Red/Blue Team
PowerAdversarial security analysis where a Red Team AI finds vulnerabilities and a Blue Team AI defends and hardens your content.
Overview
Red/Blue Team mode performs adversarial security analysis on code, configurations, policies, contracts, and other content. The Red Team AI attacks by finding vulnerabilities, while the Blue Team AI defends by validating findings and providing fixes. This creates a comprehensive security review with actionable remediation.
Key Features
Vulnerability Detection
Red Team identifies security issues with severity ratings (Critical, High, Medium, Low, Info) and detailed descriptions.
Blue Team Validation
Blue Team validates each finding—confirming real vulnerabilities, disputing false positives, and providing fixes.
Hardened Output
Get a security-hardened version of your content with all confirmed vulnerabilities fixed and best practices applied.
Confidence Scoring
Overall confidence score based on vulnerability resolution rate, severity distribution, and analysis depth.
How It Works
Red Team Attack
The Red Team AI analyzes your content for vulnerabilities, categorizing each by severity and providing detailed descriptions, impact assessments, and suggested fixes.
Blue Team Defense
The Blue Team AI reviews each vulnerability. It confirms valid findings, disputes false positives with reasoning, and implements fixes for confirmed issues.
Hardened Output
A security-hardened version is generated with all confirmed vulnerabilities fixed, following security best practices. Copy-ready for immediate use.
Supported Content Types
Code
SQL injection, XSS, authentication flaws, insecure dependencies, hardcoded secrets, buffer overflows.
Configuration
Insecure defaults, exposed ports, weak permissions, missing encryption, overly permissive CORS.
Policy Documents
Vague language, enforcement gaps, compliance issues, missing controls, inconsistent requirements.
Contracts
Liability gaps, ambiguous terms, missing clauses, unfavorable conditions, compliance risks.
Marketing Claims
Unsubstantiated claims, regulatory risks, competitor attack vectors, reputation vulnerabilities.
Business Strategy
Competitive blind spots, market risks, execution gaps, resource constraints, timing vulnerabilities.
Severity Levels
Follow-up Q&A
After analysis completes, ask follow-up questions about specific vulnerabilities, fixes, or the overall assessment.
How It Works
- • Click "Ask About This" on any Red/Blue analysis
- • Enter follow-up mode (green indicator)
- • Ask questions with full analysis context preserved
- • Reference specific vulnerabilities by ID
Example Questions
- • "Explain the SQL injection vulnerability in detail"
- • "Why was VULN-003 marked as a false positive?"
- • "What other attack vectors should I consider?"
- • "How do I implement the XSS fix in React?"
When to Use Red/Blue Team
Example Analysis
Input (Code)
def get_user(user_id):
query = f"SELECT * FROM users WHERE id = {user_id}"
return db.execute(query)User input is directly interpolated into SQL query without sanitization, allowing attackers to execute arbitrary SQL.
Status: Resolved
Hardened Output
def get_user(user_id):
query = "SELECT * FROM users WHERE id = ?"
return db.execute(query, (user_id,))API Usage
curl https://api.konnect.ai/v1/chat/completions \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "konnect-red-team",
"messages": [
{"role": "user", "content": "Review this code: def login(u,p): ..."}
],
"stream": true,
"konnect.pattern": "red_team",
"konnect.content_type": "code"
}'