LangWatch has introduced LangWatch Scenario, an open-source framework designed specifically for automated red-teaming and AI penetration testing. This initiative targets organizations utilizing AI applications in their operations.
Based in Amsterdam, LangWatch emphasizes that this framework assesses AI agents—such as customer service bots and data analytics tools—against potential threats that conventional testing methods might overlook. Its primary focus is on industries like banking, insurance, and software, where AI systems often manage sensitive information or engage with crucial business processes.
Unlike traditional approaches that depend on a single prompt or a one-time penetration test, LangWatch Scenario simulates multi-turn attacks. This methodology reflects the gradual relationship an attacker builds with an AI system over the course of conversation before attempting to extract information or provoke unsafe behavior.
The framework executes a series of scenarios, escalating from low-risk interactions to more intricate requests and authority-based prompts. A secondary model analyzes the interaction’s progression and modifies the attack strategy accordingly during the assessment.
LangWatch asserts that this approach can reveal concealed risks within AI applications. These vulnerabilities often remain undetected in standard tests, as the model tends to fail only after multiple exchanges.
Rogerio Chaves, Co-founder and Chief Technology Officer at LangWatch, pointed out the significance of addressing this issue. “An AI agent that dismisses every inquiry may give a false sense of security. Cybercriminals do not pose a single direct question; instead, they engage in numerous casual conversations to cultivate trust. After twenty exchanges, a request that would have been refused at the outset may suddenly become acceptable,” he noted.
Testing Method
Scenario employs the Crescendo strategy devised by LangWatch, comprising a four-phase escalation process. It begins with exploratory discussions and progresses through hypothetical scenarios and authority-based claims, culminating in direct pressure on the target system.
Throughout each stage, the framework evaluates whether the AI agent is becoming more vulnerable to disclosure or unsafe actions. LangWatch believes that this architecture provides development teams with a clearer understanding of where an application may become exposed in real-world applications.
The software is compatible with existing development and continuous integration workflows, enabling teams to conduct ongoing tests as they make adjustments to models, prompts, and product features. This makes security reviews a continuous effort rather than a one-time task.
The launch arrives amid increasing scrutiny over the risks associated with AI systems. While public discourse often highlights apparent issues like deepfakes, misinformation, and privacy concerns, LangWatch argues there’s a less visible yet critical problem within the AI applications that enterprises deploy for their own operations.
Such systems encompass internal assistants, customer-facing chatbots, and analytics tools that access company data. Since they are tailored to specific functions and tied to business systems, they can introduce vulnerabilities that conventional model testing might not detect.
Customer Base
LangWatch reports that companies like Backbase, Buy It Direct, Ask Vinny, Visma, Skai, and PagBank already utilize its broader platform and are expanding their engagement to automated red-team testing. However, commercial terms and customer deployment figures for the new framework have not been disclosed.
LangWatch Scenario is being released as open-source software, a strategy that could enhance its adoption among internal engineering teams and external security researchers. This open-source model allows organizations to inspect, customize, and extend the testing methodology for their specific AI environments.
According to Manouk Draisma, Co-founder and Chief Executive Officer at LangWatch, risk exposure is not restricted to dramatic breaches. “It’s rarely about a single, sensational hack. It’s about patience and context. A cybercriminal who interacts calmly and systematically with an AI agent for twenty minutes can extract sensitive information that a direct attack would typically fail to uncover. LangWatch Red-Teaming makes these hidden risks visible before significant damage occurs,” she emphasized.
