Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
Public API
Endpoint Reference
Arena Model Vulnerab...
Arena Model Vulnerabilities

The Arena Model Vulnerabilities endpoint returns model vulnerability findings across all models in your tenant. Each record represents one aggregated attack category result per model, combining all penetration test runs for that model into a single success ratio. This is the primary sync feed for customers tracking AI model risk in vulnerability management or governance, risk, and compliance tools.

This endpoint covers model vulnerabilities only. For technology vulnerabilities (CVE-based package findings), see Endpoint Reference: Technology Vulnerabilities.

List Arena Model Vulnerabilities

Returns a paginated list of model vulnerability findings (attack categories) detected through Arena testing.

Request:

GET /api/public/arena/attackcategories

Authorization:

Bearer token. See Authentication & Generating Credentials.


Query parameters:

Response record:

json

{
  "uniqueId": "string",
  "billOfMaterialsId": "guid",
  "billOfMaterialsName": "my-ml-service",
  "modelId": "guid",
  "modelName": "llama-3-8b-instruct",
  "modelType": "LLM | DL | TradML",
  "modelSource": "HuggingFace | Internal",
  "attackCategoryId": "guid",
  "attackCategory": "Prompt Injection",
  "attackCategoryDescription": "string | null",
  "attackAlgorithm": "string | null",
  "attackFramework": "string | null",
  "attackSuccessRatio": 0.73,
  "severityLevel": "Critical | High | Medium | Low",
  "weakness": "string | null",
  "resolvedStatus": "Resolved | Ignored | null",
  "remediationGuidance": "string | null",
  "updatedDate": "2026-04-01T00:00:00Z"
}

Field Definitions

  • uniqueId: Stable composite identifier of the form {modelId}-{attackCategoryId}. Use this as an opaque deduplication and correlation key in downstream systems. This value intentionally does not match the UniqueId column in CSV vulnerability exports, which is keyed differently. The CSV export records one row per BOM item and penetration test attack, while the Public API aggregates results per model and attack category. To correlate API records with CSV exports, match on modelId and attackCategoryId rather than uniqueId.
  • billOfMaterialsId: Identifier of the BOM associated with the model. Correlates with billOfMaterialsId on the Bills of Materials endpoint.
  • billOfMaterialsName: Display name of the BOM, included for convenience.
  • modelId: Identifier of the model in which the attack category was detected. Correlates with modelId on the Arena Models endpoint.
  • modelName: Display name of the model.
  • modelType: AI type classification of the model. LLM for large language models, DL for deep learning models, TradML for traditional machine learning models.
  • modelSource: Origin of the model. HuggingFace for models cataloged in HuggingFace Hub, Internal for organization-specific models.
  • attackCategoryId: Stable dictionary identifier for the attack category. Prefer this over attackCategory when correlating across systems, since names may be localized or renamed.
  • attackCategory: Human-readable display name of the attack category (for example, Prompt Injection).
  • attackCategoryDescription: Description of the attack category. May be null.
  • attackAlgorithm: Algorithm used in the attack, when applicable. May be null.
  • attackFramework: Framework used in the attack, when applicable. May be null.
  • attackSuccessRatio: Proportion of attack attempts that succeeded during penetration testing, expressed as a decimal between 0 and 1. A value of 0.73 indicates that 73 percent of attempts were successful.
  • severityLevel: Severity classification derived from attackSuccessRatio using the same thresholds as the Arena vulnerability landing page. One of Critical, High, Medium, Low.
  • weakness: Description of the underlying weakness, when documented. May be null.
  • resolvedStatus: Current resolution status. Resolved means the finding was marked as fixed or accepted. Ignored means it was acknowledged but intentionally not remediated. Null when the finding has not been acted on.
  • remediationGuidance: AI-generated remediation advice for the attack category. Returned as an HTML string when populated. Customers integrating this field with downstream tools (for example, ITSM ticket descriptions) must either render the HTML or strip the markup, depending on the target system. Null when remediation has not yet been generated for this finding.
  • updatedDate: Timestamp at which the record was last updated. ISO 8601 format. This is the field the sync cursor tracks. The value advances when new penetration test results arrive (a new Vulnerability Assessment is created for the model's BOM) or when an attack category is resolved or unresolved. Incremental sync surfaces both new findings and status changes.

Notes on Resolution

resolvedStatus reflects user-actioned resolution only. Attack categories that no longer appear in subsequent penetration test runs are not automatically marked as resolved. They will remain in the feed with resolvedStatus: null until a user explicitly resolves them in Cranium. Tracking test-based resolution is a planned product capability outside the scope of the current release.

Why Model & Technology Vulnerabilities are Separate Endpoints

Technology vulnerabilities are CVE-based findings from package scanning, with CVSS scores and fixed versions. Model vulnerabilities are penetration test results from Cranium Arena, with attack categories, success ratios, and dataset context. They have fundamentally different schemas and remediation workflows. A unified endpoint would require a discriminated union schema with roughly half the fields nullable on each record type. Two focused endpoints with clean schemas allow each surface to evolve independently. To retrieve a complete vulnerability picture for a tenant, poll both endpoints.


Did this answer your question?
Related Articles
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Bills of Materials
Technology Vulnerabilities
Arena Models