Security
Built around local execution, scoped keys, and safe uploads.
Roleplay helps teams test whether AI agents can be manipulated into violating policy, trust boundaries, or tool-use rules.
Data Handling
Use sanitized finding uploads for the workbench. Treat local transcripts, hidden context, tool outputs, model-provider credentials, and generated reports as sensitive.
API Keys
Project API keys are scoped, stored hashed at rest, shown only once, and designed for rotation when exposed.
CLI Target Execution
CLI targets can execute local commands. Review scenario files before running them and use explicit approval flags for automated command execution.
Reporting Issues
Report security issues privately through a GitHub security advisory or support@roleplay.sh. Do not include real secrets or customer data in public issues.