As artificial intelligence becomes embedded into everything from productivity tools to security platforms, the question isn’t if these systems will be abused. It’s how. In the latest episode of Ahead of the Breach, host Casey Cammilleri sits down with Tori Westerhoff from Microsoft’s AI Red Team to explore what offensive security looks like when the target isn’t a network or an application, but a large language model.

What Is AI Red Teaming?

Traditional red teaming focuses on identifying weaknesses in infrastructure, applications, and people. AI red teaming introduces an entirely new attack surface. Instead of scanning ports or chaining exploits, red teams are probing models for misuse, manipulation, and unintended behavior.

Tori explains how Microsoft approaches AI red teaming by thinking like real-world adversaries, examining how models could be abused, coerced, or tricked into producing harmful outcomes. This includes everything from prompt manipulation and jailbreak techniques to system-level weaknesses that emerge when models are integrated into production environments.

From Hypothetical Risks to Real-World Abuse

One of the key themes of the episode is the shift away from abstract AI risk toward tangible, real-world abuse cases. AI red teams aren’t just asking what could go wrong. They’re actively validating how attackers would actually do it.

Tori shares insight into how her team identifies realistic threat scenarios, prioritizes risks, and works closely with engineers to ensure findings translate into safer systems. The conversation highlights why offensive security thinking is essential as organizations race to deploy generative AI at scale.

Collaboration Is the Real Force Multiplier

Unlike traditional red teams that may operate independently, AI red teaming is deeply collaborative. Findings often require changes not just to the model, but to surrounding guardrails, workflows, and product design.

Throughout the episode, Tori emphasizes the importance of cross-functional collaboration between security teams, researchers, and developers. Building secure AI isn’t about slowing innovation, it’s about making sure new capabilities don’t introduce silent, systemic risk.

Why This Matters for Security Teams

You don’t need to work on AI models to feel the impact of this shift. As AI becomes part of enterprise tooling, security teams will increasingly be responsible for understanding how these systems fail and how attackers may exploit them.

This episode offers valuable perspective for:

  • Offensive security professionals exploring AI testing
  • Blue teams responsible for defending AI-enabled systems
  • Leaders trying to balance rapid AI adoption with risk management

Listen to the Episode

If you’re curious how one of the world’s largest technology companies stress-tests AI systems before attackers get the chance, this episode provides a rare inside look.