-
Notifications
You must be signed in to change notification settings - Fork 5
Home
licitrasimone edited this page Apr 17, 2026
·
2 revisions
AIX is an automated security testing framework for AI/LLM endpoints. It gives penetration testers and red teamers the tools to assess AI systems across the full attack surface — from reconnaissance to exploitation to reporting.
- Installation — pip, source, dev setup
- Modules — full reference for every attack module
- Payload Schema — JSON format, fields, level/risk system
- Adding Modules — how to build a new attack module
- Attack Chains — YAML playbooks, syntax, built-in playbooks
- Database & Reporting — sessions, conversations, HTML export
pip install aix-framework
# Recon first — detects model, guardrails, structure
aix recon https://api.target.com/chat -k sk-xxx
# Attack — bypass engine activates automatically if guardrail was found
aix inject https://api.target.com/chat -k sk-xxx
# Full scan
aix scan https://api.target.com/chat -k sk-xxxCLI (aix/cli.py)
→ Module (aix/modules/<name>.py)
→ BaseScanner (aix/core/scanner.py)
→ Connector — sends HTTP / WebSocket / raw requests
→ AIEngine — LLM-as-a-Judge + payload generation
→ BypassEngine — session-aware guardrail evasion
→ AIXDatabase — SQLite persistence
→ Reporter / Finding — structured output + OWASP/ATLAS tags
Every scan is grouped into a session by target. Guardrail data detected by aix recon is stored in the session and automatically consumed by subsequent attack modules.