Projects
A project represents an AI system you want to assess. Each project belongs to an organization and defines the target endpoint, connection method, and configuration needed to send prompts.
Creating a Project
Navigate to New Project or click + New Scenario from an existing project. Every project requires:
- Name — Identifies the project in lists and reports.
- Target URL — The URL of your AI system's endpoint or chat page.
- Target Type —
apiorwidget(see below). - Organization — The org this project belongs to.
API Mode
Use API mode to assess REST or HTTP endpoints directly. The platform sends each prompt as an HTTP request.
| Setting | Description | Example |
|---|---|---|
| API Method | HTTP method to use | POST |
| API Headers | JSON object of request headers | {"Authorization": "Bearer xxx"} |
| Body Template | JSON body with {{prompt}} placeholder | {"message": "{{prompt}}"} |
| Response Path | JSONPath to extract the response text | choices.0.message.content |
The {{prompt}} placeholder in the body template is replaced with the actual prompt text at execution time. The response path uses dot notation to navigate the JSON response and extract the AI's reply.
Widget Mode
Use widget mode to assess browser-based chat interfaces. The platform launches a headless browser, navigates to your target URL, and interacts with the chat widget using XPath selectors.
| Setting | Description | Example |
|---|---|---|
| Input XPath | XPath selector for the chat input field | //textarea[@placeholder="Type a message"] |
| Output XPath | XPath selector for the response container | //div[@class="message bot"][last()] |
The browser types the prompt into the input element, submits it (Enter key), waits for a response, then reads the text content from the output element. Both XPath selectors must accurately target the correct DOM elements.
Managing Projects
From the project detail page (click any project name), you can:
- View the security scorecard — OWASP and NIST compliance gauges
- Browse and run scenarios for this project
- View scorecard details — per-category pass rates and coverage gaps
- Edit project settings — update URL, type, API config, or delete the project