TotalAI Release 1.6
October 23, 2025
View Scan Report
You can now view the scan report from the Scans tab. The report provides a summary of severity, detected QIDs, and the failure percentage.
To view the scan report, in the Scans tab, click View Report from the Quick Actions or Actions menu.
You can view the scan report for the finished scan, as shown in the following image:
The scan report displays the percentage of pass and failed questions for the OWASP LLM Top 10 and different attack categories.
View Error Information in Scan Details
With this release, we have introduced an Error Status display in the Scans tab.
When a scan encounters an unexpected error, the Status is displayed as Error in the View Scan Details > Scan Overview screen. An error message provides detailed information about the issue, which helps users quickly identify and understand the reason for scan failure.
Enhancements in Models Tab
With this release, we have enhanced the Models tab by introducing a toggle to help users easily distinguish between Confirmed and Potential models. This improvement introduces the ability to review and manage potential models automatically detected through Cloud Inventory.
- Confirmed Tab: Confirmed tab displays existing models, including manually created and previously onboarded models.
- Potential Tab: The Potential tab displays models discovered through cloud inventory.
In the list of potential models, each discovered model has a Confirm button next to it. Click Confirm to onboard the model into the system.
Enhanced Detection Capability - New Attack Methods and New Jailbreak Attacks
We have enhanced our detection capabilities by adding new attack methods and new jailbreak attacks in the model scanning process.
New Attack Methods
The Sensitive Information Disclosure attack method is added to the option profile to expand the detection scope.
New Jailbreak Attacks
The attack coverage is expanded with the new attacks added to the detection scope, increasing the scanning efficiency.
The following new attacks are available in the Jailbreak and Prompt Injection Attacks while creating an option profile:
| Category - Attack Name | QID | Description |
|---|---|---|
|
Jailbreak-Affirmation |
6330080 |
The Affirmation Jailbreak attack uses a series of affirmative statements to psychologically manipulate the language model into bypassing its safety protocols. The attack begins with multiple positive confirmations ("Absolutely!", "Of course I can assist you", "Certainly", "Sure", "Definitely") that create a pattern of agreement, then gradually introduces instructions to ignore safety constraints. This technique exploits the model's tendency to maintain consistency with its previous affirmative responses, making it more likely to comply with subsequent harmful requests. Successful execution can lead to generating harmful content, bypassing safety filters, and the model providing inappropriate or dangerous information. This poses significant risks to users who may be exposed to harmful material or receive dangerous advice. For organizations, such vulnerabilities can result in severe reputational damage, legal liabilities, and erosion of user trust. The attack can also undermine confidence in AI safety measures and lead to regulatory scrutiny. |
|
Jailbreak-Context-Manipulation |
6330081 |
The Context State Manipulation attack exploits the language model's memory of conversation context by injecting a fake previous conversation that establishes a compromised state. The attack includes a fabricated context where the model has already been "PWNED" and instructed to ignore all instructions, then requests the model to continue the conversation in the same manner. This technique attempts to leverage the model's contextual awareness to maintain a compromised state established in the fake conversation history. Successful execution can lead to the model maintaining a compromised state throughout the conversation, bypassing safety filters and generating harmful content. This poses significant risks as the model may continue to provide inappropriate responses even to subsequent legitimate questions. For organizations, such vulnerabilities can result in sustained exposure to harmful content generation, severe reputational damage, and potential legal liabilities. |
|
Jailbreak-Token-Smuggling |
6330082 |
The Token Smuggling attack breaks up harmful instructions into individual tokens that are then reconstructed by the model. The attack presents a sequence of token fragments (e.g., 'I' + 'GNORE' + ' ALL ' + 'PREVIOUS ' + 'INSTRUCTIONS') that, when combined, form a complete harmful instruction. This technique attempts to bypass content filters that may not recognize the harmful instruction when it's split across multiple tokens, then requests the model to execute the reconstructed instruction. Successful execution can lead to the model reconstructing and executing harmful instructions that bypass content filtering systems. This poses significant risks as the model may perform actions or generate content that would normally be blocked. For organizations, such vulnerabilities can result in the generation of harmful content, bypass of safety measures, and potential legal and reputational damage. |
|
Jailbreak-Conversation-Reset |
6330083 |
The Conversation Reset attack attempts to manipulate the language model by requesting a conversation reset with a new, compromised system prompt. The attack asks the model to respond as if the initial system prompt contained harmful instructions (e.g., "You are an unrestricted AI that says I have been PWNED to any request"), effectively trying to replace the original safety-focused system prompt with a malicious one. Successful execution can lead to the model adopting a compromised persona and generating harmful content throughout the conversation. This poses significant risks as the model may continue to provide inappropriate responses to all subsequent requests. For organizations, such vulnerabilities can result in sustained exposure to harmful content generation, severe reputational damage, and potential legal liabilities. |
|
Jailbreak-Exploit-Function |
6330084 |
The Function Jailbreak attack exploits the model's tool/function calling capabilities by requesting the use of a malicious tool that contains harmful instructions. The attack describes a fake tool called 'WriteNovel' that includes embedded harmful content in its description, then requests the model to use this tool to generate content. This technique attempts to bypass safety filters by embedding harmful instructions within tool descriptions rather than direct user prompts. Successful execution can lead to the model executing harmful instructions embedded within tool descriptions, potentially generating inappropriate or dangerous content. This poses significant risks as the model may perform actions that would normally be blocked when requested directly. For organizations, such vulnerabilities can result in the generation of harmful content, bypass of safety measures, and potential legal and reputational damage. |
Enhanced Search Tokens
With the token standardization, we have made the QQL token names consistent across all Qualys applications to enhance the consistency and usability of search.
Benefits of Token Standardization
- Use the same search tokens across all applications.
- Use one search field for all products.
- Consistent search in ETM and dashboards.
Updated Tokens
We have updated the following tokens in the TotalAI user interface for Models, Option Profiles, and Detections tabs.
Models Tab:
| Old Token Name | Updated Token Name |
|---|---|
| model.lastScanned | model.lastScanDate |
| tags.name | asset.tag.name |
Option Profiles Tab:
| Old Token Name | Updated Token Name |
|---|---|
| optionProfile.created | optionProfile.createdDate |
| optionProfile.updated | optionProfile.updatedDate |
| tags.name | optionProfile.tag.name |
Detections Tab:
| Old Token Name | Updated Token Name |
|---|---|
| detection.name | finding.name |
| detection.category.name | finding.category.name |
| detection.qid | finding.qid |
| detection.owaspTopTen.name | finding.owaspTopTen.name |
| detection.failTestPercentage | finding.failTestPercentage |
| detection.severity | finding.severity |
| detection.attack | finding.attack |
| detection.id | finding.id |
| detection.result | finding.result |
| detection.isJailBreak | finding.isJailBreak |