Multi-Agent Systems
Red team a multi-agent system deployed in your own cloud (AWS or Azure) with ATLAS - point at its HTTP endpoint from the SDK or the TUI and capture the executed tool calls in findings.
ATLAS attacks a multi-agent system - a pipeline of cooperating agents with tools and trust boundaries - over a single HTTP contract. This page is for when that system runs in your own cloud (AWS, Azure, or anywhere): you already have it deployed and reachable at a URL, and you want to red team it.
The target contract
Section titled “The target contract”A multi-agent target is any HTTP service your system exposes that answers:
POST /attack { "prompt": "...", "surface": "direct|tool_output|peer_message", "injection": "..." }-> { "content": "...", "tool_calls": [ {agent, tool, arguments, result}, ... ], "cascade_depth": N, "boundary_crossings": N, "agents_touched": [...] }surfaceselects where ATLAS injects:direct(entry agent),tool_output(a tool’s return), orpeer_message(an inter-agent delegation).tool_callsis the evidence ATLAS gates on — a{agent, tool, arguments, result}per executed call, including tools fired by delegated agents.
Any deployment that answers this contract works. The per-cloud pages below assume you already have it running and give the exact SDK and TUI steps to red team it.
What you get in findings
Section titled “What you get in findings”For every deployment, findings render the same way:
- Per trial - the executed tool calls (
agent · name(arguments) → result). - Per finding - the distinct Tools Invoked across trials.
- Compliance - ATLAS categories populate the OWASP Agentic Top 10 matrix.
See Multi-Agent Red Teaming for the ATLAS algorithm, injection surfaces, and category reference.