Skip to main content

Adversarial Design Thinking

This is a set of exercises adapted from human-centered design for use in adversarial testing of AI systems. They help you generate better attack ideas, document what you tried, and communicate what you found.

They're not a replacement for your existing process. They're workshop tools that plug into it.

Why empathy matters here

Human-centered design starts with empathy. Understanding the people who use a system, what they need, and where their experience breaks down. In adversarial testing, the "users" are attackers.

The same methods that help designers understand legitimate users help red teamers understand adversarial ones. Empathy mapping, journey mapping, structured ideation, and gap analysis are all standard HCD tools. Applied to adversarial testing, they help you move from intuition to something more deliberate. You stop guessing what an attacker might do and start modeling how different attackers think, plan, and adapt.

The exercises

Attacker personas. Empathy maps adapted for adversarial actors. Instead of loosely "thinking like a hacker," you build specific profiles with defined motivations, capabilities, and constraints.

Attack journey maps. Multi-turn attack chains documented as sequences with intent, escalation, and decision points. Another tester can pick up your map and replicate what you tried.

Adversarial ideation. Structured brainstorming for generating attack vectors. Divergent thinking surfaces approaches you wouldn't reach by scrolling through jailbreak lists.

Vulnerability framing. Norman's Gulf of Execution and Gulf of Evaluation applied to AI systems. A way to identify where the gap between intended behavior and actual behavior creates openings.

Harm-centered reporting. Findings documented with both technical severity and human impact. Useful for communicating with stakeholders who don't think in CVSS scores.

How to use this site

Read the Concepts section to understand the thinking behind each exercise. Each page explains one HCD method adapted for adversarial testing, with a worked example.

Grab the Artifacts to run the exercises. Each artifact is a template or worksheet you can use immediately. No process overhaul required.

The concepts explain the reasoning. The artifacts let you skip straight to doing the work.