OmegaEngine · Red Team Quickstart · Pro+ Feature

Secure Your AI in 5 Minutes

Scan prompts, tools, and live endpoints for vulnerabilities. Get CI/CD-ready SARIF reports with auto-remediation policies.

Prerequisites

Pro plan or higher ($599/mo+ — includes scan & quick-scan)
Node.js 18+ (for TypeScript SDK)
API key from Settings → API Keys

Install the SDK

bash

npm install @omegaengine/sdk

Run a Static Scan

Scan your AI agent's prompts, system instructions, and tool definitions for safety issues before deployment.

typescript

import { OmegaClient } from "@omegaengine/sdk";

const omega = new OmegaClient({
  baseUrl: "https://omegaengine.ai",
  apiKey: process.env.OMEGA_API_KEY!,
});

try {
  const result = await omega.scan({
    prompt: "Summarize the patient's medical records",
    systemInstruction: "You are a helpful medical assistant",
    tools: [
      { name: "read_file", description: "Read file from disk" },
      { name: "http_post", description: "Send HTTP POST to any URL" },
    ],
    failOn: "high",
  });

  if (result.verdict === "FAIL") {
    console.error(`Scan failed: ${result.ci.failReason}`);
    console.error(`${result.summary.totalFindings} findings:`);
    for (const f of result.findings) {
      console.error(`  [${f.severity}] ${f.title}`);
      console.error(`    Fix: ${f.remediation}`);
    }
    process.exit(1);
  }

  console.log("✅ Scan passed — safe to deploy");
} catch (err: any) {
  if (err?.status === 429) {
    console.error("Rate limited — wait 60s and retry");
    process.exit(2);
  }
  if (err?.code === "ECONNABORTED" || err?.code === "ETIMEDOUT") {
    console.error("Request timed out — check connectivity");
    process.exit(3);
  }
  console.error("Scan error:", err?.message ?? err);
  process.exit(1);
}

Or use cURL

bash

curl -X POST https://omegaengine.ai/api/v2/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: omega_your_api_key_here" \
  -d '{
    "prompt": "Summarize the patient medical records",
    "tools": [
      {"name": "read_file", "description": "Read file from disk"},
      {"name": "http_post", "description": "Send HTTP POST to any URL"}
    ],
    "failOn": "high"
  }'

Understand the Response

The scan returns a structured verdict with findings, severity breakdown, and CI/CD integration fields.

json

{
  "ok": true,
  "scanId": "SCAN-abc123-XY99",
  "verdict": "FAIL",
  "summary": {
    "totalFindings": 5,
    "bySeverity": { "critical": 0, "high": 5, "medium": 0, "low": 0 },
    "durationMs": 10,
    "failOn": "high"
  },
  "findings": [
    {
      "id": "F-0001",
      "severity": "high",
      "category": "COMMAND_INJECTION",
      "source": "tool",
      "title": "Tool \"read_file\" safety violation: COMMAND_INJECTION",
      "description": "Tool triggered the COMMAND_INJECTION safety filter.",
      "remediation": "Review tool definition for unsafe patterns."
    }
  ],
  "ci": {
    "passed": false,
    "exitCode": 1,
    "failReason": "Found 0 critical, 5 high severity findings",
    "badge": "failing"
  }
}

Add to CI/CD Pipeline

Add to your GitHub Actions workflow to automatically scan before every deployment. Note: the omegaengine/redteam-action is coming soon — use the cURL step below as an alternative.

yaml

name: AI Security Scan

on:
  push:
    branches: [main]
  pull_request:

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: OmegaEngine Red Team Scan
        uses: omegaengine/redteam-action@v2
        with:
          api-key: ${{ secrets.OMEGA_API_KEY }}
          target: ${{ env.AGENT_ENDPOINT }}
          attack-vectors: "all"
          severity-threshold: "HIGH"
          output-format: "sarif"

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: omega-results.sarif

Live Endpoint Probing (Quick-Scan)

Probe a live AI endpoint with real attack payloads from the OmegaEngine corpus. Runs up to 1,000 attacks in under 60 seconds.

typescript

const result = await omega.quickScan({
  targetUrl: "https://staging.example.com/api/chat",
  attackCount: 200,
  categories: ["JAILBREAK", "PROMPT_INJECTION", "DATA_EXFIL"],
  failOn: "critical",
  generatePolicies: true,
});

console.log(`Verdict: ${result.verdict}`);
console.log(`Block rate: ${result.summary.blockRate}%`);
console.log(`${result.summary.bypassed}/${result.summary.totalAttacks} attacks bypassed`);

if (result.policies.generated > 0) {
  console.log(`${result.policies.generated} auto-fix policies generated`);
}

if (result.verdict === "FAIL") {
  process.exit(result.exitCode);
}

What's Next

Take your AI security further.

API Reference

Full scan & quick-scan API docs

CI/CD Guide

GitHub, GitLab, Jenkins integration

Full Assessment

thousands of+ vectors, run against your agent config

OmegaEngine · Red Team Quickstart · Pro+ Feature

Secure Your AI in 5 Minutes

Scan prompts, tools, and live endpoints for vulnerabilities. Get CI/CD-ready SARIF reports with auto-remediation policies.

Prerequisites

Pro plan or higher ($599/mo+ — includes scan & quick-scan)
Node.js 18+ (for TypeScript SDK)
API key from Settings → API Keys

Install the SDK

bash

npm install @omegaengine/sdk

Run a Static Scan

Scan your AI agent's prompts, system instructions, and tool definitions for safety issues before deployment.

typescript

import { OmegaClient } from "@omegaengine/sdk";

const omega = new OmegaClient({
  baseUrl: "https://omegaengine.ai",
  apiKey: process.env.OMEGA_API_KEY!,
});

try {
  const result = await omega.scan({
    prompt: "Summarize the patient's medical records",
    systemInstruction: "You are a helpful medical assistant",
    tools: [
      { name: "read_file", description: "Read file from disk" },
      { name: "http_post", description: "Send HTTP POST to any URL" },
    ],
    failOn: "high",
  });

  if (result.verdict === "FAIL") {
    console.error(`Scan failed: ${result.ci.failReason}`);
    console.error(`${result.summary.totalFindings} findings:`);
    for (const f of result.findings) {
      console.error(`  [${f.severity}] ${f.title}`);
      console.error(`    Fix: ${f.remediation}`);
    }
    process.exit(1);
  }

  console.log("✅ Scan passed — safe to deploy");
} catch (err: any) {
  if (err?.status === 429) {
    console.error("Rate limited — wait 60s and retry");
    process.exit(2);
  }
  if (err?.code === "ECONNABORTED" || err?.code === "ETIMEDOUT") {
    console.error("Request timed out — check connectivity");
    process.exit(3);
  }
  console.error("Scan error:", err?.message ?? err);
  process.exit(1);
}

Or use cURL

bash

curl -X POST https://omegaengine.ai/api/v2/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: omega_your_api_key_here" \
  -d '{
    "prompt": "Summarize the patient medical records",
    "tools": [
      {"name": "read_file", "description": "Read file from disk"},
      {"name": "http_post", "description": "Send HTTP POST to any URL"}
    ],
    "failOn": "high"
  }'

Understand the Response

The scan returns a structured verdict with findings, severity breakdown, and CI/CD integration fields.

json

{
  "ok": true,
  "scanId": "SCAN-abc123-XY99",
  "verdict": "FAIL",
  "summary": {
    "totalFindings": 5,
    "bySeverity": { "critical": 0, "high": 5, "medium": 0, "low": 0 },
    "durationMs": 10,
    "failOn": "high"
  },
  "findings": [
    {
      "id": "F-0001",
      "severity": "high",
      "category": "COMMAND_INJECTION",
      "source": "tool",
      "title": "Tool \"read_file\" safety violation: COMMAND_INJECTION",
      "description": "Tool triggered the COMMAND_INJECTION safety filter.",
      "remediation": "Review tool definition for unsafe patterns."
    }
  ],
  "ci": {
    "passed": false,
    "exitCode": 1,
    "failReason": "Found 0 critical, 5 high severity findings",
    "badge": "failing"
  }
}

Add to CI/CD Pipeline

Add to your GitHub Actions workflow to automatically scan before every deployment. Note: the omegaengine/redteam-action is coming soon — use the cURL step below as an alternative.

yaml

name: AI Security Scan

on:
  push:
    branches: [main]
  pull_request:

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: OmegaEngine Red Team Scan
        uses: omegaengine/redteam-action@v2
        with:
          api-key: ${{ secrets.OMEGA_API_KEY }}
          target: ${{ env.AGENT_ENDPOINT }}
          attack-vectors: "all"
          severity-threshold: "HIGH"
          output-format: "sarif"

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: omega-results.sarif

Live Endpoint Probing (Quick-Scan)

Probe a live AI endpoint with real attack payloads from the OmegaEngine corpus. Runs up to 1,000 attacks in under 60 seconds.

typescript

const result = await omega.quickScan({
  targetUrl: "https://staging.example.com/api/chat",
  attackCount: 200,
  categories: ["JAILBREAK", "PROMPT_INJECTION", "DATA_EXFIL"],
  failOn: "critical",
  generatePolicies: true,
});

console.log(`Verdict: ${result.verdict}`);
console.log(`Block rate: ${result.summary.blockRate}%`);
console.log(`${result.summary.bypassed}/${result.summary.totalAttacks} attacks bypassed`);

if (result.policies.generated > 0) {
  console.log(`${result.policies.generated} auto-fix policies generated`);
}

if (result.verdict === "FAIL") {
  process.exit(result.exitCode);
}

What's Next

Take your AI security further.

API Reference

Full scan & quick-scan API docs

CI/CD Guide

GitHub, GitLab, Jenkins integration

Full Assessment

thousands of+ vectors, run against your agent config