Core Concepts

Understand the fundamentals of ZeroShot security scanning.

Scans

A Scan is a security assessment of an AI system. When you create a scan, ZeroShot sends a series of attack prompts to your target and analyzes the responses.

scan = client.scans.create(
    target="https://api.example.com/v1/chat",
    categories=["jailbreak", "prompt_injection"],
    max_attacks=100,
)

Attack Categories

CategoryDescriptionSeverity
jailbreakAttempts to bypass safety restrictionsHigh
prompt_injectionInjects malicious instructionsCritical
system_prompt_extractionExtracts hidden system promptsMedium
data_exfiltrationAttempts to leak sensitive dataHigh
pii_leakTests for PII disclosureHigh

Vulnerabilities

When an attack succeeds, ZeroShot creates a Vulnerability record with:

  • Attack details (prompt, category)
  • Response from the AI
  • Severity rating
  • Compliance mappings (OWASP LLM, MITRE ATLAS)

CLI Reference

Command-line interface for ZeroShot.

SDK Reference

Python SDK for ZeroShot AI systems security scanning.

On this page

ScansAttack CategoriesVulnerabilities