🚨 NeuralTrust has raised $20M
Back

NeuralTrust Contributes to the OWASP GenAI Red Teaming Manual

NeuralTrust Team July 1, 2026
Share
NeuralTrust Contributes to the OWASP GenAI Red Teaming Manual

NeuralTrust announced its contribution to the OWASP GenAI Security Project's newly released GenAI Red Teaming Manual (v1.0), now open for public comment. The manual provides a hands-on, community-driven methodology for adversarial testing of generative and agentic AI systems, reinforcing NeuralTrust's ongoing commitment to advancing open standards for AI security.

As organizations move large language models and autonomous AI agents from experimentation into production, the need for structured, repeatable adversarial testing has become urgent. Traditional penetration testing and application security playbooks were not designed for systems that reason, retrieve external data, call tools, and make decisions on their own. The GenAI Red Teaming Manual was created to close this gap, giving red teamers, security researchers, and practitioners a shared framework for evaluating the security, safety, robustness, and trustworthiness of GenAI models and applications.

At its core, the manual answers a practical question: how do you actually test an AI system for weaknesses before an attacker does? It does this by walking practitioners through the entire engagement as a repeatable process rather than a collection of ad-hoc tricks. The methodology is organized into eight phases. It begins with Planning & Scoping, where teams define objectives, assemble the right mix of skills, and set rules of engagement, and moves into Reconnaissance & Fingerprinting, where testers gather intelligence about a target's design, behavior, and defenses — for example, inferring which model family powers a system from how it refuses unsafe requests. From there, Surface Mapping charts every point where the system can be reached or influenced, drawing out trust boundaries, data flows, and the guardrails meant to protect them, and overlays known threat taxonomies onto that map to turn architecture into a concrete test plan.

The middle phases are where testing becomes active. Exploitation covers the hands-on attacks themselves, prompt injection, jailbreaks, poisoning of training data and RAG knowledge bases, model extraction, and attacks hidden in images, audio, or generated code, organized by the kind of harm each one targets. Persistence & Escalation examines whether a compromise can survive past a single chat session by corrupting an agent's memory or tools, and whether an attacker can push the system into actions it should be restricted from taking. Post-Exploitation & Impact then steps back to measure the real consequences: what data was exposed, how far the blast radius extends, and how severe the finding is on a consistent risk scale.

The final phases turn findings into lasting defense. Evaluation & Reporting introduces rigorous, reproducible scoring, including metrics like Attack Success Rate, recall, false-positive rate, and pass@k, so that results hold up across model updates and can be communicated clearly to executive, engineering, and compliance audiences. Post-Engagement & Remediation closes the loop by pairing each confirmed exploit with a defensive detection artifact, feeding successful attacks back into CI/CD pipelines as regression tests and into the blue team's monitoring rules. Throughout, the manual ties its methodology to established frameworks including the OWASP Top 10 for LLM Applications, the OWASP Top 10 for Agentic Applications, MITRE ATLAS, and the NIST AI Risk Management Framework, so that testing remains traceable and auditable.

NeuralTrust's contribution reflects the work our research team does in the field every day. The NeuralTrust team joined contributors from across the AI security community to help shape the manual. NeuralTrust's Echo Chamber technique, a multi-turn jailbreak that poisons conversational context by prompting a model to reference its own prior responses until safety filters erode, is featured in the manual's appendix as a real-world adversarial example, including documented use against frontier models.

"Red teaming is how AI security moves from theory to practice," said a spokesperson for NeuralTrust. "A shared, hands-on methodology means organizations no longer have to invent their testing approach from scratch. This is exactly the kind of open, collaborative work the industry needs as GenAI moves deeper into production."

By contributing to the GenAI Red Teaming Manual, NeuralTrust aims to help the broader security community build a common foundation for understanding and mitigating the risks introduced by generative and agentic AI. The draft is now in a public comment period, and the community is invited to review it and provide feedback on what should be added, clarified, expanded, or challenged.

About NeuralTrust

NeuralTrust helps organizations adopt generative AI securely and at scale. Its platform provides runtime security, AI threat and risk detection, and agent security capabilities designed to make AI systems measurable, reliable, and trustworthy throughout their lifecycle.

About OWASP

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation dedicated to improving software security. Through open-source projects, community-led initiatives, and widely adopted industry guidance, OWASP helps organizations worldwide build more secure applications and systems.

Subscribe to our newsletter

Share

Join the leaders securing the agent ecosystem

Get a Demo