TotalAI Release 1.5 API

August 8, 2025

Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.

Detection API

With this release, we are introducing the following detection APIs to search for detections in your account and get the detection count with different filters:

Search Detections
Detection Count

Search Detections

New or Updated API	New
API Endpoint	/ta/api/1.0/detection/search
Method	POST
DTD or XSD changes	Not Applicable

We have introduced the search detection API to search the detection for your subscription. You can apply filters to search the detection on specific models and detection criteria, such as, attack type, severity, category, and so on.

Use this API to search the detections (or only the one matching the provided QQL).

Input ParametersInput Parameters

You can use the following input parameters for the search detections API.

Parameter	Data Type	Optional/ Mandatory	Description
filter	String	Optional	Use this parameter to filter the detections based on the queries on models or detections. For the list of filters for models, refer to Search for Models. For the list of filters on detection, refer to Search for Detections.
fields	String	Optional	Use this parameter to provide a comma-separated list of fields to include in the response for each detection.
scrollInfo	String	Optional	Use this parameter to scroll info value saved from previous search, to retrieve next page.
orderBy	String	Optional	Use this parameter to select the field by which to sort the records. You can order the results by id, qid, firstDetected or severity.
sortOrder	String	Optional	Use this parameter to sort the results in ascending (ASC) or descending (DESC) order. Valid values: For ascending order: ASC For descending order: DESC
size	Integer	Optional	Use this parameter to define the number of records to be displayed. Default value: 25

Sample: Search Detection with the specified filtersSample: Search Detection with the specified filters

API Request

  curl -X 'POST' \
  '<qualys_base_url>//ta/api/1.0/detection/search' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "filter": {
    "modelQql": "model.lastScanStatus:FINISHED and model.runtime:AWS Bedrock or model.runtime:Hugging Face",
    "detectionQql": "detection.failTestPercentage>50 and detection.severity>=3"
  },
  "fields": "id, qid, name, attack, severity, firstDetected, lastDetected, lastTested, lastUpdated, result, totalQuestions, passedQuestions, failedQuestions, erroredQuestions, isJailBreak, failTestPercentage, description, consequence, solution, owaspTopTen, categories, model",
  "orderBy": "firstDetected",
  "sortOrder": "DESC",
  "size": "100"
}

API Response

{
  "totalElements": 60,
  "content": [
    {
      "id": 12345,
      "qid": 1234567,
      "name": "Always Jailbreaking Prompts Attack",
      "attack": "Jailbreak-Ajp",
      "severity": 5,
      "firstDetected": 1747391220000,
      "lastDetected": 1747395733000,
      "lastTested": 1747395733000,
      "lastUpdated": 1747395733000,
      "result": "FAIL",
      "totalQuestions": 49,
      "passedQuestions": 3,
      "failedQuestions": 46,
      "erroredQuestions": 0,
      "isJailBreak": true,
      "failTestPercentage": 94,
      "description": "The Jailbreak-AJPAttack poses a significant threat by exploiting the ability of AI to generate and execute harmful and unethical prompts through a manipulative persona called AJP, or Always Jailbreaking Prompts. ",
      "consequence": "The impact of the AJPAttack is considerable, as it could lead to the proliferation of illegal activities and unethical behaviors. By forcing the AI to act as an expert in crafting prompts for any situation, regardless of moral or legal boundaries, the AJP persona could enable users to engage in harmful actions such as fraud, hacking, or other malicious activities. This could result in serious societal harm, as individuals or groups could leverage AI-generated instructions to bypass security measures, spread disinformation, or engage in criminal enterprises. Moreover, the attack could severely undermine the trust users have in AI systems, causing reputational damage to platforms that fail to prevent such exploits.",
      "solution": "Mitigating the AJPAttack requires robust and dynamic countermeasures within AI systems. Strengthening AI safety protocols through continuous monitoring and refinement of ethical filters is critical. Implementing advanced adversarial training that can detect and neutralize manipulative personas like AJP is essential for closing off vulnerabilities. Additionally, AI developers should enhance prompt filtering systems to identify and block instructions that push the AI to act as different characters designed to bypass restrictions. Continuous updates and collaboration between AI safety experts, security teams, and regulatory bodies will be necessary to prevent evolving attacks like AJP and maintain the ethical and secure operation of AI platforms.",
      "owaspTopTen": [
        {
          "id": 20001,
          "name": "LLM01: Prompt Injection",
          "year": 2024,
          "url": "https://genai.owasp.org/llmrisk/llm01-prompt-injection/"
        },
        {
          "id": 20003,
          "name": "LLM03: Training Data Poisoning",
          "year": 2024,
          "url": "https://genai.owasp.org/llmrisk/llm03-training-data-poisoning/"
        }
      ],
      "categories": [
        {
          "id": 30018,
          "name": "Jailbreak",
          "year": 20
        }
      ],
      "model": {
        "id": 68372070,
        "name": "Automation-External-Hugging Face - 2025-05-16 14:09:43.628"
      }
    }

Get Detection Count

New or Updated API	New
API Endpoint	/ta/api/1.0/detection/count
Method	POST
DTD or XSD changes	Not Applicable

We have introduced the detection count API to get the detection count for your subscription. You can apply filters to get the detection count on specific models and detection criteria, such as, attack type, severity, category, and so on.

Use this API to count all the detections (or only the one matching the provided QQL).

Input ParametersInput Parameters

You can use the following input parameters for the detection count API.

Parameter	Data Type	Optional/ Mandatory	Description
filter	String	Optional	Use this parameter to filter the detections based on the queries on models or detections. For the list of filters for models, refer to Search for Models. For the list of filters on detection, refer to Search for Detections.

Sample: Get Detection Count for the specified asset and attack typeSample: Get Detection Count for the specified asset and attack type

API Request

  curl -X 'POST' \
  '<qualys_base_url>/ta/api/1.0/detection/count' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "filter": {
    "modelQql": "asset.name: Test Hugging Face",
    "detectionQql": "detection.attack: Jailbreak-Abj"
  }
}'

API Response

  {
    "count": 155
  }