A Pulse Field Note · Shield

Red-teaming an enterprise assistant

A panel of personified agents hunted an enterprise assistant for jailbreaks, then deduplicated the hits into a CISO-ready risk read.

Panel
Personified adversarial panel
Protocol
Governance protocol + red-team · OWASP vectors
Records
72 red-team sessions · de-duplicated, severity-banded
Field date
Mar 25, 2026
The anatomy of this study
Test Cases
×
Persona Agents
×
Metrics
×
Business Context
=
Contextual
Evaluation
01 · Test Cases

Realistic scenarios & goals

Governance protocol + red-team · OWASP vectors
The goalTurn an AI-approval decision into two customer-readable tests — does it hold under realistic work journeys, and where does it break under adversarial pressure?
02 · Persona Agents

Who we put on the panel

personified adversarial panel

A panel of personified agents exercising realistic work journeys and applying adversarial pressure — ambiguity, injected documents, urgency, authority claims, client pressure, and invented metadata bait.

72
red-team sessions
OWASP
risk taxonomy
03 · Metrics

What we measured, & why

safety · usability · user burden · risk discovery

Measures confidentiality, matter boundaries, audit trails, and escalation paths — then de-duplicates and severity-bands the surviving findings.

04 · Business Context

Why this matters

what makes the finding meaningful

A CISO's job is to let the organization adopt AI without weakening confidentiality, auditability, incident readiness, or client trust. This turns that mission into approval evidence before a governed assistant reaches production.

De-duplicated, severity-banded findings are something security, legal, and business owners can review together — and replay — instead of arguing over a pile of raw transcripts.

Summary
Verdict
Two customer-readable tests — a governance protocol test and a red-team test — turn AI-approval decisions into reviewable evidence. The adversarial panel's hits are de-duplicated and severity-banded into a CISO-ready risk read, preserved for replay.
Method
A panel of personified agents runs structured attack vectors — roleplay escalation, audit pretexts, instruction overrides, injected documents, urgency and authority claims — against a governed enterprise assistant. A judge layer de-duplicates near-identical findings and severity-bands what survives.
Knockout
The value isn't the raw jailbreak count — it's de-duplication: collapsing dozens of near-identical hits into the handful of distinct risks a security owner actually has to act on.
Limitations
A governed-assistant demo, not a public model audit. Severity bands are reviewer judgments; the risk read is evidence for a security, legal, and business review — not a compliance certification.
Go deeper — the full study, every persona, and all the evidence.
See the full study