Probe YAML

YAML probes are a powerful tool to identify security vulnerabilities in your AI agents, MCP endpoints, and LLM components. Using Akto YAML format, you can define probes with metadata, component filters, execution details, and validation checks. These probes can be customized to target agentic-specific vulnerabilities including prompt injections, tool abuse, and permission escalation. Akto Probe Library provides a user-friendly interface to create and edit these probes, making it easy to integrate them into your agentic security workflow.

What is YAML Probe?

A YAML probe in Akto is a configuration file written in YAML (YAML Ain't Markup Language) that defines a set of instructions for probing agent components to find security vulnerabilities. It includes details about the probe, how to select which components to test, how to execute the probe, and how to validate the results. The probe is executed against agent components and MCP endpoints, and the results are used to identify any agentic security issues.

You can create and run probes to detect vulnerabilities in your autonomous systems. Probes are written in Akto's YAML format, which includes sections for metadata, selection filters, execution details, and validation checks.

6 Blocks of Probe Editor

Block 1: ID

Block 2: Info

Block 3: Agentic Component Selection Filters

Block 4: Execute

Block 5: Auth [Optional block]

Block 6: Validate

Learn with Example

Example Agentic Component

Let’s have a comprehensive look at all the possible operators in 1 single yaml.

Example Yaml with all possible operators

Explanation of the above yaml

Info

The Info section contains metadata about the probe:

• Name: The name or title of the probe.

• Description: A detailed explanation of the probe, including objectives, methodologies, and scope.

• Details: Additional context about the probe.

• Impact: The potential risks or consequences associated with the identified vulnerabilities.

• Category: The category or domain the probe falls into.

• SubCategory: Further categorization of the probe.

• Severity: The severity level assigned to the identified vulnerabilities.

• Tags: Descriptive labels or keywords associated with the probe.

• Reference: A list of relevant resources, documentation, or external links related to the probe.

Agentic Component Selection Filters

This section contains a set of filters that can be used to select specific agentic component calls based on various criteria. The filters include:

• response_code: Filters agentic component calls that return a response code between 200 and 300 (inclusive).

• url: Filters agentic component calls that contain the word "user" in the URL.

• method: Filters agentic component calls that use either the POST, PATCH, or PUT HTTP methods.

• request_payload: Filters agentic component calls whose request payload contains a key-value pair where the key matches the regex ".age." and the value is between 15 and 40 (inclusive).

• response_payload: Filters agentic component calls whose response payload does not contain the string "user2."

• request_headers: Filters agentic component calls whose request header contains a key that matches "contains_jwt."

• response_headers: Filters agentic component calls whose response header contains a key that exactly matches "server" and a value that matches the regex "nginx/1.8.0."

Execute

This section contains a set of operations that can be performed on agentic component calls that match the selection criteria specified above. The operations include:

• modify_url: Changes the URL of the agentic component call to "https://xyz.abc.com/api/v2/users."

• modify_method: Changes the HTTP method of the API call to PATCH.

• add_body_param: Adds a key-value pair "k1: v1" to the request body.

• modify_body_param: Changes the value of the "status" key in the request body to "admin."

• delete_body_param: Deletes the "age" key-value pair from the request body.

• add_header: Adds a "h1: v2" key-value pair to the request header.

• modify_header: Changes the value of the "host" key in the request header to "https://xyz.evil.com."

• delete_header: Deletes the "authorization" key-value pair from the request header.

• add_query_param: Adds a "q1: v3" key-value pair to the query string.

• modify_query_param: Changes the value of the "userId" key in the query string to "501."

• delete_query_param: Deletes the "creationFlow" key-value pair from the query string.

• replace_body: Replaces the entire request body with the JSON object {"user": "newUser", "status": "admin"}.

• remove_auth_header: Removes the "authorization" header from the request.

• follow_redirect: Follows any HTTP redirects returned by the API call.

Validate

This section contains a set of validation criteria that can be used to validate the response of the agentic component call after it has been modified by the operations specified in the "Execute" section. The validation criteria include:

• response_code: Validates that the response code of the agentic component call is 201.

• response_payload: Validates that the response payload is not empty and contains either a key "success". Also it checks whether probe response payload and sample response payload content are not similar(difference should be higher than 50%)