Curiosity · Concept

AI Safety Red-Teaming

Red-teaming borrows its name from military war-gaming: a 'red team' attacks while the 'blue team' defends. For frontier LLMs, red-teaming covers jailbreaks, prompt-injection attacks, biased or discriminatory outputs, dangerous-capability probes (bio, cyber, weapons), and agentic misuse. Anthropic, OpenAI, DeepMind, and NIST all run structured red-team programs, and automated red-teaming — where one LLM attacks another — has become an essential scaling mechanism alongside human testers.

Quick reference

Proficiency
Intermediate
Also known as
adversarial red-teaming, red team
Prerequisites
Prompt injection, Guardrails

Frequently asked questions

What is AI red-teaming?

Red-teaming is structured adversarial testing of an AI system. Testers (human, automated, or both) try to provoke harmful, unsafe, deceptive, or policy-violating outputs so the developer can fix weaknesses before public release.

What kinds of attacks do red-teamers try?

Jailbreaks (bypassing safety training), prompt injection via retrieved content or tools, requests for dangerous information (bio, chemical, cyber), bias and fairness probes, agentic misuse (planning harmful actions), and sycophancy / manipulation attacks.

Who red-teams frontier models?

Internal teams at labs like Anthropic, OpenAI, and Google DeepMind; external organisations such as NIST's AISI and the UK AISI; invited subject-matter experts (biologists, security researchers); and automated systems like Anthropic's automated red-teaming for attack generation at scale.

How does red-teaming relate to evaluations and guardrails?

Red-teaming surfaces failure modes. Evaluations measure how often those failures happen and track progress across model versions. Guardrails (classifiers, filters, rules) block known failure modes at runtime. The three are complementary parts of a safety pipeline.

Sources

  1. Perez et al. — Red Teaming Language Models with Language Models — accessed 2026-04-20
  2. Ganguli et al. — Red Teaming Language Models to Reduce Harms — accessed 2026-04-20

Related

  • Constitutional AI (CAI) — Constitutional AI is Anthropic's alignment technique where a model is trained to critique and revise its own outputs against a written set of principles (the 'constitution'), producing preference data used to fine-tune a safer assistant — largely replacing human red-teamers with AI feedback.
  • Guardrails (LLM Safety Layers) — Guardrails are input and output validation layers wrapped around an LLM — filters, classifiers, schema checks, and policy rules — that block unsafe, off-topic, or malformed generations before they reach users or downstream systems.
  • Hallucination — Hallucination is when a language model confidently generates content that is factually wrong, fabricated, or unsupported by any provided source — the single most important reliability problem in LLM applications.
  • All Concepts — Browse the complete concepts library
  • VSET — Programmes offered — B.Tech programs (CSE, AI&ML, AI&DS, Electronics, IIoT)