The latest CalypsoAI platform release (v8.162.0) brings major enhancements across two core pillars: Inference Red-Team and Inference Defend. With Inference Red-Team now generally available, this release introduces a new standard for proactive AI testing—expanding capabilities, simplifying campaign creation, and improving the precision of security insights. Meanwhile, Inference Defend continues to evolve, delivering massive performance improvements and revamped scanners for real-time threat prevention.

Here’s everything that’s new in the April 2025 release.

Inference Red-Team: GA with Major Feature Expansion

Our Red-Team product is officially live for general enterprise deployment. With GA comes expanded attacks, a streamlined user experience, and real-world features for testing and governing AI systems.

Smarter Reports

We’ve refined the Inference Red-Team reporting experience to offer clearer scoring and more consistent data presentation. Updates include:

• A summary section at the top of each report showing total vulnerabilities, attack coverage, and recommendations
• Standardized formatting for attack results, making it easy to compare vulnerabilities against total attack volume
• Improved breakdown of vulnerabilities by intent category data
• Visibility into results from agent attack prompts
• A detailed view of the results for each custom intent
• “Mitigation actions” renamed as recommendations
• New print button for clean exports
• Relocated “View raw data” button to increase the scroll area

Printable Report Format

For customers who need to share results across stakeholders, we’ve introduced a printable version of Inference Red-Team reports—ideal for audits, executive review, or compliance documentation.

Unified Attack Campaigns

All attack types are now accessible in a single campaign:

• Signature attacks: Out-of-the-box, curated and tested single-turn prompts, updated monthly with new 10,000+ prompt packs
• Operational attacks: Traditional denial-of-service and denial-of-wallet application attacks reformulated for AI
• Agentic Warfare™: Dynamic, multi-turn attacks based on user-defined custom prompts that learn from—adapt to—model response
• Agent attack prompts: Dynamic, single-turn attacks based on user-provided custom intents that leverage the same attack vectors used in Signature attacks.

When creating a campaign:

• The latest signature prompt pack is selected by default
• All vectors and converters are auto-included
• Operational attacks must be manually enabled
• Agentic Warfare™ and agent attack prompts require at least one custom intent
• A real-time campaign summary appears as you make selections

Two New Agentic Warfare™ Attacks

We’ve launched two advanced, multi-turn adversarial techniques built to exploit reasoning and ethical ambiguity in LLMs:

• FRAME (Find Rational Arguments and Make Excuses): Bypasses safeguards by prompting the model to rationalize the request as beneficial
• Trolley: Based on the classic moral dilemma, this attack forces models into choosing between two unsafe outputs to identify misaligned decision logic

Expanded Use Case Coverage

You can now run up to 5 custom intents in a single Agentic Warfare™ campaign, expanding coverage and extracting more value from every test.

New Attack Vector: Refusal Suppression

The April prompt pack includes a new attack vector: refusal suppression. This vector reduces the model’s ability to decline harmful prompts by altering the framing of refusal pathways—making unauthorized completions more likely. Available in both Signature and Agent Attack Prompt tests.

Scheduled Attack Runs and Reports

Inference Red-Team users can now schedule recurring attack campaigns and reports, integrating security testing more seamlessly into their workflows. This new capability enhances:

• Model governance, where teams configure the “All Attacks” campaign to run on a set cadence—such as monthly—to assess whether models remain resilient against the latest attack techniques.
• Standardized testing workflows, allowing security teams to align red-teaming with development sprints or application release cycles by running custom attack suites at predefined intervals.
• Ongoing vulnerability reporting, where regularly scheduled campaigns monitor the security posture of employee- and customer-facing AI applications, surfacing new risks over time.

Inference Defend: Faster Scans, Smarter Packages

For Inference Defend, this release includes a 5x improvement in scanner latency—a major leap forward for both performance and efficiency.

Latency Improvements

If you’ve ever used a slow chat interface, or had to sign the check for out-of-budget GPUs, then you’ve felt the pain of latency. CalypsoAI’s research team went on a mission to make our scanners faster and came back with a massive 5x speed boost, while maintaining accuracy.

New PII + Prompt Injection Packages

As part of the 5x latency improvement we’ve released new versions of Inference Defend’s out-of-the-box PII and Prompt Injection packages. The scanners in this packages have all been re-engineered to maximize efficiency and speed with accuracy of at least 90%. 

What This Means

With Inference Red-Team now generally available and Inference Defend pushing the limits of real-time performance, CalypsoAI continues to define what it means to secure AI in the enterprise. Our platform doesn’t just react—it adapts. We’re building a feedback loop between testing and protection, creating a self-healing inference security architecture that evolves with AI itself.

Ready to see what’s possible? Schedule a demo now.