What should an AI red teaming coverage matrix include when evaluating vendors?

A coverage matrix tells you whether a vendor's red teaming goes wide enough to matter. A long list of test categories sounds impressive, but what you really want to know is: does it map to the attack paths real adversaries actually use?

Here's what a solid matrix should cover:

• Prompt injection and indirect prompt injection

• Data exfiltration attempts

• Tool abuse and tool escalation

• MCP server misuse

• Jailbreak attacks

• System prompt extraction

• Role manipulation

• Sensitive information disclosure

• Agent memory poisoning

• Multi-step agent attack chains

• Compliance and policy violations

• Toxic and harmful content generation

• Supply chain attacks via tools and plugins

The number of tests isn't the point. Coverage across real-world attack paths is.

When evaluating vendors, ask for their documented coverage matrix, evidence from actual attack simulations, and examples of vulnerabilities discovered in production environments - not just a slide deck.

Akto maintains an automated probe library that continuously tests AI agents, MCP tools, and connected resources against evolving attack techniques. That "continuously" part matters because the threat landscape doesn't sit still between quarterly assessments.