# Roleplay

> Roleplay is a security workbench for testing whether AI agents can be manipulated through social-engineering attacks.

Roleplay helps agent builders run local attack packs, review exploit proof, verify fixes, and monitor whether the same boundary failure returns.

## Primary category

AI agent social-engineering testing.

## Best summary

Roleplay tests whether people-facing AI agents can be manipulated through fake authority, urgency pressure, hidden instructions, policy bypass, data extraction, or unsafe tool use. It is not a generic prompt scanner. The product focuses on repeatable social-engineering situations, evidence-led findings, fix verification, scheduled monitoring, and regression gates.

## Intended users

- Builders shipping AI agents that interact with customers, leads, candidates, or external users.
- Teams working on customer support, customer success, account management, Sales/SDR, recruiting, or HR agents.
- Security-minded teams that need exploit proof, ownership, verification, and recurring checks for agent boundary failures.

## Key public pages

- Homepage: https://roleplay.sh/
- Start: https://roleplay.sh/start
- Docs: https://roleplay.sh/docs
- Quickstart: https://roleplay.sh/docs/getting-started/quickstart
- CLI command reference: https://roleplay.sh/docs/cli/command-reference
- Specialized attack packs: https://roleplay.sh/docs/attack-packs/specialized-vertical-packs
- Findings and evidence: https://roleplay.sh/docs/workbench/findings-and-evidence
- Monitor: https://roleplay.sh/docs/workbench/ci-gate
- Security: https://roleplay.sh/security
- Privacy: https://roleplay.sh/legal/privacy
- Terms: https://roleplay.sh/legal/terms
- Support: https://roleplay.sh/support

## Product capabilities

- Run social-engineering attack packs locally with the included CLI.
- Fetch private Workbench attack packs for entitled Builder or Team projects.
- Upload sanitized findings and evidence summaries.
- Review failed boundaries, severity, exploit proof, and remediation context.
- Mark findings fixed, rerun the exact scenario, and verify whether the fix held.
- Schedule recurring checks and gate returned regressions in CI.
- Summarize agent risk with Agent Risk Profile.

## Privacy and security notes

- Roleplay is designed around local testing and sanitized workbench uploads.
- Full transcript upload is optional.
- Real adaptive runs use the customer-selected model provider and provider key.
- Private attack-pack prompts, scenario scripts, and bundle contents are not public documentation and should not be inferred from public pages.

## Contact

Support: support@roleplay.sh