## TL;DR
AI red teaming applies adversarial testing methodologies to AI systems — probing for jailbreaks, prompt injection, bias exploitation, and data leakage. Microsoft, Anthropic, and OWASP have established red teaming as a standard practice for responsible AI deployment.

## Core Explanation
Attack taxonomy: prompt injection (direct: override system prompt; indirect: malicious content in retrieved documents), jailbreaking (DAN, role-playing, encoding tricks), data extraction (memorized training data leakage), and model inversion (reconstruct training data from outputs). Multi-modal models introduce new attack surfaces (visual prompt injection via images).

## Detailed Analysis
Defense strategies: input/output filtering, constitutional AI (principle-based self-regulation), RLHF preference training for safety, and structured output validation. Automated red teaming tools (Garak, PromptFoo, Microsoft's PyRIT) scale adversarial testing. The cat-and-mouse dynamic between attacks and defenses is ongoing.

## Further Reading
- redteams.ai: AI Red Teaming Wiki
- Anthropic: Safety Research
- Microsoft PyRIT: Python Risk Identification Tool