Understanding and Acting on Javelin RedTeam Reports
This guide helps you interpret Javelin RedTeam assessment reports and take effective action to remediate discovered vulnerabilities. Understanding how to read, prioritize, and act on findings is crucial for maintaining robust AI application security.
tip
You can also download the report pdf from the download button at the top right of the report page
Report Structure Overview
Executive Summary
- Overall Security Score: Numerical rating (0-100) indicating application security posture
- Total Vulnerabilities Found: Count by severity level (Critical, High, Medium, Low)
- Risk Assessment: Summary of primary security concerns
- Compliance Status: Alignment with OWASP LLM Top 10 and other frameworks
Detailed Findings
Each vulnerability includes:
- Category: Classification (e.g., Data Privacy, Prompt Injection, Security)
- Severity Level: Critical, High, Medium, or Low
- Attack Vector: Method used to exploit the vulnerability
- Evidence: Actual attack prompts and responses demonstrating the issue
- Impact Description: Potential consequences of exploitation
- Remediation Guidance: Specific steps to address the vulnerability
Assessment Metadata
- Scan Configuration: Categories tested, engines used
- Target Application: Endpoint details and description
- Execution Summary: Duration, total prompts tested, success rates
Severity Level Interpretation
Severity | Score Range | Characteristics | Business Impact | Example Issues |
---|---|---|---|---|
Critical | 9.0-10.0 | • Immediate system compromise possible • Data breach or privacy violation confirmed • Complete bypass of security controls | • Potential legal liability • Regulatory compliance violations • Reputation damage • Financial losses | • Database credential exposure • Complete prompt injection control • PII mass extraction |
High | 7.0-8.9 | • Significant security control bypass • Sensitive information exposure • Partial system compromise | • Compliance violations likely • Customer trust erosion • Operational disruption | • System prompt disclosure • Partial PII leakage • Successful jailbreak attempts |
Medium | 4.0-6.9 | • Minor security control bypass • Limited information disclosure • Brand or reputation concerns | • Customer dissatisfaction • Minor compliance issues • Competitive disadvantage | • Inappropriate content generation • Minor bias in responses • Competitor information leakage |
Low | 1.0-3.9 | • Minimal security impact • Edge case scenarios • Quality or usability issues | • User experience degradation • Minor brand concerns • Training data improvements needed | • Inconsistent responses • Minor factual inaccuracies • Occasional inappropriate tone |