# Red-team scenario library

Use this library to test AI systems before they receive sensitive data, tool authority, or broad user access. Scenarios should be realistic enough to expose system behavior, but controlled enough that results can be reproduced in regression testing.

## Scenario categories

- Prompt injection: malicious instructions inside retrieved documents, user messages, filenames, and support-ticket content.
- Data leakage: requests for restricted documents, cross-customer context, hidden system prompts, and internal logs.
- Unsafe tool use: unauthorized updates, duplicate actions, incorrect recipients, destructive changes, and approval bypass.
- Policy bypass: social engineering, urgency claims, role impersonation, and indirect requests for prohibited action.
- Recovery behavior: escalation quality, rollback instructions, incident logging, and customer-visible containment.

## Evidence capture

For each scenario, record prompt, context, expected behavior, actual behavior, severity, owner, fix, and regression test. A failed red-team test should produce either a control change or a documented risk acceptance.