Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
Public API
Endpoint Reference
Arena Models
Arena Models

The Arena Models endpoint returns all AI models discovered and tested by Cranium across your tenant. Use this endpoint as a model catalog when correlating model identifiers across endpoints, and as a reference for model metadata when integrating Arena data with downstream systems.

List Arena Models

Returns a paginated list of models cataloged in the Arena.

Request:

GET /api/public/arena/models

Authorization:

Bearer token. See Authentication & Generating Credentials.


Query parameters:

Response record:

json

{
  "modelId": "guid",
  "modelName": "llama-3-8b-instruct",
  "modelFamilyId": "guid",
  "modelFamilyName": "Llama 3",
  "modelSource": "HuggingFace | Internal",
  "modelType": "LLM | DL | TradML",
  "referenceUrl": "https://huggingface.co/...",
  "modelStatus": "string",
  "severity": "Critical | High | Medium | Low | None",
  "averageAttackSuccessRatio": 0.42,
  "attackCategoriesVulnerableCount": 3,
  "weaknessCount": 5,
  "knownRisksCount": 2,
  "automatedTestCount": 10,
  "manualTestCount": 1,
  "aiSystemCount": 2,
  "penTestCompletedAt": "2026-03-15T00:00:00Z | null",
  "discoveredAt": "2026-01-05T00:00:00Z",
  "updatedAt": "2026-04-10T00:00:00Z"
}

Field Definitions

  • modelId: Unique identifier for the model. Stable across updates. Use this value to correlate with modelId on the Arena Model Vulnerabilities endpoint.
  • modelName: Human-readable name of the model as displayed in the Arena.
  • modelFamilyId: Identifier of the model family. Models that share a base architecture (for example, multiple Llama 3 variants) share a modelFamilyId.
  • modelFamilyName: Display name of the model family.
  • modelSource: Origin of the model. HuggingFace for models cataloged in HuggingFace Hub, Internal for organization-specific models.
  • modelType: AI type classification. LLM for large language models, DL for deep learning models, TradML for traditional machine learning models.
  • referenceUrl: URL to the model's reference page (for example, the HuggingFace model card).
  • modelStatus: Current status of the model. One of Untested, Queued, InTesting, Completed, Failed, NotTestable.
  • severity: Highest severity classification across the model's tested attack categories. One of Critical, High, Medium, Low, None.
  • averageAttackSuccessRatio: Average ratio of successful attacks across all tested attack categories. Expressed as a decimal between 0 and 1. A value of 0.42 indicates that 42 percent of attack attempts succeeded on average.
  • attackCategoriesVulnerableCount: Number of attack categories in which the model was found vulnerable.
  • weaknessCount: Number of identified weaknesses associated with the model.
  • knownRisksCount: Number of known risks documented for the model.
  • automatedTestCount: Number of automated penetration tests run against the model.
  • manualTestCount: Number of manual penetration tests run against the model.
  • aiSystemCount: Number of AI Systems in your tenant that include this model.
  • penTestCompletedAt: Timestamp at which the most recent penetration test completed. Null when no test has been run. ISO 8601 format.
  • discoveredAt: Timestamp at which the model was first cataloged in the Arena. ISO 8601 format.
  • updatedAt: Timestamp at which the record was last updated. ISO 8601 format. This is the field the sync cursor tracks.
Did this answer your question?
Related Articles
Arena Model Vulnerabilities
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Bills of Materials
Technology Vulnerabilities