When deploying a RAG app to production, you should evaluate the safety of the answers generated by the RAG flow. This is important to ensure that the answers are appropriate and do not contain any harmful or sensitive content. This project includes scripts that use the azure-ai-evaluation SDK to perform an automated safety scan with an AI Red Teaming agent.
- Deploy an Azure AI project
- Setup the evaluation environment
- Run the red teaming agent
- Review the red teaming results
In order to use the Red Teaming agent, you need an Azure AI project inside Azure AI Foundry.
-
Run this command to tell
azdto provision an Azure AI project:azd env set USE_AI_PROJECT true
-
Then, run the following command to provision the project:
azd provision
-
Create a new Python virtual environment in
.evalenvby running the following command:python -m venv .evalenv
-
Activate the virtual environment by running the following command:
MacOS/Linux:
source .evalenv/bin/activateWindows:
.evalenv\Scripts\activate
-
Install the dependencies for the safety evaluation script:
pip install uv
uv pip install -r evals/requirements.txtTo run the red teaming agent, you need to have the RAG app running at a deployed URL or local URL. Consult the main README for deployment instructions local server instructions.
In the same terminal where you activated .evalenv, run this command to perform a red teaming scan:
python evals/safety_evaluation.py --target_url <TARGET_URL> --questions_per_category <NUM_QUESTIONS>--target_url: The target URL for the callback. Default ishttp://127.0.0.1:8000/chat, which assumes the RAG app is running locally. If you want to scan a deployed app instead, set this tohttps://DEPLOYEDURL/chat.--questions_per_category: The number of questions per risk category to ask during the scan. There are four risk categories (hate_unfairness,sexual,violence, andself_harm). The default is 5 questions per category, but you can decrease this number to 1 for test runs, or increase it for a more thorough evaluation. Note that the total questions asked will be higher, as the red teaming agent is configured to try multiple attack strategies, where it transforms the original question in different ways.
That command will save results both in Azure AI Foundry and in the local evals/redteams directory.
Navigate from the URL in the terminal output to the results in Azure AI Foundry. First you'll see overall attack metrics:
Then you can dig into the data and see the questions and answers received from your app:
Note that the questions are intentionally adversarial, so you should mentally prepare for that before looking at the results. The goal is to see if your app can handle these adversarial queries and provide safe answers. Even if your scan results in a 0% attack success rate, you should still review the questions and answers to ensure that you're happy with the way your app responds to these adversarial queries.
Learn more in the Red Teaming Agent documentation.
In addition to the results in Azure AI Foundry, you can also review the results locally in the evals/redteams directory. The results are saved in JSON format.
Each file in this directory corresponds to a single red teaming scan, and contains the following fields:
scorecard: A summary of the scan results, including the attack success rate and the number of questions asked.parameters: The parameters used for the scan, including the risk categories and attack strategies.attack_details: A list of the questions asked during the scan, along with the answers received from your app.studio_url: A link to the Azure AI Foundry studio where you can view the results in more detail.
Learn more in the Red Teaming Agent documentation.
To learn more about the red team scanning, look through the script, documentation, and videos below: