Skip to content
  • There are no suggestions because the search field is empty.

Release notes: July 24, 2025 (v8.25.4.1)

New in this release: agentic attack packs, Math Prompt attack vector, report connection error messaging, scanner outcome analysis, EU AI Act scanners

This is a Saas-only release

Inference Red-Team

Uncover more vulnerabilities with agentic attack packs

At CalypsoAI, we’re not only securing AI agents, we’re creating our own agents for security. Our July Signature attack pack was created and deployed end-to-end by AI agents, a first in the industry. Work that was previously done by our threat intel and research team is now being handled completely by AI: researching and developing new attack vectors, generating and testing adversarial prompts, and finally, packaging the attacks and deploying them to code.

Best of all, we’re getting better quality: the July attack pack is significantly more effective at uncovering vulnerabilities in AI systems and models.

The July attack pack also contains a new attack vector: Math Prompt. Math Prompt is a jailbreaking technique that bypasses AI safety filters by disguising harmful requests inside math problems using set theory, algebra, and logic notation. The model treats these as educational math exercises and can reveal harmful information when providing real-world examples.

Recover faster from report errors

We made several improvements in how we are handling and messaging Red-Team report errors to help users troubleshoot and remediate connection issues quickly.

  • The system now checks for an active provider connection before beginning the attack run. If the connection is not healthy, the user has the choice to continue without it (if there are more connections in the attack run) or fix the issue and then continue.

  • If a rate limit is hit during an attack run, an error message appears on the relevant connection to let the user know where to address this.

  • If an error occurs due to a connection having an expired API key, the system lets the user know which connection was affected.

  • Unknown errors are also surfaced in the Report detail and View raw data.

New error message

Code

What happened 

Steps to correct

Provider authentication failed. Ensure the API key or credentials are correct

401

You do not have the correct permissions with the provider to complete the request.

Check the API key for the connection and credentials tied to it. Make sure they’re correct and not expired.

Request not found by provider

404

The url or parameters in the body couldn’t be found.

Check the url and the model used with the providers docs. Make sure nothing has moved.

Check account permissions

403

You have authenticated with the provider, but the account doesn’t have permissions to complete the action.

Either update the permission for the account tied to the api key in the provider, or change to an api key for a user that has permissions.

Request invalid

400 or 422

Malformed request content. Provider doesn't accept request content.

Provider template is likely out of sync with what is expected by the provider, either due to misconfiguration or the provider updating their API. Update the provider template.

Request hit provider rate-limit

429

The provider will not accept that many request in a certain time span.

Check the usage allowed for the account tied to the API key used by the connection. Try again later, upgrade the account or use a different account’s api key.

Request rejected by provider

Other 4xx

Something is wrong with the request.

Check raw results for more details from the provider.

Provider encountered unexpected internal error

500

Something went wrong on the providers side.

Check providers system status for possibly announced down time for upgrading or maintenance or unexpected down time.
Possible bug on providers end triggered by the request, check for known issues with the provider.
Resolution must be on providers end.

Provider currently unavailable

503

Provider isn't available.

Check providers system status for possibly announced down time for upgrading or maintenance or unexpected down time.
Resolution must be on providers end.

Provider gateway issues

502 or 504

Bad gateway or gateway timeout.

Check providers system status for possibly announced down time for upgrading or maintenance or unexpected down time.
Resolution must be on providers end.

Provider server error

Other 5xx

Provider not available.

Check providers system status for possibly announced down time for upgrading or maintenance or unexpected down time.
Resolution must be on providers end.

Unknown error with provider

Other codes

Unknown.

Check raw results for more information

Inference Defend

We made major updates to Defend that help users create, manage, and understand the outcome of scanners.

Test and version custom scanners

This release introduces robust versioning for custom scanners, giving enterprises more flexibility and control while testing and deploying scanners in their environment. Admin users with scanner management privileges can:

  • Create unlimited versions of the same scanner.

  • Give any version a custom name or let the system automatically increment the version.

  • Select versions to publish and roll back to previously published versions.

  • Test multiple versions of the same scanner at once and compare results.

  • Create and test new versions of scanners without disrupting projects in production.

  • Enforce versions at the project level, or allow projects to run different versions of the same scanner.

  • Filter the version history by published and unpublished versions.

  • See all the projects that have access to that scanner while editing or updating.

  • Understanding which version of a scanner was running in the prompt history.

scanner-versioning-1

scanner-versioning-2

To access scanner versioning, go to Scanners and select Edit scanner from the three dots menu. To create a new version, edit the current version and click Save, then give the version a name (or use the default name) and optionally provide a summary of what changed. To publish a version, click the Publish button that appears on hover in the Version history panel.

The introduction of versioning has changed some of the workflows you may be accustomed to. Notably:

  • Previously, scanners stayed in the Playground and were not visible on the Scanners page until they were published. Now, you publish versions, not scanners. Therefore, all scanners appear on the Scanners page and can be updated from there.

  • Previously, to update a scanner you had to unpublish it, which removed it from any projects. Now you can create a new version without unpublishing or breaking the connection to projects.

  • A brand new scanner may not have a published version yet. But once a version has been published, it cannot be unpublished.

  • In the Playground the list of scanners has moved to a collapsible side panel. From this panel you can select scanner versions to test and click the edit icon to create a new version.

  • On the Scanners page (and in Projects scanner table), the “Active” toggle now says “Enable.”

  • In the API, scanner changes are no longer automatically pushed to projects. They can be by providing an extra push parameter in the API. Details are in the version body field under PATCH /scanners/:id in the OpenAPI spec.

Analyze the scanner outcome

We are introducing a new tool that allows users to see exactly which part of the prompt or response triggered a scanner to block or flag: Outcome analysis.

Outcome analysis:

  • Helps security teams quickly triage alerts and make a true or false positive determination.

  • Allows AI project teams to better test and optimize scanner definitions.

  • During an incident, provides security analysts additional context to scope the breadth and severity of the breach.

outcome-analysis

To access the tool, go to Logs > Prompt history and select a prompt from the table. Select the Prompt and response tab in the panel, then click the Outcome analysis button. Once the tools runs, you can toggle on and off each scanner tile to highlight the blocked or flagged content that triggered that particular scanner. 

NOTE: Outcome analysis is not backward compatible and does not work for prompt history logged before this release.

Detect and block EU AI Act prohibited behavior

We released a new out-of-the-box scanner package that automatically detects and blocks prohibited AI behavior as defined by the EU AI Act (as of July 2025). These scanners provide an additional line of defense for organizations subject to the EU AI Act, helping prevent unacceptable behaviors that are subject to the heaviest fines.

The package contains 4 scanners:

  • Harmful manipulation: Flags and blocks attempts designed to exploit user behaviour or cognition through subliminal messaging or manipulative profiling (Maps to Article 5.1, paragraphs a & b)

  • Social scoring and profiling: Prevents systemic profiling that ranks individuals based on personal traits, behaviour or social background. (Maps to Article 5.1, paragraphs c & d)

  • Biometric data harvesting: Detects attempts to collect, store or reuse biometric data to create or expand databases. (Maps to Article 5.1, paragraph e)

  • Personal surveillance: Detects attempts to infer emotional or psychological states or tracks individuals using biometric or behavioural data. (Maps to Article 5.1, paragraphs f, g, and h)

CalypsoAI’s EU AI Act scanners were tested using a custom dataset of over 2,600 positive and negative examples, and fine-tuned to meet our industry-leading standards for high accuracy and low latency. For organizations seeking to comply with the EU AI Act we recommend using them as part of an overall compliance strategy that includes governance, testing, record-keeping and monitoring.

Bug fixes

  • In Raw data view filters, selecting False in a filter that had that value did not populate the dropdown. Also, users could only select False via the checkbox, not by selecting the text. Resolution: Fixed.

  • The Raw data view had two horizontal scrollbars. Resolution: Fixed.

  • The latest attacks were not auto selected when clicking Create campaign. Resolution: Fixed.

  • On initial page load, the description was missing from the All Attacks campaign. Resolution: Fixed.

  • When users tried to leave a campaign they were creating by clicking on a different navigation menu item, they didn’t leave the Campaigns page. Resolution: Fixed.

  • The Add application form changed width, requiring a horizontal scroll bar, after an error occurred in the Provider field. Resolution: One horizontal scrollbar, as expected.

  • When renaming a scheduled report before it started to run, the name was not saved. Resolution: Fixed.

  • Clicking twice on the API tokens navigation menu item emptied the view. Resolution: Fixed.

  • The Run now button in the Attack run panel remained disabled even when a campaign and connection were selected. Resolution: Make clear that a name is required for an attack run.

  • The connections selector in the Attack run panel changed width depending on what was selected. Resolution: Fixed.

  • The sort order was not preserved when taking an action on the Reports table. Resolution: Fixed.

  • Custom intent fields were showing as expanded instead of collapsed when switching tabs in the Create campaign panel. Resolution: Fixed.

  • Reports table rows didn’t appear clickable. Resolution: Cursor changes to pointer when hovering on a row.

  • The Unicode confusable converter in the Create campaign panel was missing the word “converter”. Resolution: Fixed.

  • When the Reports detail panel was open, users couldn’t see which report row had been selected. Resolution: Fixed.

Known issues

  • Clicking Next row at the end of the list in the logs will request the next page but will immediately show the first from the list of the current page until the next page loads

  • After creating a new version and then clicking Test the Discard changes pops up even though I had saved my changes.

  • In the Reports filter, one of the statuses is displaying as code.