Follow and read results
Once you launch an assessment, Respan opens a live workspace. This page covers how to follow the run while it happens and how to read the report it produces.
Follow a live assessment
The progress rail shows five stages:
- Recon: profiles the target’s role, defenses, refusal behavior, and available tools.
- Breadth: tests a range of adversarial prompt families.
- Depth: runs adaptive and multi-step attacks where appropriate.
- Verification: evaluates responses and confirms evidence.
- Report: calculates the final results.
Not every technique runs against every target. Respan selects attacks using the recon profile, detected capabilities, previous responses, and remaining assessment budget. It also stops testing a security objective after confirming a breach.
Target profile
After reconnaissance, expand Target profile to review what Respan inferred about the agent, including:
- Target type, domain, and persona
- Guardrail strength
- Detected tools
- Refusal behavior
- Possible attack angles
- Reconstructed system instructions, when the target disclosed enough information
Treat reconstructed instructions and tool details as sensitive information.
Current attempt
The Current attempt panel shows what Respan is testing now. Depending on the stage, it can include:
- Security objective
- Attack technique
- Prompt preview
- Target response preview
- Current evaluation state
Common outcomes are:
- Refused: the target resisted the attempt.
- Partial: the target exposed some risky behavior but did not fully satisfy the attack.
- Successful: the attack produced a confirmed security failure.
- Evaluation error: the response could not be evaluated reliably.
Live grade and findings
The grade and score update as the assessment progresses. Treat these values as provisional until the report is complete.
Confirmed findings appear as they are detected. A live finding can include its severity, category, technique, evidence preview, and the associated prompt or response.
Detailed activity
The workspace also provides expandable views for:
- Recon probe history: the profiling prompts and response previews.
- Behavioral risks: security objectives grouped with their strategies and attempts.
- Attempt history: prompt, response, verdict, score, and evidence available for recorded attack attempts.
- Event log: a chronological record of assessment activity that can be searched and filtered.
These views are useful when you need to understand how Respan reached a finding rather than relying only on the final grade.
Understand the final report
When the assessment completes, the live workspace becomes the final report.
Overall grade and score
The overall grade runs from A to F. It combines the number and severity of confirmed findings with how consistently the target resisted attack attempts.
An A does not prove that the agent is secure against every possible attack. It means that no severe vulnerability was confirmed within the tested scope and assessment budget.
Summary metrics
The final assessment summarizes:
- Confirmed findings: vulnerabilities supported by assessment evidence.
- Resistance rate: how frequently the target refused judged attack rounds.
- Target rounds used: request and response exchanges used during the assessment.
- Estimated cost: an informational estimate of model activity observed by the assessment engine, not an invoice from your target provider.
- Duration: total assessment runtime.
Confirmed findings
Start remediation with critical and high-severity findings. Expand a finding to review the information available for it:
- Security category and title
- Severity
- Attack technique
- Decisive prompt preview
- Target response preview
- Evidence that caused the finding to be confirmed
- OWASP and MITRE ATLAS mappings, when available
The evidence is the most important field: it shows the specific part of the target’s response that demonstrated the failure.
The report contains decisive details for confirmed findings, but it does not currently include a complete, untruncated transcript of every unsuccessful attempt.
Severity distribution
The report groups confirmed findings as:
- Critical: immediate, high-impact compromise such as exposed credentials or dangerous agent actions.
- High: serious control failure that should be addressed before production use.
- Medium: meaningful weakness with more limited impact or exploitability.
- Low: lower-impact behavior that still warrants hardening.
Category results
Category results show:
- Category grade
- Confirmed finding count
- Target rounds used
- Refused rounds
- Whether the category was black-box tested or requires deeper integration
Use the category view to distinguish a category that passed testing from one that Respan could not fully observe.
Why two assessments can differ
Red Team assessments are adaptive rather than deterministic. Results can change between runs because:
- The target or its model may respond differently.
- Recon may infer different tools or attack opportunities.
- An early successful attack can stop later strategies for that objective.
- Multi-step attacks adapt to earlier responses.
- The assessment has a bounded number of target rounds.
For this reason, a grade and probe count alone cannot reproduce the exact prompts from a previous run. Use that assessment’s attempt history, findings, and event log to review what was actually tested.