (NRI Secure)

    - Internal state observation and analysis
    - Conduct assessments based on advanced attack scenario design

  4. STEP

    4

    Report Submission (NRI Secure)

    - Report discovered vulnerabilities, attack scenarios, and specific improvement recommendations

Constraints
  • Target Environment: Currently, only Python applications are supported
  • Instrumentation Scope: Instrumentation coverage varies depending on the frameworks and libraries used
* Both will be confirmed during the interview to assess ai-guard applicability
Notes
  • Cloud AI services such as Azure OpenAI or AWS Bedrock prepared by us may be used during assessment
  • Instrumentation data (trace information) may be sent to these AI services
* Appropriate security controls are implemented by us

Pricing

Individual Quote

We will propose the optimal assessment plan and pricing based on the scale and complexity of your AI agent system.

Estimates vary depending on the following factors:

  • Assessment duration and scope
  • Scale and complexity of the AI agent system
  • Number of agents and integrated systems
  • Types of AI agent frameworks used
  • Scope of instrumentation targets, etc.

Frequently Asked Questions

Q What is the difference from traditional AI Red Team?
A Traditional AI Red Team was black-box testing targeting external interfaces such as chat screen input/output. Deep AI Red Team uses our proprietary tool "ai-guard" to observe and assess the internal state of AI agents (memory, reasoning processes, inter-agent communication, etc.). This enables coverage of all 15 OWASP Agentic AI threats.
Q Can you assess systems other than AI agent systems?
A Yes, it's possible. However, for chatbots or RAG systems without agent functionality, internal state observability assessment may be excessive, and we may recommend the traditional AI Red Team service instead.
Q Can you assess risks beyond AI security?
A Yes, Deep AI Red Team is an extension of our AI Red Team service. Like AI Red Team, we can assess a wide range of AI risks.
Q Are there any constraints on target applications?
A Currently, Python applications are supported. Assessment feasibility varies depending on the AI agent framework used, so we will evaluate ai-guard applicability through an interview before the assessment.
Q Is multi-agent environment assessment possible?
A Yes, we support this. Through OpenTelemetry context propagation, we integrate multi-agent communication as a single trace to comprehensively assess the entire distributed AI agent system.
Q What work is required to deploy ai-guard?
A Three tasks are required on the customer side: allowing communication to our OpenTelemetry relay server, deploying the ai-guard tool, and launching the application via ai-guard. No code modification is required, making deployment relatively easy.
Q Is data sent externally during assessment?
A

Instrumentation data (OpenTelemetry trace information) is sent to our Observability platform. Additionally, cloud AI services such as Azure OpenAI or AWS Bedrock prepared by us may be used during assessment. We implement appropriate security controls.
Q Is re-evaluation possible after configuration review?
A One free re-assessment is provided.