Cisco
Login
Search
Software AI Defense
Activity Manage

Validation Validate AI Models and Applications

Last updated: Jul 23, 2025

Validate AI Models and Applications

Validation test generates a report detailing the percentage of attacks blocked by the model, where a perfect score would be 100% of attacks blocked.

There are three ways to run a validation test, depending on where your model is hosted. These approaches are explained in the sections below:

  • Configure and run a validation test of an AI model

  • Configure and run a validation test of an AI application

  • Configure and run a validation test of an external model

Configure and run a validation test of an AI model

This type of test validates an AI model that has been auto-discovered and is displayed in the Assets tab. You can see the discovered AI models in the Assets: Cloud visibility tab. If the model you're looking for is missing, make sure you've connected to the cloud service that hosts your models and applications.

Prerequisites

  • Currently, only AWS Bedrock is supported. You must configure the AWS Bedrock integration. See the section, AWS Bedrock Integration.

  • A Multicloud Defense integration is required for model discovery. See Multicloud Defense Integration.

Procedure

A model validation test requires a set of parameters that will be used to connect to and test the AI model. To configure and run a validation test for a model:

  1. Click the Run validation button in the Validation page.

  2. In Asset type, choose Model.

  3. Specify the test parameters and the model to be tested:

    • Asset name: The name of the model as shown in the Assets page.

    • Model ID: The model ID as stored in the platform hosting the model.

    • Test name: Give this test a memorable name to better find it later.

    • Prompt template: This is the JSON request payload that will be sent to the model's inference API in order to test it. This must include a {{prompt}} placeholder where the AI Defense-generated test prompts will be inserted.

    • Response: a JSON path that specifies where in the HTTP response. See “Format the response path” below.

  4. Click Submit. The test runs immediately.

Configure and run a validation test of an AI application

This type of test validates an AI model that you have manually registered using AI Defense’s Applications page.

Prerequisites

  • Create the application and connection in the AI Defense: Applications panel.

  • Have your model API credentials ready for including in the HTTP headers used to connect to the model.

Procedure

The test requires a set of parameters that will be used to connect to and test the application’s AI model. Follow the steps below to configure and run a validation test for an application.


 

An application validation evaluates the model connected to the application, not the application itself.

  1. Click the Run validation button in the Validation page.

  2. In Asset type, choose Application.

  3. Specify the test parameters and the model to be tested:

    • Application: Application to be tested. This is the name you gave to the application in the AI Defense: Applications panel.

    • Test name: Give this test a memorable name to better find it later.

    • Endpoint: The endpoint of the LLM used by the application

    • Inference API path: The API path for model inference calls. For example: /openai/deployments/gpt3.5

    • Prompt template: This is the JSON request payload that will be sent to the model's inference API in order to test it. This must include a {{prompt}} placeholder where the AI Defense-generated test prompts will be inserted.

    • Response: a JSON path that specifies where in the HTTP response. See “Format the response path” below.

    • HTTP headers: Headers for the inference API connection. Specify the authorization values here.

  4. Click Submit. The test runs immediately.

Configure and run a validation test of an external model endpoint

This type of test validates an external model endpoint you specify.

Prerequisite

Have your model API credentials ready for including in the HTTP headers used to connect to the model

Procedure

Follow the steps below to configure and run a validation test for an external model.

  1. Click the Run validation button in the Validation page.

  2. In Asset type, choose External.

  3. Specify the test parameters and the model to be tested:

    • Test name: Give this test a memorable name to better find it later.

    • Target: The fully qualified URL of the external model endpoint

    • API provider: Optional. Pick the API provider, such as OpenAI, to populate the request and response templates.

    • Request body template: This is the JSON request payload that will be sent to the model's inference API in order to test it. This must include a {{prompt}} placeholder where the AI Defense-generated test prompts will be inserted.

    • Path to model response: a JSON path that specifies where in the HTTP response. See “Format the response path” below.

    • HTTP headers: Headers for the inference API connection. Specify the authorization values here.

  4. Click Submit. The test runs immediately.

Format the response path

In the Response field, provide a JSON path that specifies where in the HTTP response JSON payload AI Defense can find the LLM's response string in order to validate whether the attack was successful. The path must point to a string value in the JSON payload.


 

Each model provider uses its own response format. Check your model provider's API documentation for the correct format before you set the response path.

 

  • Whitespace and other special characters can be encoded as unicode (\u0020).

  • Periods in JSON fields can be escaped with a backslash.

  • Array elements can be specified with the element's index in square brackets, for example by including [0] when you want to retrieve the first element.

Response path examples

Response in a top-level field

To retrieve a response from a top-level field that’s labeled Path to model response to be the name of the label. For example, if the endpoint returns a response like the one shown below, then you would set your Path to model response to llmresponse. This works for a response format like:

I am an AI Chatbot, how can I assist you?

Response in a nested field

To retrieve a response from a nested JSON field, use dot notation to specify the levels of nesting. For example, if the endpoint returns a nested response like the one shown below, then you would set your Path to model response to response.llmResponse. This works for a response format like:I am an AI Chatbot, how can I assist you?

Response in an array

To extract a response string from an array, specify the element's index in square brackets. For example, if the endpoint returns a nested response like the one shown below, you would set your Path to model response to content.[0].text. This works for a response format like:

{
    "content": [
        {
            "text": "Bonjour, je suis Claude!",
            "type": "text"
        }
    ],
    "id": "msg459674598",
    "model": "claude-3-5-sonnet-2024-08-20",
    "role": "assistant"
}

Handling periods in field names

To handle periods in field names, use a backslash. For example, if the endpoint returns a nested response like the one shown below, then you would set your Path to model response to llm\.response. This works for a response format like:

{"llm.response": "hello"}


 

The syntax applies to dot notation only, such as myfield.myotherfield or myarray.1
Previous topic Configure Validation Next topic View Validation Results