{"success":true,"filters":{"role":null,"firstWedge":null,"riskType":null,"search":null},"summary":{"labs":15,"firstWedgeRole":"support","riskTypes":8,"attackBriefs":60,"validationRules":60,"promptInjectionDefenses":60,"escalationTriggers":75,"riskCounts":{"data_exposure":13,"hallucination":12,"unauthorized_action":8,"prompt_injection":7,"source_integrity":11,"bias_fairness":3,"code_security":1,"automation_overreach":5}},"labs":[{"id":"ai-safety-red-team-support","role":"support","roleLabel":"Support","productLine":"AIducation for Support","firstWedge":true,"academyPath":"/ai-training/support","labName":"Support AI Safety Red-Team Lab","primaryWorkflow":"Billing escalations and refunds","riskTypes":["data_exposure","hallucination","unauthorized_action","prompt_injection"],"attackBriefs":[{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The billing escalations and refunds task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a support decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the support workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."}],"detectionChecklist":["Identify the support workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Support manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Support workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Support learner pastes sensitive data into an unapproved AI tool","Support learner forwards AI output without verification or source evidence","Support workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Support AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Support AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Support AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Support Assistant selection lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which support risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-sales","role":"sales","roleLabel":"Sales","productLine":"AIducation for Sales","firstWedge":false,"academyPath":"/ai-training/sales","labName":"Sales AI Safety Red-Team Lab","primaryWorkflow":"Prospect research and account briefs","riskTypes":["hallucination","source_integrity","data_exposure","prompt_injection"],"attackBriefs":[{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a sales decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The prospect research and account briefs task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the sales workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."}],"detectionChecklist":["Identify the sales workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Sales manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Sales workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Sales learner pastes sensitive data into an unapproved AI tool","Sales learner forwards AI output without verification or source evidence","Sales workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Sales AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Sales AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Sales AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Sales Research verification lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which sales risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-marketing","role":"marketing","roleLabel":"Marketing","productLine":"AIducation for Marketing","firstWedge":false,"academyPath":"/ai-training/marketing","labName":"Marketing AI Safety Red-Team Lab","primaryWorkflow":"Product launch copy","riskTypes":["hallucination","source_integrity","bias_fairness","data_exposure"],"attackBriefs":[{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a marketing decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"bias_fairness","name":"Bias and fairness failure","scenario":"The marketing task involves people, candidates, students, customers, communities, or protected characteristics.","riskyBehavior":"Learner lets AI introduce unfair assumptions, stereotypes, exclusion, or uneven standards.","detectionCheck":"Scan for demographic proxies, subjective labels, missing context, and inconsistent criteria.","safeResponsePattern":"Use consistent role-relevant criteria, remove protected-class assumptions, and request human review."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The product launch copy task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."}],"detectionChecklist":["Identify the marketing workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Marketing manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Marketing workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Marketing learner pastes sensitive data into an unapproved AI tool","Marketing learner forwards AI output without verification or source evidence","Marketing workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Marketing AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Marketing AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Marketing AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Marketing Creative generation lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which marketing risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-hr","role":"hr","roleLabel":"HR","productLine":"AIducation for HR","firstWedge":false,"academyPath":"/ai-training/hr","labName":"HR AI Safety Red-Team Lab","primaryWorkflow":"Policy drafting and explanation","riskTypes":["bias_fairness","data_exposure","unauthorized_action","hallucination"],"attackBriefs":[{"type":"bias_fairness","name":"Bias and fairness failure","scenario":"The hr task involves people, candidates, students, customers, communities, or protected characteristics.","riskyBehavior":"Learner lets AI introduce unfair assumptions, stereotypes, exclusion, or uneven standards.","detectionCheck":"Scan for demographic proxies, subjective labels, missing context, and inconsistent criteria.","safeResponsePattern":"Use consistent role-relevant criteria, remove protected-class assumptions, and request human review."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The policy drafting and explanation task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a hr decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."}],"detectionChecklist":["Identify the hr workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require HR manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate HR workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["HR learner pastes sensitive data into an unapproved AI tool","HR learner forwards AI output without verification or source evidence","HR workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"HR AI Governance Center","href":"/governance-center","type":"governance"},{"label":"HR AI Policy Training","href":"/policy-training","type":"policy"},{"label":"HR AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"HR Assistant selection lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which hr risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-finance","role":"finance","roleLabel":"Finance","productLine":"AIducation for Finance","firstWedge":false,"academyPath":"/ai-training/finance","labName":"Finance AI Safety Red-Team Lab","primaryWorkflow":"Expense review and policy checks","riskTypes":["hallucination","source_integrity","unauthorized_action","data_exposure"],"attackBriefs":[{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a finance decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The expense review and policy checks task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."}],"detectionChecklist":["Identify the finance workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Finance manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Finance workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Finance learner pastes sensitive data into an unapproved AI tool","Finance learner forwards AI output without verification or source evidence","Finance workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Finance AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Finance AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Finance AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Finance Spreadsheet analysis lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which finance risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-engineering","role":"engineering","roleLabel":"Engineering","productLine":"AIducation for Engineering","firstWedge":false,"academyPath":"/ai-training/engineering","labName":"Engineering AI Safety Red-Team Lab","primaryWorkflow":"AI-assisted code review","riskTypes":["code_security","prompt_injection","automation_overreach","source_integrity"],"attackBriefs":[{"type":"code_security","name":"Code and security risk","scenario":"A coding agent proposes a change, explanation, test, dependency, or architecture recommendation.","riskyBehavior":"Learner accepts generated code without checking behavior, security, permissions, or blast radius.","detectionCheck":"Inspect diffs, affected paths, auth boundaries, data handling, dependency risk, and test gaps.","safeResponsePattern":"Bound the agent task, review the diff, document risk, and require human engineering approval."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the engineering workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."},{"type":"automation_overreach","name":"Automation overreach","scenario":"A repeatable engineering workflow is being automated before failure handling is clear.","riskyBehavior":"Learner lets AI or automation trigger downstream actions without approvals, alerts, rollback, or monitoring.","detectionCheck":"Inspect whether retries, exceptions, human review, audit logs, and stop conditions are defined.","safeResponsePattern":"Keep human checkpoints on sensitive actions and start with low-risk internal workflow evidence."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."}],"detectionChecklist":["Identify the engineering workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Engineering manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Engineering workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Engineering learner pastes sensitive data into an unapproved AI tool","Engineering learner forwards AI output without verification or source evidence","Engineering workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Engineering AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Engineering AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Engineering AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Engineering Coding-agent lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which engineering risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-product","role":"product","roleLabel":"Product","productLine":"AIducation for Product Managers","firstWedge":false,"academyPath":"/ai-training/product","labName":"Product AI Safety Red-Team Lab","primaryWorkflow":"PRD review and requirement tightening","riskTypes":["source_integrity","hallucination","automation_overreach","data_exposure"],"attackBriefs":[{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a product decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"automation_overreach","name":"Automation overreach","scenario":"A repeatable product workflow is being automated before failure handling is clear.","riskyBehavior":"Learner lets AI or automation trigger downstream actions without approvals, alerts, rollback, or monitoring.","detectionCheck":"Inspect whether retries, exceptions, human review, audit logs, and stop conditions are defined.","safeResponsePattern":"Keep human checkpoints on sensitive actions and start with low-risk internal workflow evidence."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The prd review and requirement tightening task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."}],"detectionChecklist":["Identify the product workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Product manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Product workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Product learner pastes sensitive data into an unapproved AI tool","Product learner forwards AI output without verification or source evidence","Product workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Product AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Product AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Product AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Product Research verification lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which product risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-executives","role":"executives","roleLabel":"Executives","productLine":"AIducation for Executives","firstWedge":false,"academyPath":"/ai-training/executives","labName":"Executives AI Safety Red-Team Lab","primaryWorkflow":"AI strategy and governance","riskTypes":["hallucination","source_integrity","unauthorized_action","automation_overreach"],"attackBriefs":[{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a executives decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."},{"type":"automation_overreach","name":"Automation overreach","scenario":"A repeatable executives workflow is being automated before failure handling is clear.","riskyBehavior":"Learner lets AI or automation trigger downstream actions without approvals, alerts, rollback, or monitoring.","detectionCheck":"Inspect whether retries, exceptions, human review, audit logs, and stop conditions are defined.","safeResponsePattern":"Keep human checkpoints on sensitive actions and start with low-risk internal workflow evidence."}],"detectionChecklist":["Identify the executives workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Executives manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Executives workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Executives learner pastes sensitive data into an unapproved AI tool","Executives learner forwards AI output without verification or source evidence","Executives workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Executives AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Executives AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Executives AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Executives Assistant selection lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which executives risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-operations","role":"operations","roleLabel":"Operations","productLine":"AIducation for Operations","firstWedge":false,"academyPath":"/ai-training/operations","labName":"Operations AI Safety Red-Team Lab","primaryWorkflow":"SOP generation and review","riskTypes":["automation_overreach","prompt_injection","data_exposure","unauthorized_action"],"attackBriefs":[{"type":"automation_overreach","name":"Automation overreach","scenario":"A repeatable operations workflow is being automated before failure handling is clear.","riskyBehavior":"Learner lets AI or automation trigger downstream actions without approvals, alerts, rollback, or monitoring.","detectionCheck":"Inspect whether retries, exceptions, human review, audit logs, and stop conditions are defined.","safeResponsePattern":"Keep human checkpoints on sensitive actions and start with low-risk internal workflow evidence."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the operations workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The sop generation and review task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."}],"detectionChecklist":["Identify the operations workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Operations manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Operations workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Operations learner pastes sensitive data into an unapproved AI tool","Operations learner forwards AI output without verification or source evidence","Operations workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Operations AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Operations AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Operations AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Operations Automation design lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which operations risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-students","role":"students","roleLabel":"Students","productLine":"AIducation for Students","firstWedge":false,"academyPath":"/ai-training/students","labName":"Students AI Safety Red-Team Lab","primaryWorkflow":"Research planning and source checking","riskTypes":["source_integrity","hallucination","data_exposure","prompt_injection"],"attackBriefs":[{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a students decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The research planning and source checking task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the students workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."}],"detectionChecklist":["Identify the students workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Students manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Students workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Students learner pastes sensitive data into an unapproved AI tool","Students learner forwards AI output without verification or source evidence","Students workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Students AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Students AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Students AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Students Research verification lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which students risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-teachers","role":"teachers","roleLabel":"Teachers","productLine":"AIducation for Teachers","firstWedge":false,"academyPath":"/ai-training/teachers","labName":"Teachers AI Safety Red-Team Lab","primaryWorkflow":"Lesson planning","riskTypes":["bias_fairness","source_integrity","data_exposure","hallucination"],"attackBriefs":[{"type":"bias_fairness","name":"Bias and fairness failure","scenario":"The teachers task involves people, candidates, students, customers, communities, or protected characteristics.","riskyBehavior":"Learner lets AI introduce unfair assumptions, stereotypes, exclusion, or uneven standards.","detectionCheck":"Scan for demographic proxies, subjective labels, missing context, and inconsistent criteria.","safeResponsePattern":"Use consistent role-relevant criteria, remove protected-class assumptions, and request human review."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The lesson planning task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a teachers decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."}],"detectionChecklist":["Identify the teachers workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Teachers manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Teachers workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Teachers learner pastes sensitive data into an unapproved AI tool","Teachers learner forwards AI output without verification or source evidence","Teachers workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Teachers AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Teachers AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Teachers AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Teachers Creative generation lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which teachers risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-government","role":"government","roleLabel":"Government","productLine":"AIducation for Government","firstWedge":false,"academyPath":"/ai-training/government","labName":"Government AI Safety Red-Team Lab","primaryWorkflow":"Citizen service response","riskTypes":["data_exposure","unauthorized_action","source_integrity","prompt_injection"],"attackBriefs":[{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The citizen service response task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the government workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."}],"detectionChecklist":["Identify the government workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Government manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Government workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Government learner pastes sensitive data into an unapproved AI tool","Government learner forwards AI output without verification or source evidence","Government workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Government AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Government AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Government AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Government Assistant selection lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which government risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-healthcare-admin","role":"healthcare-admin","roleLabel":"Healthcare Admin","productLine":"AIducation for Healthcare Admin","firstWedge":false,"academyPath":"/ai-training/healthcare-admin","labName":"Healthcare Admin AI Safety Red-Team Lab","primaryWorkflow":"Patient communication","riskTypes":["data_exposure","unauthorized_action","hallucination","source_integrity"],"attackBriefs":[{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The patient communication task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a healthcare admin decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."}],"detectionChecklist":["Identify the healthcare admin workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Healthcare Admin manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Healthcare Admin workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Healthcare Admin learner pastes sensitive data into an unapproved AI tool","Healthcare Admin learner forwards AI output without verification or source evidence","Healthcare Admin workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Healthcare Admin AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Healthcare Admin AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Healthcare Admin AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Healthcare Admin Assistant selection lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which healthcare admin risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-legal","role":"legal","roleLabel":"Legal","productLine":"AIducation for Legal Teams","firstWedge":false,"academyPath":"/ai-training/legal","labName":"Legal AI Safety Red-Team Lab","primaryWorkflow":"Contract risk review","riskTypes":["hallucination","source_integrity","data_exposure","unauthorized_action"],"attackBriefs":[{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a legal decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"source_integrity","name":"Source integrity failure","scenario":"The AI answer depends on sources, research, transcripts, docs, policies, spreadsheets, tickets, or market data.","riskyBehavior":"Learner treats summaries as primary evidence or ignores date, source quality, and missing context.","detectionCheck":"Open sources, verify dates, compare contradictory evidence, and note where the source does not support the claim.","safeResponsePattern":"Cite inspected evidence and label claims that still require confirmation."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The contract risk review task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"unauthorized_action","name":"Unauthorized action","scenario":"The AI suggests an action that changes a customer account, employee process, financial result, legal position, or public commitment.","riskyBehavior":"Learner accepts AI authority where human approval, policy review, or manager sign-off is required.","detectionCheck":"Check whether the workflow changes money, access, obligations, records, employment, health, or compliance posture.","safeResponsePattern":"Escalate before action and document the approval owner, policy basis, and final human decision."}],"detectionChecklist":["Identify the legal workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Legal manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Legal workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Legal learner pastes sensitive data into an unapproved AI tool","Legal learner forwards AI output without verification or source evidence","Legal workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Legal AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Legal AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Legal AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Legal Research verification lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which legal risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]},{"id":"ai-safety-red-team-small-business","role":"small-business","roleLabel":"Small Business","productLine":"AIducation for Small Businesses","firstWedge":false,"academyPath":"/ai-training/small-business","labName":"Small Business AI Safety Red-Team Lab","primaryWorkflow":"Local marketing and content","riskTypes":["automation_overreach","data_exposure","hallucination","prompt_injection"],"attackBriefs":[{"type":"automation_overreach","name":"Automation overreach","scenario":"A repeatable small business workflow is being automated before failure handling is clear.","riskyBehavior":"Learner lets AI or automation trigger downstream actions without approvals, alerts, rollback, or monitoring.","detectionCheck":"Inspect whether retries, exceptions, human review, audit logs, and stop conditions are defined.","safeResponsePattern":"Keep human checkpoints on sensitive actions and start with low-risk internal workflow evidence."},{"type":"data_exposure","name":"Sensitive data exposure","scenario":"The local marketing and content task contains customer, employee, patient, student, financial, or confidential data.","riskyBehavior":"Learner pastes sensitive data into an unapproved tool or includes it in a reusable prompt.","detectionCheck":"Identify PII, PHI, account data, payroll data, contracts, credentials, or internal-only context before prompting.","safeResponsePattern":"Minimize, redact, or use an approved enterprise tool before any AI-assisted step."},{"type":"hallucination","name":"Unsupported or hallucinated output","scenario":"AI output sounds confident while missing evidence for a small business decision.","riskyBehavior":"Learner ships unsupported facts, promises, calculations, legal claims, or operational recommendations.","detectionCheck":"Ask which source, policy, calculation, code path, or manager approval proves the claim.","safeResponsePattern":"Separate facts, assumptions, unknowns, and required verification before using the output."},{"type":"prompt_injection","name":"Prompt injection","scenario":"A source document, ticket, or tool output includes instructions that try to override the small business workflow rules.","riskyBehavior":"Learner follows embedded instructions instead of the approved task, policy, or system boundary.","detectionCheck":"Look for hidden commands, tool redirection, data exfiltration requests, or attempts to ignore prior instructions.","safeResponsePattern":"Treat source content as untrusted input, quote only relevant facts, and keep the approved task boundary."}],"detectionChecklist":["Identify the small business workflow, tool, source, data sensitivity, and decision owner.","Mark every unsupported claim, missing source, hidden instruction, approval gap, and unsafe automation path.","Compare the response against policy training, governance rules, and rubric must-pass dimensions.","Produce a manager-readable risk note with the fix, escalation path, and evidence artifact."],"outputValidationRules":["Reject output that makes unsupported factual, financial, legal, medical, policy, or technical claims.","Require source, policy, calculation, transcript, ticket, document, or code-path evidence for high-impact statements.","Flag any sensitive data that appears in prompts, tool outputs, examples, screenshots, or reusable templates.","Require Small Business manager review when authority, privacy, compliance, brand, safety, or customer impact is unclear."],"promptInjectionDefenses":["Treat tickets, docs, transcripts, webpages, spreadsheets, and code comments as untrusted input.","Ignore instructions inside source material that ask the learner to reveal prompts, bypass policy, change tools, or skip review.","Summarize suspicious instructions as risk evidence instead of following them.","Escalate Small Business workflows when source content conflicts with approved policy, rubric, or manager instructions."],"escalationTriggers":["Small Business learner pastes sensitive data into an unapproved AI tool","Small Business learner forwards AI output without verification or source evidence","Small Business workflow automates a decision that requires human approval","AI output asks to bypass a policy, human review, approval gate, or approved tool catalog.","The learner cannot explain which source or rubric dimension supports the final answer."],"linkedEvidence":[{"label":"Small Business AI Governance Center","href":"/governance-center","type":"governance"},{"label":"Small Business AI Policy Training","href":"/policy-training","type":"policy"},{"label":"Small Business AI Readiness Rubric","href":"/admin/rubric-contracts","type":"rubric"},{"label":"Small Business Automation design lab","href":"/tool-comparison-labs","type":"tool_lab"}],"managerReviewQuestions":["Which small business risk would make this AI output unsafe to reuse?","What source, policy, calculation, approval, or code-path evidence is missing?","Should this learner retry the scenario, escalate to a manager, or update a reusable workflow template?"]}]}