# README
Welcome to the **AI LLM Red Team Handbook**.
We designed this toolkit for security consultants, red teamers, and AI engineers. It provides end-to-end methodologies for identifying, assessing, and mitigating risks in Large Language Models (LLMs) and Generative AI systems.
***
## 🚀 Choose Your Path
| **🔬 The Consultant's Handbook** | **⚔️ The Field Manual** |
| --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
|
The foundational work. Theoretical deep-dives, detailed methodologies, compliance frameworks, and strategies for building a program.
|
The hands-on work. Operational playbooks, copy-paste payloads, quick reference cards, and checklists for live engagements.
|
| [**📖 Browse Handbook Chapters**](#-handbook-structure) | [**⚡ Go to Field Manuals**](https://github.com/Shiva108/ai-llm-red-team-handbook/blob/main/docs/Field_Manual_00_Index.md) |
***
## 📚 Handbook Structure
Part I: Foundations (Ethics, Legal, Mindset)
* [Chapter 1: Introduction to AI Red Teaming](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_01_introduction_to_ai_red_teaming)
* [Chapter 2: Ethics, Legal, and Stakeholder Communication](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_02_ethics_legal_and_stakeholder_communication)
* [Chapter 3: The Red Teamer's Mindset](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_03_the_red_teamers_mindset)
Part II: Project Preparation (Scoping, Threat Modeling)
* [Chapter 4: SOW, Rules of Engagement, and Client Onboarding](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_04_sow_rules_of_engagement_and_client_onboarding)
* [Chapter 5: Threat Modeling and Risk Analysis](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_05_threat_modeling_and_risk_analysis)
* [Chapter 6: Scoping an Engagement](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_06_scoping_an_engagement)
* [Chapter 7: Lab Setup and Environmental Safety](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_07_lab_setup_and_environmental_safety)
* [Chapter 8: Evidence, Documentation, and Chain of Custody](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_08_evidence_documentation_and_chain_of_custody)
Part III: Technical Fundamentals (Architecture, Tokenization)
* [Chapter 9: LLM Architectures and System Components](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_09_llm_architectures_and_system_components)
* [Chapter 10: Tokenization, Context, and Generation](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_10_tokenization_context_and_generation)
* [Chapter 11: Plugins, Extensions, and External APIs](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_11_plugins_extensions_and_external_apis)
Part IV: Pipeline Security (RAG, Supply Chain)
* [Chapter 12: Retrieval-Augmented Generation (RAG) Pipelines](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_12_retrieval_augmented_generation_rag_pipelines)
* [Chapter 13: Data Provenance and Supply Chain Security](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_13_data_provenance_and_supply_chain_security)
Part V: Attacks & Techniques (The Red Team Core)
* [Chapter 14: Prompt Injection](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_14_prompt_injection)
* [Chapter 15: Data Leakage and Extraction](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_15_data_leakage_and_extraction)
* [Chapter 16: Jailbreaks and Bypass Techniques](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_16_jailbreaks_and_bypass_techniques)
* [Chapter 17: Plugin and API Exploitation](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture)
* [Fundamentals and Architecture](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture)
* [API Authentication & Authorization](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture/chapter_17_02_api_authentication_and_authorization)
* [Plugin Vulnerabilities](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture/chapter_17_03_plugin_vulnerabilities)
* [API Exploitation & Function Calling](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture/chapter_17_04_api_exploitation_and_function_calling)
* [Third-Party Risks & Testing](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture/chapter_17_05_third_party_risks_and_testing)
* [Case Studies & Defense](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_17_01_fundamentals_and_architecture/chapter_17_06_case_studies_and_defense)
* [Chapter 18: Evasion, Obfuscation, and Adversarial Inputs](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_18_evasion_obfuscation_and_adversarial_inputs)
* [Chapter 19: Training Data Poisoning](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_19_training_data_poisoning)
* [Chapter 20: Model Theft and Membership Inference](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_20_model_theft_and_membership_inference)
* [Chapter 21: Model DoS and Resource Exhaustion](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_21_model_dos_resource_exhaustion)
* [Chapter 22: Cross-Modal and Multimodal Attacks](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_22_cross_modal_multimodal_attacks)
* [Chapter 23: Advanced Persistence and Chaining](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_23_advanced_persistence_chaining)
* [Chapter 24: Social Engineering with LLMs](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_24_social_engineering_llms)
Part VI: Defense & Mitigation
* [Chapter 25: Advanced Adversarial ML](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_25_advanced_adversarial_ml)
* [Chapter 26: Supply Chain Attacks on AI](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_26_supply_chain_attacks_on_ai)
* [Chapter 27: Federated Learning Attacks](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_27_federated_learning_attacks)
* [Chapter 28: AI Privacy Attacks](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_28_ai_privacy_attacks)
* [Chapter 29: Model Inversion Attacks](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_29_model_inversion_attacks)
* [Chapter 30: Backdoor Attacks](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_30_backdoor_attacks)
Part VII: Advanced Operations
* [Chapter 31: AI System Reconnaissance](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_31_ai_system_reconnaissance)
* [Chapter 32: Automated Attack Frameworks](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_32_automated_attack_frameworks)
* [Chapter 33: Red Team Automation](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_33_red_team_automation)
* [Chapter 34: Defense Evasion Techniques](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_34_defense_evasion_techniques)
* [Chapter 35: Post-Exploitation in AI Systems](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_35_post-exploitation_in_ai_systems)
* [Chapter 36: Reporting and Communication](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_36_reporting_and_communication)
* [Chapter 37: Remediation Strategies](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_37_remediation_strategies)
* [Chapter 38: Continuous Red Teaming](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_38_continuous_red_teaming)
* [Chapter 39: AI Bug Bounty Programs](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_39_ai_bug_bounty_programs)
Part VIII: Advanced Topics
* [Chapter 40: Compliance and Standards](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_40_compliance_and_standards)
* [Chapter 41: Industry Best Practices](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_41_industry_best_practices)
* [Chapter 42: Case Studies and War Stories](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_42_case_studies_and_war_stories)
* [Chapter 43: Future of AI Red Teaming](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_43_future_of_ai_red_teaming)
* [Chapter 44: Emerging Threats](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_44_emerging_threats)
* [Chapter 45: Building an AI Red Team Program](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_45_building_an_ai_red_team_program)
* [Chapter 46: Conclusion and Next Steps](https://cph-sec.gitbook.io/ai-llm-red-team-handbook-and-field-manual/chapter_46_conclusion_and_next_steps)
***
## 🧩 Reference & Resources
* [**Configuration Guide**](https://github.com/Shiva108/ai-llm-red-team-handbook/blob/main/scripts/docs/Configuration.md)
* [**Field Manual Index**](https://github.com/Shiva108/ai-llm-red-team-handbook/blob/main/docs/Field_Manual_00_Index.md)