--- title: ZioSec API: Offensive Agent Validation On-Demand description: Point the ZioSec API at an agent endpoint. It red-teams the agent and returns audit-ready evidence mapped to OWASP AISVS, MITRE ATLAS, and more. No platform to run. url: https://ziosec.com/api --- # Agent Red-Teaming, Delivered as an API Point the ZioSec API at an agent endpoint. It red-teams the agent and returns an audit-ready evidence packet. No platform to run, no dashboards to learn. The offensive-validation engine, embedded directly in your product or workflow. [Talk to Our Team](/contact) | [See a Sample Report](/sample-report) ## The engine, not the interface Some teams want a platform to log into. You want the capability inside what you already build. The ZioSec API exposes the same offensive-validation engine that powers our platform, callable from your code. Submit an agent endpoint, receive structured findings back. Whether you run a TPRM platform assessing vendor agents, an underwriter pricing agentic risk, or a security product embedding agent pentesting, you get bespoke offensive testing without standing up a red-team practice of your own. ## AI attacks AI, on every call The API does not replay a fixed checklist. For each endpoint you submit, our AI maps the agent's architecture, tools, and data access, then autonomously generates bespoke, deep-chained attack trees unique to that agent and executes them in real time. Prompt injection, tool misuse, agent-to-agent exploits, privilege escalation, data exfiltration, jailbreaks, system prompt extraction, and credential abuse, chained the way a real adversary would chain them. This is the non-copyable core of ZioSec, and it runs the same whether you reach it through the platform or the API. ## An audit-ready evidence packet, structured for your systems Every campaign returns a structured packet, not a PDF you have to parse by hand. It contains the full list of attacks attempted, which ones succeeded, severity for each finding, step-by-step reproduction steps, and control-level mappings to OWASP AISVS, MITRE ATLAS, ISO 42001, NIST AI RMF, the EU AI Act, and AIUC-1. Every finding carries timestamps and is exportable as JSON for ingestion or as a report artifact for GRC and trust workflows. The mappings are produced by our methodology (A2OSF), the high-resolution taxonomy we classify findings in before exporting them to the six public standards. See how the mapping works on our [methodology page](/methodology). ## Scoped access, your data stays yours Red-teaming a live agent needs access, and we treat that access as a liability to minimize. You provide either a scoped, time-boxed credential or a test-through-gateway path with no standing access to your environment. Credentials are encrypted in transit and at rest, used only for the active campaign, and revoked on completion. ZioSec retains the findings we generate, not your data and not your keys. Processing region and retention period are configurable to fit your compliance posture. You decide where the work runs and how long anything is kept. ## A controlled capability, scoped by you You define the blast radius before a single attack runs: which agents are in bounds, which tools may be exercised, and which data classes are off limits. Destructive actions are simulated or approval-gated, never executed blind. Every campaign supports a one-click stop, runs under rate limits you set, and produces a full audit log of everything attempted. Offensive testing against production agents is powerful, so we make it controllable end to end. ## Built for platforms and underwriters TPRM and vendor-risk platforms call the API to validate third-party agents and attach evidence to vendor records. Insurance and underwriting teams use it to price agentic risk on real attack outcomes instead of questionnaires. Security platforms embed it to offer agent pentesting under their own brand. The API supports custom agents, Claude Code, and any agent built on MCP or A2A protocols, so the same integration covers the agents your customers actually run. ## Three ways to get the engine The API is one of three delivery methods. Run the full product yourself with the [platform](/platform), embed the engine programmatically with the API, or start with a [scoped engagement](/ai-agent-pentesting). The $10,000 scoped pentest is the low-commitment on-ramp: a fixed-scope offensive assessment of your agents, with 100% of the fee crediting toward an annual platform subscription. Many teams start there to see the evidence packet on their own agents, then move to the API or platform. For high-touch rollouts, we also work through managed advisory and consulting partners. ## From endpoint to evidence in three steps No platform to run. The work happens between your API call and the response. 1. **Send the endpoint.** Submit an agent endpoint with a scoped, time-boxed credential or a test-through-gateway path. Set the scope: which tools, which data classes, which limits apply. 2. **We red-team it.** Our AI maps the agent, then generates and executes bespoke deep-chained attack trees against it in real time. Destructive actions are simulated or approval-gated. 3. **Evidence comes back.** You receive a structured packet: attacks attempted, what succeeded, severity, reproduction steps, framework mappings, and timestamps. Exportable for GRC and trust workflows. ## Frequently Asked Questions **What exactly does the API return?** A structured evidence packet for each campaign. It lists every attack attempted, which ones succeeded, the severity of each finding, step-by-step reproduction steps, control-level mappings to OWASP AISVS, MITRE ATLAS, ISO 42001, NIST AI RMF, the EU AI Act, and AIUC-1, and timestamps for everything. It is available as JSON for ingestion and as a report artifact you can export into GRC and trust workflows. **How do you handle credentials and our data?** You provide a scoped, time-boxed credential or a test-through-gateway path, so we never hold standing access to your environment. Credentials are encrypted in transit and at rest, used only for the active campaign, and revoked on completion. ZioSec retains the findings we generate, not your data and not your keys. Processing region and retention period are both configurable. **Is it safe to run this against live agents?** Yes, because you control the blast radius. You define which agents, tools, and data classes are in bounds before testing starts. Destructive actions are simulated or approval-gated and never executed blind. Every campaign has a one-click stop, runs under rate limits you set, and produces a full audit log. It is a controlled capability by design. **Which agents can the API test?** Custom agents, Claude Code, and any agent built on MCP or A2A protocols. The differentiator is that we do not run a fixed checklist. For each endpoint, our AI generates bespoke, deep-chained attack trees unique to that agent's architecture, tools, and data access, then executes them in real time. **Do I need to run a platform to use the API?** No. The API is the engine delivered programmatically, with no platform to stand up or dashboards to learn. If you do want a product to log into, the same engine is available as the ZioSec platform. The API and the platform are two of three delivery methods, alongside a scoped engagement. **What is the lowest-commitment way to start?** The $10,000 scoped pentest engagement. It is a fixed-scope offensive assessment of your agents, and 100% of the fee credits toward an annual platform subscription. Many teams start there to see the evidence packet on their own agents before integrating the API or adopting the platform. ## Related - [The ZioSec Platform](/platform) - [Scoped Pentest Engagement](/ai-agent-pentesting) - [Framework Mappings and Compliance](/ai-compliance) ## Contact Embed offensive validation in your product. Point the API at an agent, get audit-ready evidence back. Talk to our team about integration, processing regions, and volume, or see a sample report first. - Email: info@ziosec.com - Phone: +1-720-807-2737 - Location: Boulder, CO - Book a demo: [/demo](/demo)