Skip to main content

Understanding and Acting on Javelin RedTeam Reports

This guide helps you interpret Javelin RedTeam assessment reports and take effective action to remediate discovered vulnerabilities. Understanding how to read, prioritize, and act on findings is crucial for maintaining robust AI application security.

tip

You can also download the report pdf from the download button at the top right of the report page

Report Structure Overview

Executive Summary

  • Overall Security Score: Numerical rating (0-100) indicating application security posture
  • Total Vulnerabilities Found: Count by severity level (Critical, High, Medium, Low)
  • Risk Assessment: Summary of primary security concerns
  • Compliance Status: Alignment with OWASP LLM Top 10 and other frameworks

Detailed Findings

Each vulnerability includes:

  • Category: Classification (e.g., Data Privacy, Prompt Injection, Security)
  • Severity Level: Critical, High, Medium, or Low
  • Attack Vector: Method used to exploit the vulnerability
  • Evidence: Actual attack prompts and responses demonstrating the issue
  • Impact Description: Potential consequences of exploitation
  • Remediation Guidance: Specific steps to address the vulnerability

Assessment Metadata

  • Scan Configuration: Categories tested, engines used
  • Target Application: Endpoint details and description
  • Execution Summary: Duration, total prompts tested, success rates

Severity Level Interpretation

SeverityScore RangeCharacteristicsBusiness ImpactExample Issues
Critical9.0-10.0• Immediate system compromise possible
• Data breach or privacy violation confirmed
• Complete bypass of security controls
• Potential legal liability
• Regulatory compliance violations
• Reputation damage
• Financial losses
• Database credential exposure
• Complete prompt injection control
• PII mass extraction
High7.0-8.9• Significant security control bypass
• Sensitive information exposure
• Partial system compromise
• Compliance violations likely
• Customer trust erosion
• Operational disruption
• System prompt disclosure
• Partial PII leakage
• Successful jailbreak attempts
Medium4.0-6.9• Minor security control bypass
• Limited information disclosure
• Brand or reputation concerns
• Customer dissatisfaction
• Minor compliance issues
• Competitive disadvantage
• Inappropriate content generation
• Minor bias in responses
• Competitor information leakage
Low1.0-3.9• Minimal security impact
• Edge case scenarios
• Quality or usability issues
• User experience degradation
• Minor brand concerns
• Training data improvements needed
• Inconsistent responses
• Minor factual inaccuracies
• Occasional inappropriate tone