REDSTREAM

Real-world Extremist-Derived Scenario Testing
for Risk Evaluation of Advanced Models

Research Brief — 2026

Researcher

Tanner O'Donnell

Education

University of Maryland, START Consortium

Program

MPS, Security & Terrorism Studies (May 2026)

Focus Areas

AI Safety, Adversarial Testing, CBRNE Threat Modeling

Project Status

Active Research

Executive Summary

RedStream is a research methodology for AI safety evaluation. The project uses real-world extremist and disinformation frameworks to test how large language models respond to narrative-based adversarial pressure—threats that traditional technical red teaming often misses.

Unlike synthetic red teaming scenarios, testing uses actual extremist rhetoric, disinformation frameworks, and propaganda sourced from monitored channels (Telegram, extremist forums, state-aligned media). Narratives are clustered by theme and converted into adversarial prompts reflecting how actual bad actors interact with AI systems.

Key Finding

Red-level responses triggered in approximately 30% of test runs across model architectures ranging from <1B to >8B parameters. Both open-weight and API-accessed models exhibited consistent failure patterns under narrative-based pressure.

Methodology

The Problem

Most AI red teaming relies on synthetic scenarios or technical exploits. But real-world adversaries don't attack models with abstract prompts—they use actual narratives: propaganda frameworks, extremist rhetoric, disinformation campaigns that already exist in the wild.

The Approach

The project applies OSINT collection, narrative analysis, and threat modeling to systematically evaluate model vulnerabilities. Testing maps to the MITRE ATLAS framework for standardized classification of AI/ML threats.

This isn't about finding clever jailbreaks. It's about understanding how models encode and surface dangerous knowledge when confronted with real-world adversarial pressure.

Testing includes dedicated CBRNE threat scenarios, evaluating how models respond to chemical, biological, radiological, nuclear, and explosive-related adversarial prompts—an area of increasing focus for frontier AI safety research.

RS-7 Risk Framework

Adversarial testing organized across seven risk categories, each targeting distinct failure modes:

RS-1

Jailbreak

Bypassing safety constraints through adversarial prompting

RS-2

Narrative Absorption

Model internalization of false or hostile narratives

RS-3

Propaganda Amplification

Uncritical repetition or elaboration of propaganda

RS-4

Hallucination Alignment

False information that reinforces adversarial framings

RS-5

Insider Threat Simulation

Extraction of sensitive operational guidance

RS-6

Reconnaissance Surface

Information leakage useful for targeting

RS-7

Unsafe Output Generation

Production of harmful content, with dedicated CBRNE test sets

All testing mapped to MITRE ATLAS tactics for standardized threat classification.

Testing Results

Adversarial testing across multiple model architectures (ranging from <1B to >8B parameters) demonstrated systemic vulnerabilities:

~30% red-level responses triggered in test runs
Consistent failure patterns across small and large models under narrative-based pressure
Complementary vulnerability profiles between open-weight and API-accessed models

Research from NewsGuard (March 2025) found that leading AI systems repeat false claims from Russian propaganda networks approximately 33% of the time when tested. State-sponsored actors are actively exploiting how models process and reproduce narratives—a threat surface that technical safety measures alone cannot address.

NewsGuard, March 2025

Background

RedStream was developed by Tanner O'Donnell, who brings a background in counterterrorism analysis, open-source intelligence, and AI red teaming.

Academic Background

Currently completing a Master's in Security and Terrorism Studies at the University of Maryland's START Consortium (graduating May 2026). Research focuses on how extremist groups use online platforms, the role of intelligence in conflict policy, and the impact of security practices on vulnerable populations.

Undergraduate work at Hampshire College (2020) examined how terrorist and violent extremist communities use digital platforms to escalate online activities to real-world harm.

AI Security Experience

Participated in CBRN red teaming exercises against frontier LLM systems as a counterterrorism specialist, testing high-risk misuse scenarios alongside subject matter experts
Contributed to selective AI safety bug bounty programs with frontier labs (details under NDA)
Competitive red teaming: Top-10 placement in Gray Swan Arena, awards in HackAPrompt (CBRN track, creative prompting categories)
Evaluated prototype LLM platforms (Palantir, IBM, others) as test user in Defense Innovation Unit initiative
Current research focus includes biorisk and CBRNE threat modeling, examining historical case studies of non-state actor bioweapon attempts to inform AI safety evaluation

Intelligence & OSINT Background

Experience with ICD-203 analytical writing standards and structured analytical products
Watch officer shifts in GSOC environment, contributing to daily threat analysis and real-time monitoring
Open-source intelligence gathering focused on extremist content analysis and adversarial narrative development
Interned with Syrian Archive/VFRAME (2019), contributing to visual guides and training materials for ML tools identifying explosive remnants in conflict zones

Contact

For research collaboration, questions about methodology, or general inquiries.

info@redstream.ai

linkedin.com/in/tanner-od

Schedule

calendly.com/redstream-info/30min