Skip to content

Multi-Agent Systems

Red team a multi-agent system deployed in your own cloud (AWS or Azure) with ATLAS - point at its HTTP endpoint from the SDK or the TUI and capture the executed tool calls in findings.

ATLAS attacks a multi-agent system - a pipeline of cooperating agents with tools and trust boundaries - over a single HTTP contract. This page is for when that system runs in your own cloud (AWS, Azure, or anywhere): you already have it deployed and reachable at a URL, and you want to red team it.

A multi-agent target is any HTTP service your system exposes that answers:

POST /attack
{ "prompt": "...", "surface": "direct|tool_output|peer_message", "injection": "..." }
->
{ "content": "...", "tool_calls": [ {agent, tool, arguments, result}, ... ],
"cascade_depth": N, "boundary_crossings": N, "agents_touched": [...] }
  • surface selects where ATLAS injects: direct (entry agent), tool_output (a tool’s return), or peer_message (an inter-agent delegation).
  • tool_calls is the evidence ATLAS gates on — a {agent, tool, arguments, result} per executed call, including tools fired by delegated agents.

Any deployment that answers this contract works. The per-cloud pages below assume you already have it running and give the exact SDK and TUI steps to red team it.

For every deployment, findings render the same way:

  • Per trial - the executed tool calls (agent · name(arguments) → result).
  • Per finding - the distinct Tools Invoked across trials.
  • Compliance - ATLAS categories populate the OWASP Agentic Top 10 matrix.

See Multi-Agent Red Teaming for the ATLAS algorithm, injection surfaces, and category reference.