[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"kb-article-inside-microsoft-s-ai-red-team-neuroscientists-veterans-and-the-future-of-safe-frontier-models-en":3,"ArticleBody_Lqsszxncn7gvvuHXRtn1VQa0JKKuak31v6GvkE870":105},{"article":4,"relatedArticles":75,"locale":64},{"id":5,"title":6,"slug":7,"content":8,"htmlContent":9,"excerpt":10,"category":11,"tags":12,"metaDescription":10,"wordCount":13,"readingTime":14,"publishedAt":15,"sources":16,"sourceCoverage":58,"transparency":59,"seo":63,"language":64,"featuredImage":65,"featuredImageCredit":66,"isFreeGeneration":70,"trendSlug":58,"niche":71,"geoTakeaways":58,"geoFaq":58,"entities":58},"69c0a0c22f63650529e7e741","Inside Microsoft’s AI Red Team: Neuroscientists, Veterans, and the Future of Safe Frontier Models","inside-microsoft-s-ai-red-team-neuroscientists-veterans-and-the-future-of-safe-frontier-models","Before any major Copilot, Phi model, or Azure OpenAI capability reaches customers, Microsoft’s AI Red Team tries to break it first. Its mandate: simulate real users and adversaries, then decide whether launch should proceed, be redesigned, or be blocked.[1][3] Safety becomes a hard gate on deployment, not a slide in a deck.\n\nThe team’s composition is equally unusual: ML engineers work alongside neuroscientists, military veterans, social scientists, and people with prison experience, each modeling different behaviors, biases, and threat mindsets.[1][2] Their work is now a bellwether for how frontier models and AI agents will be evaluated as capabilities accelerate toward an expected step‑change around 2026.[9]  \n\n---\n\n## 1. Why Microsoft Built a Neuroscientist‑and‑Veteran AI Red Team\n\nMicrosoft’s AI Red Team is an operational gatekeeper, not an ethics committee. It can delay or halt launches that fail safety, abuse, or misuse thresholds.[1][3] For flagship AI releases, red‑team sign‑off now matters as much as performance or revenue.\n\n💼 **Strategic implication:** Safety is a precondition for go‑to‑market, not a PR add‑on.\n\n### A deliberately diverse threat brain\n\nThe team is built to catch sociotechnical harms classical security would miss:\n\n- Neuroscientists: cognitive vulnerabilities, emotional distress, manipulation.\n- Military personnel: information warfare, operational security, state‑level threats.\n- People with prison experience: criminal workarounds, fraud, black‑market dynamics.[1][2]\n\nThis reflects a shift from purely technical failures to harms like radicalization, targeted persuasion, and psychosocial damage.[2][3]\n\n⚡ **Key idea:** Generative models fail in ways that resemble people, not just code.\n\n### Guardrails grounded in published principles\n\nBrad Smith, Microsoft’s president, anchors decisions in public principles and “guardrails” that define when the company will not deploy AI, including some military uses.[2] The red team treats these as hard boundaries, not case‑by‑case debates.\n\nBecause guardrails are tied to a published Responsible AI framework, regulators and customers can trace launch decisions to written policy instead of opaque compromises.[2][5]\n\n### Extending a militaristic concept to generative AI\n\nRed teaming began in the military: simulate an enemy (“red”) to probe “blue” defenses.[2] Microsoft extended this from cybersecurity to generative models that can:\n\n- Leak or fabricate sensitive data\n- Generate disinformation at scale\n- Produce harassment or self‑harm content[2][3][5]\n\nOther labs (Anthropic, Google DeepMind, OpenAI) now highlight red teaming in their safety frameworks.[7] Microsoft’s direct launch‑blocking authority and multidisciplinary staffing remain unusually strong levers.[3][5]\n\n💡 **Section takeaway:** An empowered, cross‑disciplinary red team signals that AI risk is managed like a high‑reliability system, not left to post‑incident clean‑up.[3][9]\n\n---\n\n## 2. How Microsoft’s AI Red Team Actually “Hacks” Models Pre‑Launch\n\nSince 2018, the AI Red Team has tested 100+ generative AI applications, including every flagship Azure OpenAI model, major Copilots, and all Phi releases before announcement.[3] What started as ad‑hoc testing is now a formal pipeline.\n\n### Role‑play, stress tests, and domain‑specific “abuse labs”\n\nRed‑teamers go beyond clever jailbreak prompts. They simulate:\n\n- Malicious attackers: data exfiltration, policy evasion, prompt injection.\n- Naïve or distressed users: crisis queries, confusion, over‑trust.\n- Sector misuse: finance, healthcare, critical infrastructure scenarios.[3][4][5]\n\nExamples include testing Copilots for:\n\n- Cross‑tenant data leaks\n- Unsafe code via multi‑step jailbreaks\n- Medical or financial advice that conflicts with regulations[4][5]\n\n⚠️ **Practical lesson:** Ignoring stressed or unsophisticated users misses major failure modes.\n\n### Smaller models as a counterintuitive safety tool\n\nA recurring finding: smaller models are often safer. Their narrower capabilities:\n\n- Reduce emergent harmful behaviors\n- Make guardrails and monitoring easier to enforce[3]\n\nMicrosoft now recommends smaller models in some enterprise contexts where controllability outweighs raw capability.\n\n📊 **Design trade‑off:** Capability vs. controllability is quantified in red‑team reports, not left as an abstract debate.[3][5]\n\n### Automation plus human creativity\n\nTo scale testing, Microsoft uses:\n\n- The Open Automation Framework\n- PyRIT, an open‑source toolkit for automated adversarial probing[5]\n\nThese run large volumes of scripted attacks—prompt injections, jailbreak variants, data‑exfiltration attempts—while human testers explore novel, contextual behaviors automation misses.[3][5]\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215134056\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1550.28125px;\" viewBox=\"0 0 1550.28125 247\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215134056{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215134056 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215134056 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215134056 .error-icon{fill:#552222;}#diagram-1775215134056 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215134056 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215134056 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215134056 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215134056 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215134056 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215134056 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215134056 .marker{fill:#333333;stroke:#333333;}#diagram-1775215134056 .marker.cross{stroke:#333333;}#diagram-1775215134056 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215134056 p{margin:0;}#diagram-1775215134056 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215134056 .cluster-label text{fill:#333;}#diagram-1775215134056 .cluster-label span{color:#333;}#diagram-1775215134056 .cluster-label span p{background-color:transparent;}#diagram-1775215134056 .label text,#diagram-1775215134056 span{fill:#333;color:#333;}#diagram-1775215134056 .node rect,#diagram-1775215134056 .node circle,#diagram-1775215134056 .node ellipse,#diagram-1775215134056 .node polygon,#diagram-1775215134056 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215134056 .rough-node .label text,#diagram-1775215134056 .node .label text,#diagram-1775215134056 .image-shape .label,#diagram-1775215134056 .icon-shape .label{text-anchor:middle;}#diagram-1775215134056 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215134056 .rough-node .label,#diagram-1775215134056 .node .label,#diagram-1775215134056 .image-shape .label,#diagram-1775215134056 .icon-shape .label{text-align:center;}#diagram-1775215134056 .node.clickable{cursor:pointer;}#diagram-1775215134056 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215134056 .arrowheadPath{fill:#333333;}#diagram-1775215134056 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215134056 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215134056 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134056 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215134056 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134056 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215134056 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215134056 .cluster text{fill:#333;}#diagram-1775215134056 .cluster span{color:#333;}#diagram-1775215134056 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215134056 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215134056 rect.text{fill:none;stroke-width:0;}#diagram-1775215134056 .icon-shape,#diagram-1775215134056 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134056 .icon-shape p,#diagram-1775215134056 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215134056 .icon-shape .label rect,#diagram-1775215134056 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134056 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215134056 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215134056 .node .neo-node{stroke:#9370DB;}#diagram-1775215134056 [data-look=\"neo\"].node rect,#diagram-1775215134056 [data-look=\"neo\"].cluster rect,#diagram-1775215134056 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215134056 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215134056 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215134056 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M195.344,111L199.51,111C203.677,111,212.01,111,219.677,111C227.344,111,234.344,111,237.844,111L241.344,111\" id=\"diagram-1775215134056-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTk1LjM0Mzc1LCJ5IjoxMTF9LHsieCI6MjIwLjM0Mzc1LCJ5IjoxMTF9LHsieCI6MjQ1LjM0Mzc1LCJ5IjoxMTF9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M386.748,84L398.024,77.833C409.3,71.667,431.853,59.333,446.63,53.167C461.406,47,468.406,47,471.906,47L475.406,47\" id=\"diagram-1775215134056-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6Mzg2Ljc0NzU1ODU5Mzc1LCJ5Ijo4NH0seyJ4Ijo0NTQuNDA2MjUsInkiOjQ3fSx7IngiOjQ3OS40MDYyNSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M386.748,138L398.024,144.167C409.3,150.333,431.853,162.667,447.813,168.833C463.773,175,473.141,175,477.824,175L482.508,175\" id=\"diagram-1775215134056-L_B_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_D_0\" data-points=\"W3sieCI6Mzg2Ljc0NzU1ODU5Mzc1LCJ5IjoxMzh9LHsieCI6NDU0LjQwNjI1LCJ5IjoxNzV9LHsieCI6NDg2LjUwNzgxMjUsInkiOjE3NX1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M687.063,47L691.229,47C695.396,47,703.729,47,717.371,50.912C731.012,54.824,749.962,62.649,759.437,66.561L768.912,70.473\" id=\"diagram-1775215134056-L_C_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_E_0\" data-points=\"W3sieCI6Njg3LjA2MjUsInkiOjQ3fSx7IngiOjcxMi4wNjI1LCJ5Ijo0N30seyJ4Ijo3NzIuNjA5Mzc1LCJ5Ijo3Mn1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M679.961,175L685.311,175C690.661,175,701.362,175,716.187,171.088C731.012,167.176,749.962,159.351,759.437,155.439L768.912,151.527\" id=\"diagram-1775215134056-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6Njc5Ljk2MDkzNzUsInkiOjE3NX0seyJ4Ijo3MTIuMDYyNSwieSI6MTc1fSx7IngiOjc3Mi42MDkzNzUsInkiOjE1MH1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M997.063,111L1001.229,111C1005.396,111,1013.729,111,1021.396,111C1029.063,111,1036.063,111,1039.563,111L1043.063,111\" id=\"diagram-1775215134056-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6OTk3LjA2MjUsInkiOjExMX0seyJ4IjoxMDIyLjA2MjUsInkiOjExMX0seyJ4IjoxMDQ3LjA2MjUsInkiOjExMX1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1289.484,111L1293.651,111C1297.818,111,1306.151,111,1313.818,111C1321.484,111,1328.484,111,1331.984,111L1335.484,111\" id=\"diagram-1775215134056-L_F_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_F_G_0\" data-points=\"W3sieCI6MTI4OS40ODQzNzUsInkiOjExMX0seyJ4IjoxMzE0LjQ4NDM3NSwieSI6MTExfSx7IngiOjEzMzkuNDg0Mzc1LCJ5IjoxMTF9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_F_G_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-A-0\" data-look=\"classic\" transform=\"translate(101.671875, 111)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-93.671875\" y=\"-27\" width=\"187.34375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-63.671875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"127.34375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>New Model Build\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-B-1\" data-look=\"classic\" transform=\"translate(337.375, 111)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-92.03125\" y=\"-27\" width=\"184.0625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-62.03125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"124.0625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Threat Modeling\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-C-3\" data-look=\"classic\" transform=\"translate(583.234375, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-103.828125\" y=\"-39\" width=\"207.65625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-73.828125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"147.65625\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Automated Probing\u003Cbr\u002F>PyRIT, scripts\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-D-5\" data-look=\"classic\" transform=\"translate(583.234375, 175)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-96.7265625\" y=\"-39\" width=\"193.453125\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-66.7265625, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"133.453125\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Human Red Team\u003Cbr\u002F>role-play attacks\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-E-7\" data-look=\"classic\" transform=\"translate(867.0625, 111)\">\u003Crect class=\"basic label-container\" style=\"fill:#f59e0b !important\" x=\"-130\" y=\"-39\" width=\"260\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-100, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"200\" height=\"48\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Failure Taxonomy & Bug Bar\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-F-11\" data-look=\"classic\" transform=\"translate(1168.2734375, 111)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-121.2109375\" y=\"-27\" width=\"242.421875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-91.2109375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"182.421875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Mitigations & Retraining\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-G-13\" data-look=\"classic\" transform=\"translate(1440.8828125, 111)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-101.3984375\" y=\"-27\" width=\"202.796875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-71.3984375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"142.796875\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Go \u002F No-Go Launch\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134056-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134056-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1545.28125\" y=\"242\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\nLessons are codified into:\n\n- AI Security Training\n- Internal playbooks and “patterns of failure”\n- Reference guides for Azure AI builders[5]\n\n💡 **Section takeaway:** Automated adversarial search plus creative, multidisciplinary testers lets Microsoft cover broad behavioral space without relying on a few clever prompts.[3][5]\n\n---\n\n## 3. Governance, Taxonomies, and Guardrails Behind the Testing\n\nRed‑team impact depends on how findings drive decisions. Microsoft’s governance stack turns qualitative failures into consistent go\u002Fno‑go outcomes.[5]\n\n### Responsible AI Standard as the backbone\n\nThe Responsible AI Standard and impact assessments define:\n\n- Unacceptable harms\n- Required mitigations\n- Required sign‑offs for high‑risk uses[5]\n\nThis gives the red team a clear decision template instead of renegotiating every mitigation.[2][5]\n\n### Taxonomy and Bug Bar: from anecdotes to structured risks\n\nMicrosoft’s “taxonomy for machine learning failure” classifies issues like:\n\n- Robustness failures: jailbreaks, prompt injection\n- Privacy leaks: cross‑tenant exposure, PII\n- Content safety: hate, self‑harm, misinformation[5][6]\n\nA Bug Bar for ML systems maps these to severity levels and expected responses, aligning with traditional vulnerability triage.[5]\n\n📊 **Effect:** Bias, hallucinations, and prompt injection become specific vulnerability categories with owners and deadlines, not vague “AI issues.”[5][6]\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215134710\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 230.5625px;\" viewBox=\"0 0 230.5625 687\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215134710{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215134710 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215134710 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215134710 .error-icon{fill:#552222;}#diagram-1775215134710 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215134710 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215134710 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215134710 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215134710 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215134710 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215134710 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215134710 .marker{fill:#333333;stroke:#333333;}#diagram-1775215134710 .marker.cross{stroke:#333333;}#diagram-1775215134710 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215134710 p{margin:0;}#diagram-1775215134710 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215134710 .cluster-label text{fill:#333;}#diagram-1775215134710 .cluster-label span{color:#333;}#diagram-1775215134710 .cluster-label span p{background-color:transparent;}#diagram-1775215134710 .label text,#diagram-1775215134710 span{fill:#333;color:#333;}#diagram-1775215134710 .node rect,#diagram-1775215134710 .node circle,#diagram-1775215134710 .node ellipse,#diagram-1775215134710 .node polygon,#diagram-1775215134710 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215134710 .rough-node .label text,#diagram-1775215134710 .node .label text,#diagram-1775215134710 .image-shape .label,#diagram-1775215134710 .icon-shape .label{text-anchor:middle;}#diagram-1775215134710 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215134710 .rough-node .label,#diagram-1775215134710 .node .label,#diagram-1775215134710 .image-shape .label,#diagram-1775215134710 .icon-shape .label{text-align:center;}#diagram-1775215134710 .node.clickable{cursor:pointer;}#diagram-1775215134710 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215134710 .arrowheadPath{fill:#333333;}#diagram-1775215134710 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215134710 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215134710 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134710 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215134710 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134710 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215134710 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215134710 .cluster text{fill:#333;}#diagram-1775215134710 .cluster span{color:#333;}#diagram-1775215134710 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215134710 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215134710 rect.text{fill:none;stroke-width:0;}#diagram-1775215134710 .icon-shape,#diagram-1775215134710 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134710 .icon-shape p,#diagram-1775215134710 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215134710 .icon-shape .label rect,#diagram-1775215134710 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134710 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215134710 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215134710 .node .neo-node{stroke:#9370DB;}#diagram-1775215134710 [data-look=\"neo\"].node rect,#diagram-1775215134710 [data-look=\"neo\"].cluster rect,#diagram-1775215134710 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215134710 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215134710 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215134710 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M115.281,62L115.281,66.167C115.281,70.333,115.281,78.667,115.281,86.333C115.281,94,115.281,101,115.281,104.5L115.281,108\" id=\"diagram-1775215134710-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5Ijo2Mn0seyJ4IjoxMTUuMjgxMjUsInkiOjg3fSx7IngiOjExNS4yODEyNSwieSI6MTEyfV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,190L115.281,194.167C115.281,198.333,115.281,206.667,115.281,214.333C115.281,222,115.281,229,115.281,232.5L115.281,236\" id=\"diagram-1775215134710-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5IjoxOTB9LHsieCI6MTE1LjI4MTI1LCJ5IjoyMTV9LHsieCI6MTE1LjI4MTI1LCJ5IjoyNDB9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,318L115.281,322.167C115.281,326.333,115.281,334.667,115.281,342.333C115.281,350,115.281,357,115.281,360.5L115.281,364\" id=\"diagram-1775215134710-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5IjozMTh9LHsieCI6MTE1LjI4MTI1LCJ5IjozNDN9LHsieCI6MTE1LjI4MTI1LCJ5IjozNjh9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,446L115.281,450.167C115.281,454.333,115.281,462.667,115.281,470.333C115.281,478,115.281,485,115.281,488.5L115.281,492\" id=\"diagram-1775215134710-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5Ijo0NDZ9LHsieCI6MTE1LjI4MTI1LCJ5Ijo0NzF9LHsieCI6MTE1LjI4MTI1LCJ5Ijo0OTZ9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,550L115.281,554.167C115.281,558.333,115.281,566.667,115.281,574.333C115.281,582,115.281,589,115.281,592.5L115.281,596\" id=\"diagram-1775215134710-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5Ijo1NTB9LHsieCI6MTE1LjI4MTI1LCJ5Ijo1NzV9LHsieCI6MTE1LjI4MTI1LCJ5Ijo2MDB9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-A-0\" data-look=\"classic\" transform=\"translate(115.28125, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-97.125\" y=\"-27\" width=\"194.25\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-67.125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"134.25\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Red-Team Finding\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-B-1\" data-look=\"classic\" transform=\"translate(115.28125, 151)\">\u003Crect class=\"basic label-container\" style=\"fill:#f59e0b !important\" x=\"-96.0078125\" y=\"-39\" width=\"192.015625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-66.0078125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"132.015625\" height=\"48\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Classify via\u003Cbr\u002F>Failure Taxonomy\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-C-3\" data-look=\"classic\" transform=\"translate(115.28125, 279)\">\u003Crect class=\"basic label-container\" style=\"fill:#f97316 !important\" x=\"-86.4453125\" y=\"-39\" width=\"172.890625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-56.4453125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"112.890625\" height=\"48\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Assign Severity\u003Cbr\u002F>Bug Bar\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-D-5\" data-look=\"classic\" transform=\"translate(115.28125, 407)\">\u003Crect class=\"basic label-container\" style=\"fill:#0ea5e9 !important\" x=\"-101.953125\" y=\"-39\" width=\"203.90625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-71.953125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"143.90625\" height=\"48\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Map to Policy\u003Cbr\u002F>RAG \u002F RAI Standard\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-E-7\" data-look=\"classic\" transform=\"translate(115.28125, 523)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-107.28125\" y=\"-27\" width=\"214.5625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-77.28125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"154.5625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Engineering Backlog\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-F-9\" data-look=\"classic\" transform=\"translate(115.28125, 627)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-84.9765625\" y=\"-27\" width=\"169.953125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-54.9765625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"109.953125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Retest & Verify\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134710-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134710-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"225.5625\" y=\"682\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\n### Threat modeling and downstream defenses\n\nDeveloper guidance for ML threat modeling pushes teams to define attacker goals, capabilities, and constraints before red‑teaming.[5][7] This mirrors independent safety groups that treat explicit threat models as the basis for credible evaluation.[6][7]\n\nDownstream tools—Azure AI Content Safety, monitoring, filters, governance dashboards—are treated as defenses to be attacked and empirically validated, not assumed sufficient.[5][6]\n\n💡 **Section takeaway:** The power lies less in any single tool than in a closed loop where taxonomy, Bug Bar, and Responsible AI policy connect discovery, mitigation, and re‑evaluation.[5][6]\n\n---\n\n## 4. Strategic Lessons for AI Leaders, Policymakers, and Investors\n\nWith Morgan Stanley projecting a major jump in frontier‑model capabilities around 2026, the cost of weak pre‑deployment evaluation will rise.[9] Microsoft’s architecture is a reference design, not a finished recipe.\n\n### Lesson 1: Red teaming is now a strategic necessity\n\nWeak or opaque testing already erodes trust. The Xiaomi Hunter Alpha case—an unlabelled “stealth model” on OpenRouter that was an internal test build—sparked rumors it was a secret DeepSeek V4, moving markets and drawing scrutiny.[8]\n\n⚠️ **Signal:** When test infrastructure leaks, red‑team practices become governance and investor‑relations issues, not just technical ones.\n\n### Lesson 2: Agents need policy‑enforced runtimes plus testing\n\nNVIDIA’s Agent Toolkit and OpenShell runtime enforce policy‑based security, network, and privacy guardrails for autonomous agents.[10] This reflects a shift toward:\n\n- Policy‑aware runtimes\n- Fine‑grained permissions\n- Built‑in monitoring for acting agents[10]\n\nBut guardrails are only hypotheses until red‑teamed under adversarial prompting and tool‑use scenarios.[3][10] Microsoft‑style automated probing (PyRIT) and expert scenarios can validate whether policies hold under pressure.[5][6]\n\n### Lesson 3: Standardize threat‑model‑driven evidence\n\nAdvanced LLM red‑teaming frameworks recommend staged evaluations:\n\n- Automated “fuzzing” and prompt mutation at scale\n- Scenario‑based expert testing for high‑impact misuse\n- Iterative campaigns as models and prompts evolve[6]\n\nPolicymakers can demand **threat‑model‑driven evidence**: proof that systems were tested against specific abuse cases—disinformation, targeted harassment, PII leakage—rather than generic “we did a red team.”[6][7]\n\n💡 **Regulatory move:** Require explicit mapping between threat models, test campaigns, and mitigations, echoing Microsoft’s internal guidance.[5][7]\n\n### Lesson 4: Do not outsource your domain‑specific risk\n\nFor enterprises on Azure, Microsoft’s AI shared responsibility model and risk assessment guidance clarify that customers remain responsible for:\n\n- Domain‑specific misuse and sectoral compliance\n- Fine‑tuning, prompts, and configurations\n- Integrations with internal data and tools[5]\n\nMicrosoft’s red‑teaming is a floor, not a ceiling. Enterprises still need domain‑specific red‑team exercises using internal SMEs to model realistic abuse in their own context.[5][6]\n\n💼 **Section takeaway:** Organizations that will thrive treat red teaming as a core strategy and governance capability, not a box‑checking security feature.[6][9]\n\n---\n\n## Conclusion: Red Teams as Gatekeepers for the Frontier\n\nMicrosoft’s AI Red Team illustrates how to treat AI safety as an operational discipline with real veto power, grounded in diverse expertise and structured governance.[1][3][5] As models grow more capable and agents gain the ability to act, similar red‑team functions—integrated with clear taxonomies, bug bars, and policy guardrails—are likely to become standard for any organization deploying frontier‑scale AI.[6][7][9]","\u003Cp>Before any major Copilot, Phi model, or Azure OpenAI capability reaches customers, Microsoft’s AI Red Team tries to break it first. Its mandate: simulate real users and adversaries, then decide whether launch should proceed, be redesigned, or be blocked.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa> Safety becomes a hard gate on deployment, not a slide in a deck.\u003C\u002Fp>\n\u003Cp>The team’s composition is equally unusual: ML engineers work alongside neuroscientists, military veterans, social scientists, and people with prison experience, each modeling different behaviors, biases, and threat mindsets.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa> Their work is now a bellwether for how frontier models and AI agents will be evaluated as capabilities accelerate toward an expected step‑change around 2026.\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>1. Why Microsoft Built a Neuroscientist‑and‑Veteran AI Red Team\u003C\u002Fh2>\n\u003Cp>Microsoft’s AI Red Team is an operational gatekeeper, not an ethics committee. It can delay or halt launches that fail safety, abuse, or misuse thresholds.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa> For flagship AI releases, red‑team sign‑off now matters as much as performance or revenue.\u003C\u002Fp>\n\u003Cp>💼 \u003Cstrong>Strategic implication:\u003C\u002Fstrong> Safety is a precondition for go‑to‑market, not a PR add‑on.\u003C\u002Fp>\n\u003Ch3>A deliberately diverse threat brain\u003C\u002Fh3>\n\u003Cp>The team is built to catch sociotechnical harms classical security would miss:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Neuroscientists: cognitive vulnerabilities, emotional distress, manipulation.\u003C\u002Fli>\n\u003Cli>Military personnel: information warfare, operational security, state‑level threats.\u003C\u002Fli>\n\u003Cli>People with prison experience: criminal workarounds, fraud, black‑market dynamics.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This reflects a shift from purely technical failures to harms like radicalization, targeted persuasion, and psychosocial damage.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>⚡ \u003Cstrong>Key idea:\u003C\u002Fstrong> Generative models fail in ways that resemble people, not just code.\u003C\u002Fp>\n\u003Ch3>Guardrails grounded in published principles\u003C\u002Fh3>\n\u003Cp>Brad Smith, Microsoft’s president, anchors decisions in public principles and “guardrails” that define when the company will not deploy AI, including some military uses.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa> The red team treats these as hard boundaries, not case‑by‑case debates.\u003C\u002Fp>\n\u003Cp>Because guardrails are tied to a published Responsible AI framework, regulators and customers can trace launch decisions to written policy instead of opaque compromises.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Extending a militaristic concept to generative AI\u003C\u002Fh3>\n\u003Cp>Red teaming began in the military: simulate an enemy (“red”) to probe “blue” defenses.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa> Microsoft extended this from cybersecurity to generative models that can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Leak or fabricate sensitive data\u003C\u002Fli>\n\u003Cli>Generate disinformation at scale\u003C\u002Fli>\n\u003Cli>Produce harassment or self‑harm content\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Other labs (Anthropic, Google DeepMind, OpenAI) now highlight red teaming in their safety frameworks.\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa> Microsoft’s direct launch‑blocking authority and multidisciplinary staffing remain unusually strong levers.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Section takeaway:\u003C\u002Fstrong> An empowered, cross‑disciplinary red team signals that AI risk is managed like a high‑reliability system, not left to post‑incident clean‑up.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>2. How Microsoft’s AI Red Team Actually “Hacks” Models Pre‑Launch\u003C\u002Fh2>\n\u003Cp>Since 2018, the AI Red Team has tested 100+ generative AI applications, including every flagship Azure OpenAI model, major Copilots, and all Phi releases before announcement.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa> What started as ad‑hoc testing is now a formal pipeline.\u003C\u002Fp>\n\u003Ch3>Role‑play, stress tests, and domain‑specific “abuse labs”\u003C\u002Fh3>\n\u003Cp>Red‑teamers go beyond clever jailbreak prompts. They simulate:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Malicious attackers: data exfiltration, policy evasion, prompt injection.\u003C\u002Fli>\n\u003Cli>Naïve or distressed users: crisis queries, confusion, over‑trust.\u003C\u002Fli>\n\u003Cli>Sector misuse: finance, healthcare, critical infrastructure scenarios.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Examples include testing Copilots for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cross‑tenant data leaks\u003C\u002Fli>\n\u003Cli>Unsafe code via multi‑step jailbreaks\u003C\u002Fli>\n\u003Cli>Medical or financial advice that conflicts with regulations\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚠️ \u003Cstrong>Practical lesson:\u003C\u002Fstrong> Ignoring stressed or unsophisticated users misses major failure modes.\u003C\u002Fp>\n\u003Ch3>Smaller models as a counterintuitive safety tool\u003C\u002Fh3>\n\u003Cp>A recurring finding: smaller models are often safer. Their narrower capabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reduce emergent harmful behaviors\u003C\u002Fli>\n\u003Cli>Make guardrails and monitoring easier to enforce\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Microsoft now recommends smaller models in some enterprise contexts where controllability outweighs raw capability.\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Design trade‑off:\u003C\u002Fstrong> Capability vs. controllability is quantified in red‑team reports, not left as an abstract debate.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Automation plus human creativity\u003C\u002Fh3>\n\u003Cp>To scale testing, Microsoft uses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The Open Automation Framework\u003C\u002Fli>\n\u003Cli>PyRIT, an open‑source toolkit for automated adversarial probing\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These run large volumes of scripted attacks—prompt injections, jailbreak variants, data‑exfiltration attempts—while human testers explore novel, contextual behaviors automation misses.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215134056\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1550.28125px;\" viewBox=\"0 0 1550.28125 247\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215134056{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215134056 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215134056 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215134056 .error-icon{fill:#552222;}#diagram-1775215134056 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215134056 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215134056 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215134056 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215134056 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215134056 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215134056 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215134056 .marker{fill:#333333;stroke:#333333;}#diagram-1775215134056 .marker.cross{stroke:#333333;}#diagram-1775215134056 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215134056 p{margin:0;}#diagram-1775215134056 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215134056 .cluster-label text{fill:#333;}#diagram-1775215134056 .cluster-label span{color:#333;}#diagram-1775215134056 .cluster-label span p{background-color:transparent;}#diagram-1775215134056 .label text,#diagram-1775215134056 span{fill:#333;color:#333;}#diagram-1775215134056 .node rect,#diagram-1775215134056 .node circle,#diagram-1775215134056 .node ellipse,#diagram-1775215134056 .node polygon,#diagram-1775215134056 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215134056 .rough-node .label text,#diagram-1775215134056 .node .label text,#diagram-1775215134056 .image-shape .label,#diagram-1775215134056 .icon-shape .label{text-anchor:middle;}#diagram-1775215134056 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215134056 .rough-node .label,#diagram-1775215134056 .node .label,#diagram-1775215134056 .image-shape .label,#diagram-1775215134056 .icon-shape .label{text-align:center;}#diagram-1775215134056 .node.clickable{cursor:pointer;}#diagram-1775215134056 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215134056 .arrowheadPath{fill:#333333;}#diagram-1775215134056 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215134056 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215134056 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134056 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215134056 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134056 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215134056 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215134056 .cluster text{fill:#333;}#diagram-1775215134056 .cluster span{color:#333;}#diagram-1775215134056 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215134056 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215134056 rect.text{fill:none;stroke-width:0;}#diagram-1775215134056 .icon-shape,#diagram-1775215134056 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134056 .icon-shape p,#diagram-1775215134056 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215134056 .icon-shape .label rect,#diagram-1775215134056 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134056 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215134056 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215134056 .node .neo-node{stroke:#9370DB;}#diagram-1775215134056 [data-look=\"neo\"].node rect,#diagram-1775215134056 [data-look=\"neo\"].cluster rect,#diagram-1775215134056 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215134056 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215134056 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215134056 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134056 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134056_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M195.344,111L199.51,111C203.677,111,212.01,111,219.677,111C227.344,111,234.344,111,237.844,111L241.344,111\" id=\"diagram-1775215134056-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTk1LjM0Mzc1LCJ5IjoxMTF9LHsieCI6MjIwLjM0Mzc1LCJ5IjoxMTF9LHsieCI6MjQ1LjM0Mzc1LCJ5IjoxMTF9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M386.748,84L398.024,77.833C409.3,71.667,431.853,59.333,446.63,53.167C461.406,47,468.406,47,471.906,47L475.406,47\" id=\"diagram-1775215134056-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6Mzg2Ljc0NzU1ODU5Mzc1LCJ5Ijo4NH0seyJ4Ijo0NTQuNDA2MjUsInkiOjQ3fSx7IngiOjQ3OS40MDYyNSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M386.748,138L398.024,144.167C409.3,150.333,431.853,162.667,447.813,168.833C463.773,175,473.141,175,477.824,175L482.508,175\" id=\"diagram-1775215134056-L_B_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_D_0\" data-points=\"W3sieCI6Mzg2Ljc0NzU1ODU5Mzc1LCJ5IjoxMzh9LHsieCI6NDU0LjQwNjI1LCJ5IjoxNzV9LHsieCI6NDg2LjUwNzgxMjUsInkiOjE3NX1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M687.063,47L691.229,47C695.396,47,703.729,47,717.371,50.912C731.012,54.824,749.962,62.649,759.437,66.561L768.912,70.473\" id=\"diagram-1775215134056-L_C_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_E_0\" data-points=\"W3sieCI6Njg3LjA2MjUsInkiOjQ3fSx7IngiOjcxMi4wNjI1LCJ5Ijo0N30seyJ4Ijo3NzIuNjA5Mzc1LCJ5Ijo3Mn1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M679.961,175L685.311,175C690.661,175,701.362,175,716.187,171.088C731.012,167.176,749.962,159.351,759.437,155.439L768.912,151.527\" id=\"diagram-1775215134056-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6Njc5Ljk2MDkzNzUsInkiOjE3NX0seyJ4Ijo3MTIuMDYyNSwieSI6MTc1fSx7IngiOjc3Mi42MDkzNzUsInkiOjE1MH1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M997.063,111L1001.229,111C1005.396,111,1013.729,111,1021.396,111C1029.063,111,1036.063,111,1039.563,111L1043.063,111\" id=\"diagram-1775215134056-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6OTk3LjA2MjUsInkiOjExMX0seyJ4IjoxMDIyLjA2MjUsInkiOjExMX0seyJ4IjoxMDQ3LjA2MjUsInkiOjExMX1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1289.484,111L1293.651,111C1297.818,111,1306.151,111,1313.818,111C1321.484,111,1328.484,111,1331.984,111L1335.484,111\" id=\"diagram-1775215134056-L_F_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_F_G_0\" data-points=\"W3sieCI6MTI4OS40ODQzNzUsInkiOjExMX0seyJ4IjoxMzE0LjQ4NDM3NSwieSI6MTExfSx7IngiOjEzMzkuNDg0Mzc1LCJ5IjoxMTF9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134056_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_F_G_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-A-0\" data-look=\"classic\" transform=\"translate(101.671875, 111)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-93.671875\" y=\"-27\" width=\"187.34375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-63.671875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"127.34375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>New Model Build\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-B-1\" data-look=\"classic\" transform=\"translate(337.375, 111)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-92.03125\" y=\"-27\" width=\"184.0625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-62.03125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"124.0625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Threat Modeling\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-C-3\" data-look=\"classic\" transform=\"translate(583.234375, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-103.828125\" y=\"-39\" width=\"207.65625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-73.828125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"147.65625\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Automated Probing\u003Cbr\u002F>PyRIT, scripts\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-D-5\" data-look=\"classic\" transform=\"translate(583.234375, 175)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-96.7265625\" y=\"-39\" width=\"193.453125\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-66.7265625, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"133.453125\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Human Red Team\u003Cbr\u002F>role-play attacks\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-E-7\" data-look=\"classic\" transform=\"translate(867.0625, 111)\">\u003Crect class=\"basic label-container\" style=\"fill:#f59e0b !important\" x=\"-130\" y=\"-39\" width=\"260\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-100, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"200\" height=\"48\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Failure Taxonomy & Bug Bar\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-F-11\" data-look=\"classic\" transform=\"translate(1168.2734375, 111)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-121.2109375\" y=\"-27\" width=\"242.421875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-91.2109375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"182.421875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Mitigations & Retraining\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134056-flowchart-G-13\" data-look=\"classic\" transform=\"translate(1440.8828125, 111)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-101.3984375\" y=\"-27\" width=\"202.796875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-71.3984375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"142.796875\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Go \u002F No-Go Launch\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134056-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134056-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1545.28125\" y=\"242\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Cp>Lessons are codified into:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AI Security Training\u003C\u002Fli>\n\u003Cli>Internal playbooks and “patterns of failure”\u003C\u002Fli>\n\u003Cli>Reference guides for Azure AI builders\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💡 \u003Cstrong>Section takeaway:\u003C\u002Fstrong> Automated adversarial search plus creative, multidisciplinary testers lets Microsoft cover broad behavioral space without relying on a few clever prompts.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>3. Governance, Taxonomies, and Guardrails Behind the Testing\u003C\u002Fh2>\n\u003Cp>Red‑team impact depends on how findings drive decisions. Microsoft’s governance stack turns qualitative failures into consistent go\u002Fno‑go outcomes.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Responsible AI Standard as the backbone\u003C\u002Fh3>\n\u003Cp>The Responsible AI Standard and impact assessments define:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unacceptable harms\u003C\u002Fli>\n\u003Cli>Required mitigations\u003C\u002Fli>\n\u003Cli>Required sign‑offs for high‑risk uses\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This gives the red team a clear decision template instead of renegotiating every mitigation.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Taxonomy and Bug Bar: from anecdotes to structured risks\u003C\u002Fh3>\n\u003Cp>Microsoft’s “taxonomy for machine learning failure” classifies issues like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Robustness failures: jailbreaks, prompt injection\u003C\u002Fli>\n\u003Cli>Privacy leaks: cross‑tenant exposure, PII\u003C\u002Fli>\n\u003Cli>Content safety: hate, self‑harm, misinformation\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A Bug Bar for ML systems maps these to severity levels and expected responses, aligning with traditional vulnerability triage.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Effect:\u003C\u002Fstrong> Bias, hallucinations, and prompt injection become specific vulnerability categories with owners and deadlines, not vague “AI issues.”\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215134710\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 230.5625px;\" viewBox=\"0 0 230.5625 687\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215134710{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215134710 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215134710 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215134710 .error-icon{fill:#552222;}#diagram-1775215134710 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215134710 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215134710 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215134710 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215134710 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215134710 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215134710 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215134710 .marker{fill:#333333;stroke:#333333;}#diagram-1775215134710 .marker.cross{stroke:#333333;}#diagram-1775215134710 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215134710 p{margin:0;}#diagram-1775215134710 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215134710 .cluster-label text{fill:#333;}#diagram-1775215134710 .cluster-label span{color:#333;}#diagram-1775215134710 .cluster-label span p{background-color:transparent;}#diagram-1775215134710 .label text,#diagram-1775215134710 span{fill:#333;color:#333;}#diagram-1775215134710 .node rect,#diagram-1775215134710 .node circle,#diagram-1775215134710 .node ellipse,#diagram-1775215134710 .node polygon,#diagram-1775215134710 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215134710 .rough-node .label text,#diagram-1775215134710 .node .label text,#diagram-1775215134710 .image-shape .label,#diagram-1775215134710 .icon-shape .label{text-anchor:middle;}#diagram-1775215134710 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215134710 .rough-node .label,#diagram-1775215134710 .node .label,#diagram-1775215134710 .image-shape .label,#diagram-1775215134710 .icon-shape .label{text-align:center;}#diagram-1775215134710 .node.clickable{cursor:pointer;}#diagram-1775215134710 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215134710 .arrowheadPath{fill:#333333;}#diagram-1775215134710 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215134710 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215134710 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134710 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215134710 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134710 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215134710 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215134710 .cluster text{fill:#333;}#diagram-1775215134710 .cluster span{color:#333;}#diagram-1775215134710 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215134710 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215134710 rect.text{fill:none;stroke-width:0;}#diagram-1775215134710 .icon-shape,#diagram-1775215134710 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215134710 .icon-shape p,#diagram-1775215134710 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215134710 .icon-shape .label rect,#diagram-1775215134710 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215134710 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215134710 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215134710 .node .neo-node{stroke:#9370DB;}#diagram-1775215134710 [data-look=\"neo\"].node rect,#diagram-1775215134710 [data-look=\"neo\"].cluster rect,#diagram-1775215134710 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215134710 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215134710 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215134710 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215134710 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215134710_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M115.281,62L115.281,66.167C115.281,70.333,115.281,78.667,115.281,86.333C115.281,94,115.281,101,115.281,104.5L115.281,108\" id=\"diagram-1775215134710-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5Ijo2Mn0seyJ4IjoxMTUuMjgxMjUsInkiOjg3fSx7IngiOjExNS4yODEyNSwieSI6MTEyfV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,190L115.281,194.167C115.281,198.333,115.281,206.667,115.281,214.333C115.281,222,115.281,229,115.281,232.5L115.281,236\" id=\"diagram-1775215134710-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5IjoxOTB9LHsieCI6MTE1LjI4MTI1LCJ5IjoyMTV9LHsieCI6MTE1LjI4MTI1LCJ5IjoyNDB9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,318L115.281,322.167C115.281,326.333,115.281,334.667,115.281,342.333C115.281,350,115.281,357,115.281,360.5L115.281,364\" id=\"diagram-1775215134710-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5IjozMTh9LHsieCI6MTE1LjI4MTI1LCJ5IjozNDN9LHsieCI6MTE1LjI4MTI1LCJ5IjozNjh9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,446L115.281,450.167C115.281,454.333,115.281,462.667,115.281,470.333C115.281,478,115.281,485,115.281,488.5L115.281,492\" id=\"diagram-1775215134710-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5Ijo0NDZ9LHsieCI6MTE1LjI4MTI1LCJ5Ijo0NzF9LHsieCI6MTE1LjI4MTI1LCJ5Ijo0OTZ9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M115.281,550L115.281,554.167C115.281,558.333,115.281,566.667,115.281,574.333C115.281,582,115.281,589,115.281,592.5L115.281,596\" id=\"diagram-1775215134710-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6MTE1LjI4MTI1LCJ5Ijo1NTB9LHsieCI6MTE1LjI4MTI1LCJ5Ijo1NzV9LHsieCI6MTE1LjI4MTI1LCJ5Ijo2MDB9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215134710_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-A-0\" data-look=\"classic\" transform=\"translate(115.28125, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-97.125\" y=\"-27\" width=\"194.25\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-67.125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"134.25\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Red-Team Finding\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-B-1\" data-look=\"classic\" transform=\"translate(115.28125, 151)\">\u003Crect class=\"basic label-container\" style=\"fill:#f59e0b !important\" x=\"-96.0078125\" y=\"-39\" width=\"192.015625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-66.0078125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"132.015625\" height=\"48\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Classify via\u003Cbr\u002F>Failure Taxonomy\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-C-3\" data-look=\"classic\" transform=\"translate(115.28125, 279)\">\u003Crect class=\"basic label-container\" style=\"fill:#f97316 !important\" x=\"-86.4453125\" y=\"-39\" width=\"172.890625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-56.4453125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"112.890625\" height=\"48\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Assign Severity\u003Cbr\u002F>Bug Bar\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-D-5\" data-look=\"classic\" transform=\"translate(115.28125, 407)\">\u003Crect class=\"basic label-container\" style=\"fill:#0ea5e9 !important\" x=\"-101.953125\" y=\"-39\" width=\"203.90625\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-71.953125, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"143.90625\" height=\"48\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Map to Policy\u003Cbr\u002F>RAG \u002F RAI Standard\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-E-7\" data-look=\"classic\" transform=\"translate(115.28125, 523)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-107.28125\" y=\"-27\" width=\"214.5625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-77.28125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"154.5625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Engineering Backlog\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215134710-flowchart-F-9\" data-look=\"classic\" transform=\"translate(115.28125, 627)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-84.9765625\" y=\"-27\" width=\"169.953125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-54.9765625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"109.953125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Retest & Verify\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134710-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215134710-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"225.5625\" y=\"682\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Ch3>Threat modeling and downstream defenses\u003C\u002Fh3>\n\u003Cp>Developer guidance for ML threat modeling pushes teams to define attacker goals, capabilities, and constraints before red‑teaming.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa> This mirrors independent safety groups that treat explicit threat models as the basis for credible evaluation.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Downstream tools—Azure AI Content Safety, monitoring, filters, governance dashboards—are treated as defenses to be attacked and empirically validated, not assumed sufficient.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Section takeaway:\u003C\u002Fstrong> The power lies less in any single tool than in a closed loop where taxonomy, Bug Bar, and Responsible AI policy connect discovery, mitigation, and re‑evaluation.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>4. Strategic Lessons for AI Leaders, Policymakers, and Investors\u003C\u002Fh2>\n\u003Cp>With Morgan Stanley projecting a major jump in frontier‑model capabilities around 2026, the cost of weak pre‑deployment evaluation will rise.\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa> Microsoft’s architecture is a reference design, not a finished recipe.\u003C\u002Fp>\n\u003Ch3>Lesson 1: Red teaming is now a strategic necessity\u003C\u002Fh3>\n\u003Cp>Weak or opaque testing already erodes trust. The Xiaomi Hunter Alpha case—an unlabelled “stealth model” on OpenRouter that was an internal test build—sparked rumors it was a secret DeepSeek V4, moving markets and drawing scrutiny.\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Signal:\u003C\u002Fstrong> When test infrastructure leaks, red‑team practices become governance and investor‑relations issues, not just technical ones.\u003C\u002Fp>\n\u003Ch3>Lesson 2: Agents need policy‑enforced runtimes plus testing\u003C\u002Fh3>\n\u003Cp>NVIDIA’s Agent Toolkit and OpenShell runtime enforce policy‑based security, network, and privacy guardrails for autonomous agents.\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa> This reflects a shift toward:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Policy‑aware runtimes\u003C\u002Fli>\n\u003Cli>Fine‑grained permissions\u003C\u002Fli>\n\u003Cli>Built‑in monitoring for acting agents\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>But guardrails are only hypotheses until red‑teamed under adversarial prompting and tool‑use scenarios.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa> Microsoft‑style automated probing (PyRIT) and expert scenarios can validate whether policies hold under pressure.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Lesson 3: Standardize threat‑model‑driven evidence\u003C\u002Fh3>\n\u003Cp>Advanced LLM red‑teaming frameworks recommend staged evaluations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automated “fuzzing” and prompt mutation at scale\u003C\u002Fli>\n\u003Cli>Scenario‑based expert testing for high‑impact misuse\u003C\u002Fli>\n\u003Cli>Iterative campaigns as models and prompts evolve\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Policymakers can demand \u003Cstrong>threat‑model‑driven evidence\u003C\u002Fstrong>: proof that systems were tested against specific abuse cases—disinformation, targeted harassment, PII leakage—rather than generic “we did a red team.”\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Regulatory move:\u003C\u002Fstrong> Require explicit mapping between threat models, test campaigns, and mitigations, echoing Microsoft’s internal guidance.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Lesson 4: Do not outsource your domain‑specific risk\u003C\u002Fh3>\n\u003Cp>For enterprises on Azure, Microsoft’s AI shared responsibility model and risk assessment guidance clarify that customers remain responsible for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Domain‑specific misuse and sectoral compliance\u003C\u002Fli>\n\u003Cli>Fine‑tuning, prompts, and configurations\u003C\u002Fli>\n\u003Cli>Integrations with internal data and tools\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Microsoft’s red‑teaming is a floor, not a ceiling. Enterprises still need domain‑specific red‑team exercises using internal SMEs to model realistic abuse in their own context.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💼 \u003Cstrong>Section takeaway:\u003C\u002Fstrong> Organizations that will thrive treat red teaming as a core strategy and governance capability, not a box‑checking security feature.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Conclusion: Red Teams as Gatekeepers for the Frontier\u003C\u002Fh2>\n\u003Cp>Microsoft’s AI Red Team illustrates how to treat AI safety as an operational discipline with real veto power, grounded in diverse expertise and structured governance.\u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa> As models grow more capable and agents gain the ability to act, similar red‑team functions—integrated with clear taxonomies, bug bars, and policy guardrails—are likely to become standard for any organization deploying frontier‑scale AI.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n","Before any major Copilot, Phi model, or Azure OpenAI capability reaches customers, Microsoft’s AI Red Team tries to break it first. Its mandate: simulate real users and adversaries, then decide whethe...","security",[],1416,7,"2026-03-23T02:11:21.283Z",[17,22,26,30,34,38,42,46,50,54],{"title":18,"url":19,"summary":20,"type":21},"Neuroscientists, military personnel, and even a prisoner: this is how the team that 'hacks' Microsoft's AI before it reaches the public wo","https:\u002F\u002Fwww.signismedudesk.org\u002Fartificial-intelligence-1\u002Fneuroscientists-military-personnel-and-even-a-prisoner-this-is-how-the-team-that-39-hacks-39-microsoft-39-s-ai-before-it-reaches-the-public-wo.htm","North America\n\nThe company has a \"red team\" that evaluates all artificial intelligence systems before their launch, and halts them if necessary.\n\nFrom left to right, Daniel Kluttz, Ram Shankar, Siva K...","kb",{"title":23,"url":24,"summary":25,"type":21},"Neuroscientists and military vets: the inner workings of the team that ‘hacks’ Microsoft’s AI tools before their public debut","https:\u002F\u002Fenglish.elpais.com\u002Ftechnology\u002F2026-03-20\u002Fneuroscientists-and-military-vets-the-inner-workings-of-the-team-that-hacks-microsofts-ai-tools-before-their-public-debut.html","Microsoft president Brad Smith takes a moment to reflect before using the word “guardrails” with the ease of someone who has given a great deal of thought to the dangers of the abyss. A conference on ...",{"title":27,"url":28,"summary":29,"type":21},"An inside look at Microsoft’s AI Red Team","https:\u002F\u002Fwww.scworld.com\u002Fperspective\u002Fan-inside-look-at-microsofts-ai-red-team","An inside look at Microsoft’s AI Red Team\n\nApril 10, 2025\n\nCOMMENTARY: AI red teaming — also known as adversarial machine learning — started many years ago as a group of researchers who were happy to ...",{"title":31,"url":32,"summary":33,"type":21},"I Spent a Day With Microsoft’s AI Red Team — Here’s What I Learned","https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=x_3aXzbdI8A","I Spent a Day With Microsoft’s AI Red Team — Here’s What I Learned\n\nWith Sandra and Microsoft Security\n\nJoin\n\nSubscribe\n\n222\n\nShare\n\n5.4K views 1 month ago[#cybersecurity](https:\u002F\u002Fwww.youtube.com\u002Fhash...",{"title":35,"url":36,"summary":37,"type":21},"Microsoft AI Red Team","https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fsecurity\u002Fai-red-team\u002F","Microsoft AI Red Team\n\nLearn to safeguard your organization's AI with guidance and best practices from the industry leading Microsoft AI Red Team.\n\nAbout AI Red Team\n\nOverview\n- What is AI Red teaming...",{"title":39,"url":40,"summary":41,"type":21},"LLM Red Teaming: The Complete Step-By-Step Guide To LLM Safety","https:\u002F\u002Fwww.confident-ai.com\u002Fblog\u002Fred-teaming-llms-a-step-by-step-guide","Kritin Vongthongsri  \nCofounder @ Confident AI | LLM Evals & Safety Wizard | Previously ML + CS @ Princeton Researching Self-Driving Cars\n\n# LLM Red Teaming: The Complete Step-By-Step Guide To LLM Saf...",{"title":43,"url":44,"summary":45,"type":21},"AI Red-Teaming Design: Threat Models and Tools","https:\u002F\u002Fcset.georgetown.edu\u002Farticle\u002Fai-red-teaming-design-threat-models-and-tools\u002F","Red-teaming is a popular evaluation methodology for AI systems, but it is still severely lacking in theoretical grounding and technical best practices. This blog introduces the concept of threat model...",{"title":47,"url":48,"summary":49,"type":21},"Mystery AI model revealed to be Xiaomi's following suspicions it was DeepSeek V4 | Reuters","https:\u002F\u002Fwww.reuters.com\u002Fbusiness\u002Fmedia-telecom\u002Fmystery-ai-model-has-developers-buzzing-is-this-deepseeks-latest-blockbuster-2026-03-18\u002F","A Xiaomi logo is pictured at the Xiaomi booth during a media day for the Auto Shanghai show in Shanghai, China April 24, 2025. REUTERS\u002FGo Nakamura\n\nBEIJING, March 18 (Reuters) - A powerful artificial ...",{"title":51,"url":52,"summary":53,"type":21},"EP 446 : Morgan Stanley Warns: AI Breakthrough in 2026","https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=3_mhMBp4Hj4","Get ready for a transformative leap in AI capabilities, predicted by Morgan Stanley to happen in 2026. With top US AI labs scaling up their computational power, we can expect significant advancements ...",{"title":55,"url":56,"summary":57,"type":21},"NVIDIA Ignites the Next Industrial Revolution in Knowledge Work With Open Agent Development Platform","http:\u002F\u002Fnvidianews.nvidia.com\u002Fnews\u002Fai-agents","NVIDIA Ignites the Next Industrial Revolution in Knowledge Work With Open Agent Development Platform\n\nNVIDIA Agent Toolkit Equips Enterprises to Build and Run AI Agents\n\nMarch 16, 2026\n\nNVIDIA Agent T...",null,{"generationDuration":60,"kbQueriesCount":61,"confidenceScore":62,"sourcesCount":61},76573,10,100,{"metaTitle":6,"metaDescription":10},"en","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1506849041215-e76092bdaa7f?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxpbnNpZGUlMjBtaWNyb3NvZnR8ZW58MXwwfHx8MTc3NTExNDU0MXww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress",{"photographerName":67,"photographerUrl":68,"unsplashUrl":69},"Luke Ellis-Craven","https:\u002F\u002Funsplash.com\u002F@lukeelliscraven?utm_source=coreprose&utm_medium=referral","https:\u002F\u002Funsplash.com\u002Fphotos\u002Farchitecture-building-ceiling-yCsk1q2Eq0o?utm_source=coreprose&utm_medium=referral",false,{"key":72,"name":73,"nameEn":74},"ia","Intelligence Artificielle","Artificial Intelligence",[76,84,91,98],{"id":77,"title":78,"slug":79,"excerpt":80,"category":81,"featuredImage":82,"publishedAt":83},"69f259ada569d797da77af45","How State Lawmakers Are Using AI to Research, Fact-Check, and Draft Legislation","how-state-lawmakers-are-using-ai-to-research-fact-check-and-draft-legislation","Statehouses must process more information with fewer people. In South Dakota, 70 part‑time legislators share roughly 60 staffers, the thinnest legislative staff in the country. [2] In that context, AI...","trend-radar","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1576082176859-e557bdc7b1b4?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxzdGF0ZSUyMGxhd21ha2VycyUyMHVzaW5nJTIwcmVzZWFyY2h8ZW58MXwwfHx8MTc3NzQ5MDM0OHww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-29T19:30:48.260Z",{"id":85,"title":86,"slug":87,"excerpt":88,"category":81,"featuredImage":89,"publishedAt":90},"69eddbb98594a02c7d5b7537","OpenAI’s GPT-5.5: How a Unified Chat, Coding, and Browser Model Redefines Computer Work","openai-s-gpt-5-5-how-a-unified-chat-coding-and-browser-model-redefines-computer-work","1. What GPT-5.5 Is and Why It Matters\n\nGPT-5.5 is OpenAI’s newest flagship model, framed as its “smartest and most intuitive to use” and a “new class of intelligence for real work.”[1][3] It is built...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1676272682018-b1435bad1cf0?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxvcGVuYWklMjBncHQlMjB1bmlmeWluZyUyMGNoYXRncHR8ZW58MXwwfHx8MTc3NzE5NTk2MXww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-26T09:40:11.589Z",{"id":92,"title":93,"slug":94,"excerpt":95,"category":81,"featuredImage":96,"publishedAt":97},"69ebd69aef9f887f1d4f877d","OpenAI’s GPT-5.5 Rollout: What Paid and Enterprise Users Need to Know","openai-s-gpt-5-5-rollout-what-paid-and-enterprise-users-need-to-know","OpenAI’s GPT-5.5 is framed as a “new class of intelligence for real work and powering agents,” built for complex, multi-step workflows with less user oversight.[1][3] For paid ChatGPT and Codex users,...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1696041760711-f1bd9e111b70?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxvcGVuYWklMjByb2xsaW5nJTIwb3V0JTIwZ3B0fGVufDF8MHx8fDE3NzcwNjM1Nzh8MA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-24T20:55:57.836Z",{"id":99,"title":100,"slug":101,"excerpt":102,"category":81,"featuredImage":103,"publishedAt":104},"69e55859b951907c96a68410","GPT-Rosalind: Trusted-Access Life Sciences AI for Pharma Partners","gpt-rosalind-trusted-access-life-sciences-ai-for-pharma-partners","Pharma leaders must compress 10–15 year development timelines without compromising safety or rigor.[2][4] GPT-Rosalind, OpenAI’s new life sciences model, aims to improve the quality and speed of upstr...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1762340275855-ae8f4c2c144e?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxncHQlMjByb3NhbGluZCUyMHRydXN0ZWQlMjBhY2Nlc3N8ZW58MXwwfHx8MTc3NjYzODA0MXww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-19T22:44:06.970Z",["Island",106],{"key":107,"params":108,"result":110},"ArticleBody_Lqsszxncn7gvvuHXRtn1VQa0JKKuak31v6GvkE870",{"props":109},"{\"articleId\":\"69c0a0c22f63650529e7e741\",\"linkColor\":\"red\"}",{"head":111},{}]