Courtesy: Keysight Applied sciences
Blackbox AI is an AI-powered coding assistant designed to reinforce developer productiveness by providing options comparable to code era, code search, and code completion throughout a number of programming languages. It integrates seamlessly with widespread growth environments like Visible Studio Code and offers instruments for duties together with autocompletion, pure language to code conversion, and code extraction from numerous sources.
The platform employs a multi-model structure, integrating a number of superior giant language fashions (LLMs) to ship complete coding help. These embody GPT-4o, Claude 3.5 Sonnet, Gemini Professional, LLaMA 3.1, DeepSeek R1 and extra .
Community Visitors Evaluation
The ATI group in Keysight has analyzed the community site visitors of Blackbox AI and located some fascinating insights, which might be useful for different researchers, optimize efficiency and guarantee safe utilization. This was completed utilzing a HAR captures of an online session. Blackbox AI operates with commonplace net protocols, counting on safe TLS encryption for communication.
General Evaluation
We’ve got carried out in depth person interactions with the Blackbox AI net software. The captured site visitors was utterly TLS encrypted. We’ve got additional analyzed the site visitors based mostly on host names.
Within the determine above we are able to observe the utmost variety of request-response was seen by www.blackbox.ai adopted by www.useblackbox.io. The primary host has been noticed as the principle host accountable for dealing with core dynamic functionalities comparable to person authentication and session administration. Whereas the latter is for telemetry and analytics, logging occasions, and person interactions.
The diagram above exhibits that the host www.blackbox.ai has the utmost cumulative payload adopted by api-iam.intercom.io. The remainder of the hosts are creating smaller community footprints.
Analyzing Endpoints
By analyzing the HAR file, we acquire an in depth view of the HTTP requests and responses between the shopper and Blackbox AI’s servers. This evaluation focuses on crucial endpoints and their roles within the platform’s performance.
Session Authentication
Endpoint: /api/auth/session
- Objective: Checks or retrieves the present person session and associated authentication standing.
- Request Headers:
- Settle for: software/json
- Content material-Kind: software/json
- Origin: https://www.blackbox.ai (Ensures requests originate from BlackBox AI’s platform)
- Response Standing: 200 OK (energetic session or session information returned)
- Response Physique: JSON object containing person session standing, expiry, and authentication particulars
This endpoint is important for sustaining safe entry to Blackbox AI, permitting the platform to confirm and handle person classes and authentication standing.
Question Execution
Endpoint: /api/chat
- Objective: Processes person queries and returns AI-generated responses.
- Request Headers:
- Content material-Kind: software/json
- Settle for: software/json
- Origin: https://www.blackbox.ai (Ensures requests originate from BlackBox AI’s platform)
- Request Payload: JSON object with the person’s question and session particulars.
- Response Standing: 200 OK (profitable question processing)
This endpoint is central to Blackbox AI’s performance, enabling dynamic interactions between customers and the AI mannequin.
Supply Verification
Endpoint: /api/check-sources
- Objective: Validates the origin of the supplied enter or context for producing responses or citations.
Request Headers: - Content material-Kind: software/json
- Settle for: software/json
- Origin: https://www.blackbox.ai (Ensures requests originate from BlackBox AI’s platform)
- Request Payload: Comprises the question kind and the person’s enter
- Response Standing: 200 OK (supply verify accomplished)
- Response Physique: JSON object with supply metadata or validation outcomes
This endpoint ensures the integrity of AI responses by validating the origin and credibility of the person’s enter, reinforcing belief in generated outputs.
Telemetry Logging
Endpoint: /tlm
- Objective: Logs person conduct or system diagnostics to assist enhance product efficiency and stability.
Request Headers: - Content material-Kind: software/json
- Settle for: */*
- Origin: https://www.blackbox.ai (Ensures requests originate from BlackBox AI’s platform)
- Request Payload: The request payload accommodates a JSON object logging a person occasion with its kind, timestamp, and particular particulars just like the motion carried out and its period.
- Response Standing: 200 OK (telemetry occasion accepted)
- Response Physique: Affirmation message or standing log
This endpoint helps platform reliability and person expertise optimization by capturing detailed telemetry information on person conduct and system efficiency.
NOTE: Whereas BLACKBOX AI might be helpful, it’s a prohibited software by many firms and authorities entities. Coverage and technical programs have to be in place to forestall utilization, and it’s important to verify this through check utilizing BreakingPoint. These checks assist validate the safety measures and assist organizations stop unintentional or malicious use of the platform.
Blackbox AI Visitors Simulation in Keysight ATI
At Keysight Applied sciences Utility and Risk Intelligence (ATI), since we at all times attempt to ship the recent trending software, now we have printed the community site visitors associated to Blackbox AI in ATI-2025-07 StrikePack which simulates the HAR collected from the Blackbox AI net software as of April 2025 together with completely different person actions like performing text-based queries, importing multimedia information, refining search outcomes, managing saved searches. Right here all of the HTTP transactions are replayed in HTTP/2 over TLS1.3.
The Blackbox AI software and its 4 new Superflows as proven under:
Leverage Subscription Service to Keep Forward of Assaults
Keysight’s Utility and Risk Intelligence subscription offers every day malware and bi-weekly updates of the newest software protocols and vulnerabilities to be used with Keysight check platforms. The ATI Analysis Centre repeatedly displays threats as they seem within the wild. Clients of BreakingPoint now have entry to assault campaigns for various superior persistent threats, permitting BreakingPoint Clients to check their at the moment deployed safety management’s potential to detect or block such assaults.
