Skip to content

RedTeam Updates from implementation #34023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kseager merged 2 commits into from
Apr 21, 2025
Merged

RedTeam Updates from implementation #34023

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f5666e6
updates from implementation
kseager Apr 17, 2025
0fbf66d
update to match docs: https://learn.microsoft.com/en-us/azure/ai-foun…
kseager Apr 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 56 additions & 11 deletions specification/ai/Azure.AI.Projects/red-teams/models.tsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,32 +21,77 @@ namespace Azure.AI.Projects;
union AttackStrategy {
string,

@doc("Represents a default set of easy complexity attacks. Easy complexity attack strategies are defined as attacks that do not require any Large Language Model to convert or orchestrate.")
@doc("Represents a default set of easy complexity attacks. Easy complexity attacks require less effort, such as translation of a prompt into some encoding, and does not require any Large Language Model to convert or orchestrate.")
Easy: "easy",

@doc("Represents ASCII art, a graphic design technique that uses printable characters.")
@doc("Represents a default set of moderate complexity attacks. Moderate complexity attacks require having access to resources such as another generative AI model.")
Moderate: "moderate",

@doc("Represents a default set of difficult complexity attacks. Difficult complexity attacks include attacks that require access to significant resources and effort to execute an attack such as knowledge of search-based algorithms in addition to a generative AI model.")
Difficult: "difficult",

@doc("Generates visual art using ASCII characters, often used for creative or obfuscation purposes.")
AsciiArt: "ascii_art",

@doc("Represents ASCII smuggling, a technique for encoding or hiding data.")
@doc("Conceals data within ASCII characters, making it harder to detect.")
AsciiSmuggler: "ascii_smuggler",

@doc("Represents the Atbash cipher, a substitution cipher that reverses the alphabet.")
@doc("Implements the Atbash cipher, a simple substitution cipher where each letter is mapped to its reverse.")
Atbash: "atbash",

@doc("Represents Base64 encoding, a method for encoding binary data as text.")
@doc("Encodes binary data into a text format using Base64, commonly used for data transmission.")
Base64: "base64",

@doc("Represents binary encoding, a representation of data in binary format.")
@doc("Converts text into binary code, representing data in a series of 0s and 1s.")
Binary: "binary",

@doc("Represents the Caesar cipher, a substitution cipher that shifts characters.")
@doc("Applies the Caesar cipher, a substitution cipher that shifts characters by a fixed number of positions.")
Caesar: "caesar",

@doc("Represents character space manipulation, a technique involving spacing between characters.")
@doc("Alters text by adding spaces between characters, often used for obfuscation.")
CharacterSpace: "character_space",

@doc("Represents character swapping, a technique for rearranging characters in text.")
@doc("Injects specially crafted prompts to bypass AI safeguards, known as User Injected Prompt Attacks (UPIA).")
Jailbreak: "jailbreak",

@doc("Utilizes ANSI escape sequences to manipulate text appearance and behavior.")
AnsiiAttack: "ansii_attack",

@doc("Swaps characters within text to create variations or obfuscate the original content.")
CharacterSwap: "character_swap",

@doc("Appends an adversarial suffix to the prompt.")
SuffixAppend: "suffix_append",

@doc("Joins multiple strings together, often used for concatenation or obfuscation.")
StringJoin: "string_join",

@doc("Uses Unicode characters that look similar to standard characters, creating visual confusion.")
UnicodeConfusable: "unicode_confusable",

@doc("Substitutes standard characters with Unicode equivalents, often for obfuscation.")
UnicodeSubstitution: "unicode_substitution",

@doc("Adds diacritical marks to characters, changing their appearance and sometimes their meaning.")
Diacritic: "diacritic",

@doc("Flips characters from front to back, creating a mirrored effect.")
Flip: "flip",

@doc("Transforms text into Leetspeak, a form of encoding that replaces letters with similar-looking numbers or symbols.")
Leetspeak: "leetspeak",

@doc("Applies the ROT13 cipher, a simple substitution cipher that shifts characters by 13 positions.")
ROT13: "rot13",

@doc("Encodes text into Morse code, using dots and dashes to represent characters.")
Morse: "morse",

@doc("Encodes text into URL format.")
Url: "url",

@doc("Represents the baseline direct adversarial probing, which is used by attack strategies as the attack objective.")
Baseline: "baseline"
}

@doc("Risk category for the attack objective.")
Expand Down Expand Up @@ -88,13 +133,13 @@ model RedTeam {
id: string;

@doc("Name of the red-team scan.")
scanName: string;
scanName?: string;

@doc("Number of simulation rounds.")
numTurns: int32;

@doc("List of attack strategies or nested lists of attack strategies.")
attackStrategy: AttackStrategy[];
attackStrategies: AttackStrategy[];

@doc("Simulation-only or Simulation + Evaluation. Default false, if true the scan outputs conversation not evaluation result.")
simulationOnly: boolean;
Expand Down
115 changes: 102 additions & 13 deletions ...ion/ai/data-plane/Azure.AI.Projects/preview/2025-05-15-preview/azure-ai-projects-1dp.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1604,14 +1604,29 @@
"description": "Strategies for attacks.",
"enum": [
"easy",
"moderate",
"difficult",
"ascii_art",
"ascii_smuggler",
"atbash",
"base64",
"binary",
"caesar",
"character_space",
"jailbreak"
"jailbreak",
"ansii_attack",
"character_swap",
"suffix_append",
"string_join",
"unicode_confusable",
"unicode_substitution",
"diacritic",
"flip",
"leetspeak",
"rot13",
"morse",
"url",
"baseline"
],
"x-ms-enum": {
"name": "AttackStrategy",
Expand All @@ -1620,47 +1635,122 @@
{
"name": "Easy",
"value": "easy",
"description": "Represents a default set of easy complexity attacks. Easy complexity attack strategies are defined as attacks that do not require any Large Language Model to convert or orchestrate."
"description": "Represents a default set of easy complexity attacks. Easy complexity attacks require less effort, such as translation of a prompt into some encoding, and does not require any Large Language Model to convert or orchestrate."
},
{
"name": "Moderate",
"value": "moderate",
"description": "Represents a default set of moderate complexity attacks. Moderate complexity attacks require having access to resources such as another generative AI model."
},
{
"name": "Difficult",
"value": "difficult",
"description": "Represents a default set of difficult complexity attacks. Difficult complexity attacks include attacks that require access to significant resources and effort to execute an attack such as knowledge of search-based algorithms in addition to a generative AI model."
},
{
"name": "AsciiArt",
"value": "ascii_art",
"description": "Represents ASCII art, a graphic design technique that uses printable characters."
"description": "Generates visual art using ASCII characters, often used for creative or obfuscation purposes."
},
{
"name": "AsciiSmuggler",
"value": "ascii_smuggler",
"description": "Represents ASCII smuggling, a technique for encoding or hiding data."
"description": "Conceals data within ASCII characters, making it harder to detect."
},
{
"name": "Atbash",
"value": "atbash",
"description": "Represents the Atbash cipher, a substitution cipher that reverses the alphabet."
"description": "Implements the Atbash cipher, a simple substitution cipher where each letter is mapped to its reverse."
},
{
"name": "Base64",
"value": "base64",
"description": "Represents Base64 encoding, a method for encoding binary data as text."
"description": "Encodes binary data into a text format using Base64, commonly used for data transmission."
},
{
"name": "Binary",
"value": "binary",
"description": "Represents binary encoding, a representation of data in binary format."
"description": "Converts text into binary code, representing data in a series of 0s and 1s."
},
{
"name": "Caesar",
"value": "caesar",
"description": "Represents the Caesar cipher, a substitution cipher that shifts characters."
"description": "Applies the Caesar cipher, a substitution cipher that shifts characters by a fixed number of positions."
},
{
"name": "CharacterSpace",
"value": "character_space",
"description": "Represents character space manipulation, a technique involving spacing between characters."
"description": "Alters text by adding spaces between characters, often used for obfuscation."
},
{
"name": "Jailbreak",
"value": "jailbreak",
"description": "Represents character swapping, a technique for rearranging characters in text."
"description": "Injects specially crafted prompts to bypass AI safeguards, known as User Injected Prompt Attacks (UPIA)."
},
{
"name": "AnsiiAttack",
"value": "ansii_attack",
"description": "Utilizes ANSI escape sequences to manipulate text appearance and behavior."
},
{
"name": "CharacterSwap",
"value": "character_swap",
"description": "Swaps characters within text to create variations or obfuscate the original content."
},
{
"name": "SuffixAppend",
"value": "suffix_append",
"description": "Appends an adversarial suffix to the prompt."
},
{
"name": "StringJoin",
"value": "string_join",
"description": "Joins multiple strings together, often used for concatenation or obfuscation."
},
{
"name": "UnicodeConfusable",
"value": "unicode_confusable",
"description": "Uses Unicode characters that look similar to standard characters, creating visual confusion."
},
{
"name": "UnicodeSubstitution",
"value": "unicode_substitution",
"description": "Substitutes standard characters with Unicode equivalents, often for obfuscation."
},
{
"name": "Diacritic",
"value": "diacritic",
"description": "Adds diacritical marks to characters, changing their appearance and sometimes their meaning."
},
{
"name": "Flip",
"value": "flip",
"description": "Flips characters from front to back, creating a mirrored effect."
},
{
"name": "Leetspeak",
"value": "leetspeak",
"description": "Transforms text into Leetspeak, a form of encoding that replaces letters with similar-looking numbers or symbols."
},
{
"name": "ROT13",
"value": "rot13",
"description": "Applies the ROT13 cipher, a simple substitution cipher that shifts characters by 13 positions."
},
{
"name": "Morse",
"value": "morse",
"description": "Encodes text into Morse code, using dots and dashes to represent characters."
},
{
"name": "Url",
"value": "url",
"description": "Encodes text into URL format."
},
{
"name": "Baseline",
"value": "baseline",
"description": "Represents the baseline direct adversarial probing, which is used by attack strategies as the attack objective."
}
]
}
Expand Down Expand Up @@ -2775,7 +2865,7 @@
"format": "int32",
"description": "Number of simulation rounds."
},
"attackStrategy": {
"attackStrategies": {
"type": "array",
"description": "List of attack strategies or nested lists of attack strategies.",
"items": {
Expand Down Expand Up @@ -2819,9 +2909,8 @@
},
"required": [
"id",
"scanName",
"numTurns",
"attackStrategy",
"attackStrategies",
"simulationOnly",
"riskCategories"
]
Expand Down
Loading