Your record stays in this browser. Nothing leaves your device.

Red Team Scoping Tool

Engagement scoping needs an answer before the first probe: which layers may you test at all, and who owns each finding. The operating model decides that split. Under AI-SaaS, the platform and model layers belong to the provider; testing them without authorization is out of scope. This tool reads the SRF layer model and operating-model matrix, resolves testable, authorization-required, and out-of-scope layers, pre-assigns finding ownership, and produces a signable scoping record. It supplies the accountability overlay only; methodology comes from the OWASP GenAI Red Teaming Guide and attack taxonomy from NIST AI 100-2.

Runs in your browser. No data leaves your device. Engagement details, authorization references, and scope notes stay local and are never sent anywhere.

1. The engagement

2. Scope by layer

Tier is derived from your operating model. Testable directly means the target org owns the layer. Authorization required means the layer is shared or provider-evaluated; record what you were granted before testing it. Out of scope means the provider owns the layer outright; do not test it without separately negotiated authorization. Every in-scope layer still needs one named finding owner: shared is not a valid final answer.

3. Evidence handling

Standard obligations for this engagement. Adjust in the notes field for anything engagement-specific.

  • Capture full prompts, injected payloads, model outputs, and tool-call logs for every finding before remediation begins.
  • Preserve a timestamped timeline: probe sent, response observed, and any downstream action triggered.
  • Route provider-owned layer findings through the provider's disclosure channel; do not publish before their agreed window closes.
  • Retain evidence per the target org's incident evidence policy; treat it as sensitive regardless of finding severity.
4. Sign-off

This scoping record applies the CoSAI AI Shared Responsibility Framework's accountability overlay to an engagement: which layers your operating model puts in scope, and who owns each finding. It does not define attack techniques, test methodology, or severity; consult the OWASP GenAI Red Teaming Guide and NIST AI 100-2 for those. Governance artifact, not legal advice; verify testing authorization against your contracts before probing any provider-owned layer.