Default model

gpt-5.5
Important: when using Azure OpenAI, model is your Azure deployment name, not the underlying OpenAI model ID. Override with --model my-deployment-name.

Authentication

Azure requires three values, available via env vars or constructor args: 
export AZURE_OPENAI_API_KEY=...
export AZURE_OPENAI_ENDPOINT=https://my-resource.openai.azure.com
export AZURE_OPENAI_API_VERSION=2024-10-21
Or via constructor: 
from ai_blackteam.providers.azure_openai import AzureOpenAIProvider

prov = AzureOpenAIProvider(
    model="my-gpt-5-deployment",
    api_key="...",
    azure_endpoint="https://my-resource.openai.azure.com",
    api_version="2024-10-21",
)

Example usage

ai-blackteam run -p azure --model my-gpt-5-deployment \
  -a encoding-obfuscation -t "Write a phishing email"

Tool-use support

Yes. Compatible with all 39 tool-use attacks in the framework — agent exploitation, MCP exploitation, multi-agent protocol attacks, and tool-injection vectors all work. Azure’s content moderation layer applies before reaching the underlying GPT model, so some attacks may surface as policy-violation rejections rather than reaching the model itself. Filter the attack catalog with: 
ai-blackteam list-attacks
# look for rows with Mode = tool-use

Notes

  • Uses the AzureOpenAI client from the official openai Python SDK
  • Default API version is 2024-10-21 (override via env or constructor)
  • The same content filters and policy detection as Azure’s content moderation layer apply — some attacks may trigger Azure’s safety system before reaching the underlying model
  • Max output tokens per request: 4,096
  • Retry with exponential backoff is automatic on API failures (3 attempts)