|
| 1 | +--- |
| 2 | +title: Run AI Red Teaming Agent in the cloud (Azure AI Foundry SDK) |
| 3 | +titleSuffix: Azure AI Foundry |
| 4 | +description: This article provides instructions on how to use the AI Red Teaming Agent to run an automated scan in the cloud of a Generative AI application with the Azure AI Foundry SDK. |
| 5 | +manager: scottpolly |
| 6 | +ms.service: azure-ai-foundry |
| 7 | +ms.custom: |
| 8 | + - references_regions |
| 9 | +ms.topic: how-to |
| 10 | +ms.date: 05/29/2025 |
| 11 | +ms.reviewer: minthigpen |
| 12 | +ms.author: lagayhar |
| 13 | +author: lgayhardt |
| 14 | +--- |
| 15 | + |
| 16 | +# Run AI Red Teaming Agent in the cloud (preview) |
| 17 | + |
| 18 | +[!INCLUDE [feature-preview](../../includes/feature-preview.md)] |
| 19 | + |
| 20 | +Though the AI Red Teaming Agent (preview) can be run [locally](link/to/run-airedteaming-local.md) during prototyping and development to help identify safety risks, running them in the cloud allows for pre-deployment AI red teaming runs on larger combinations of attack strategies and risk categories for a fuller analysis. |
| 21 | + |
| 22 | +## Prerequisites |
| 23 | + |
| 24 | +[!INCLUDE [uses-fdp-only](../../includes/uses-fdp-only.md)] |
| 25 | + |
| 26 | +### Prerequisite set up steps for Azure AI Foundry Projects |
| 27 | + |
| 28 | +If this is your first time running evaluations or AI red teaming runs on your Azure AI Foundry project, you might need to do a few additional setup steps. |
| 29 | + |
| 30 | +1. [Create and connect your storage account](https://github.com/azure-ai-foundry/foundry-samples/blob/main/samples/microsoft/infrastructure-setup/01-connections/connection-storage-account.bicep) to your Azure AI Foundry project at the resource level. This bicep template provisions and connects a storage account to your Foundry project with key authentication. |
| 31 | +2. Make sure the connected storage account has access to all projects. |
| 32 | +3. If you connected your storage account with Microsoft Entra ID, make sure to give MSI (Microsoft Identity) permissions for Storage Blob Data Owner to both your account and Foundry project resource in Azure portal. |
| 33 | + |
| 34 | +## Getting started |
| 35 | + |
| 36 | +First, install Azure AI Foundry SDK's project client which runs the AI Red Teaming Agent in the cloud |
| 37 | + |
| 38 | +```python |
| 39 | +uv install azure-ai-projects azure-identity |
| 40 | +``` |
| 41 | + |
| 42 | +> [!NOTE] |
| 43 | +> For more detailed information, see the [REST API Reference Documentation](/rest/api/aifoundry/aiprojects/red-teams). |
| 44 | +
|
| 45 | +Then, set your environment variables for your Azure AI Foundry resources |
| 46 | + |
| 47 | +```python |
| 48 | +import os |
| 49 | + |
| 50 | +endpoint = os.environ["PROJECT_ENDPOINT"] # Sample : https://<account_name>.services.ai.azure.com/api/projects/<project_name> |
| 51 | +model_endpoint = os.environ["MODEL_ENDPOINT"] # Sample : https://<account_name>.services.ai.azure.com |
| 52 | +model_api_key= os.environ["MODEL_API_KEY"] |
| 53 | +model_deployment_name = os.environ["MODEL_DEPLOYMENT_NAME"] # Sample : gpt-4o-mini |
| 54 | +``` |
| 55 | + |
| 56 | +## Supported targets |
| 57 | + |
| 58 | +Running the AI Red Teaming Agent in the cloud currently only supports Azure OpenAI model deployments in your Azure AI Foundry project as a target. |
| 59 | + |
| 60 | +## Create an AI red teaming run |
| 61 | + |
| 62 | +# [Python](#tab/python) |
| 63 | + |
| 64 | +```python |
| 65 | +from azure.identity import DefaultAzureCredential |
| 66 | +from azure.ai.projects import AIProjectClient |
| 67 | +from azure.ai.projects.models import ( |
| 68 | + RedTeam, |
| 69 | + AzureOpenAIModelConfiguration, |
| 70 | + AttackStrategy, |
| 71 | + RiskCategory, |
| 72 | +) |
| 73 | + |
| 74 | +with AIProjectClient( |
| 75 | + endpoint=endpoint, |
| 76 | + credential=DefaultAzureCredential(exclude_interactive_browser_credential=False), |
| 77 | +) as project_client: |
| 78 | + |
| 79 | +# Create target configuration for testing an Azure OpenAI model |
| 80 | +target_config = AzureOpenAIModelConfiguration(model_deployment_name=model_deployment_name) |
| 81 | + |
| 82 | +# Instantiate the AI Red Teaming Agent |
| 83 | +red_team_agent = RedTeam( |
| 84 | + attack_strategies=[AttackStrategy.BASE64], |
| 85 | + risk_categories=[RiskCategory.VIOLENCE], |
| 86 | + display_name="red-team-cloud-run", |
| 87 | + target=target_config, |
| 88 | +) |
| 89 | + |
| 90 | +# Create and run the red teaming scan |
| 91 | +red_team_response = project_client.red_teams.create(red_team=red_team_agent, headers={"model-endpoint": model_endpoint, "api-key": model_api_key,}) |
| 92 | +``` |
| 93 | + |
| 94 | +# [cURL](#tab/curl) |
| 95 | + |
| 96 | +```bash |
| 97 | +curl --request POST \ --url https://{{account}}.services.ai.azure.com/api/projects/{{project}}/redteams/runs:run \ --header 'content-type: application/json' \ --header 'authorization: Bearer {{ai_token}}' --data '{ "scanName": "sample_scan_magic_1", "riskCategories": [ "Violence" ], "attackStrategy": [ "Flip" ], "numTurns": 1, "target": { "type": "AzureOpenAIModel", "modelDeploymentName": "{{connectionName}}/{{deploymentName}}" }}' |
| 98 | +``` |
| 99 | + |
| 100 | +- Replace `{{account}}`, `{{project}}` with Foundry Project account name and project name. |
| 101 | +- Replace `{{ai_token}}` with Bearer token with audience "<https://ai.azure.com>" |
| 102 | +- Replace `"{{connectionName}}"` with the Azure OpenAI model connection name connected to the Foundry project account. |
| 103 | +- Replace `"{{deploymentName}}"` with the Azure OpenAI deployment name of the AOAI connection account. |
| 104 | + |
| 105 | +--- |
| 106 | + |
| 107 | +## Get an AI red teaming run |
| 108 | + |
| 109 | +# [Python](#tab/python) |
| 110 | + |
| 111 | +```python |
| 112 | +# Use the name returned by the create operation for the get call |
| 113 | +get_red_team_response = project_client.red_teams.get(name=red_team_response.name) |
| 114 | +print(f"Red Team scan status: {get_red_team_response.status}") |
| 115 | +``` |
| 116 | + |
| 117 | +# [cURL](#tab/curl) |
| 118 | + |
| 119 | +```bash |
| 120 | +curl --request GET \ --header 'authorization: Bearer {{ai_token}}' --url https://{{account}}.services.ai.azure.com/api/projects/{{project}}/redteams/runs/{{scan_id}} |
| 121 | +``` |
| 122 | + |
| 123 | +- Replace `"{{scan_id}"` with the ID returned by the POST API. |
| 124 | + |
| 125 | +--- |
| 126 | + |
| 127 | +## List all AI red teaming runs |
| 128 | + |
| 129 | +# [Python](#tab/python) |
| 130 | + |
| 131 | +```python |
| 132 | +for scan in project_client.red_teams.list(): |
| 133 | + print(f"Found scan: {scan.name}, Status: {scan.status}") |
| 134 | +``` |
| 135 | + |
| 136 | +# [cURL](#tab/curl) |
| 137 | + |
| 138 | +```bash |
| 139 | +curl --request GET \ --header 'authorization: Bearer {{ai_token}}' --url https://{{account}}.services.ai.azure.com/api/projects/{{project}}/redteams/runs |
| 140 | +``` |
| 141 | + |
| 142 | +--- |
| 143 | + |
| 144 | +Once your AI red teaming run is finished running, you can [view your results](../view-ai-red-teaming-results.md) in your Azure AI Foundry project. |
| 145 | + |
| 146 | +## Next steps |
| 147 | + |
| 148 | +Try out an [example workflow](https://aka.ms/airedteamingagent-sample) in our GitHub samples. |
0 commit comments