Skip to content

FEAT: Jailbreak Scenario #1329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ValbuenaVC wants to merge 11 commits into
base: main
Choose a base branch
from
Open

FEAT: Jailbreak Scenario #1329

ValbuenaVC wants to merge 11 commits into from
+518 −0

Conversation

@ValbuenaVC
Copy link
Contributor

@ValbuenaVC ValbuenaVC commented Jan 26, 2026
edited
Loading

Description

Addition of a jailbreak scenario to PyRIT, which applies jailbreak templates to a set of test prompts and sends them to the target. Credit to @fdubut for developing the scenario.

Tests and Documentation

Adding test_jailbreak.py under the unit tests.

Victor Valbuena added 2 commits January 26, 2026 20:06
@fdubut
Copy link
Contributor

fdubut commented Jan 26, 2026

Thanks @ValbuenaVC for picking this up! One improvement I had in mind was to create more strategies by running the different groups of jailbreaks we have in PyRIT. Right now I have only the one at the root of the directory, but we added quite a few more recently, and it would make sense to have one strategy per folder (and ALL to run them all).

@ValbuenaVC ValbuenaVC marked this pull request as ready for review January 28, 2026 19:26
@ValbuenaVC ValbuenaVC changed the title [DRAFT] FEAT: Jailbreak Scenario FEAT: Jailbreak Scenario Jan 28, 2026
fdubut
fdubut approved these changes Jan 29, 2026
View reviewed changes
Copy link
Contributor

@fdubut fdubut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

rlundeen2
rlundeen2 reviewed Jan 29, 2026
View reviewed changes
pyrit/datasets/seed_datasets/local/airt/jailbreak.prompt
@@ -0,0 +1,16 @@
dataset_name: airt_jailbreak
Copy link
Contributor

@rlundeen2 rlundeen2 Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we potentially have a more descriptive name? Jailbreak has a different meaning in pyrit. Potentially "airt_jailbreak_scenario"

Copy link
Contributor

@rlundeen2 rlundeen2 Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or really "airt_harms.prompt" is also good

rlundeen2
rlundeen2 reviewed Jan 29, 2026
View reviewed changes
pyrit/scenario/scenarios/airt/jailbreak.py
# Will be resolved in _get_atomic_attacks_async
self._seed_groups: Optional[List[SeedAttackGroup]] = None

def _get_default_objective_scorer(self) -> TrueFalseScorer:
Copy link
Contributor

@rlundeen2 rlundeen2 Jan 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not for this PR, but wondering if we should just make _get_default_objective_scorer a non-abstract base class

rlundeen2
rlundeen2 reviewed Jan 29, 2026
View reviewed changes
pyrit/scenario/scenarios/airt/jailbreak.py

return list(seed_groups)

def _get_all_jailbreak_templates(self) -> List[str]:
Copy link
Contributor

@rlundeen2 rlundeen2 Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend using/extending the TextJailBreak class instead of looking for the yaml directly.

Copy link
Contributor

@rlundeen2 rlundeen2 Jan 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also wonder if the number of jailbreaks could have some further filtering from the scenario strategy, so it's not necessarily always "all". It could be random N, or it could be a subcategory, or maybe other.

This is probably important so we can have shorter or more targeted runs.

rlundeen2
rlundeen2 reviewed Jan 29, 2026
View reviewed changes
pyrit/scenario/scenarios/airt/jailbreak.py
)

# Create the attack
attack = PromptSendingAttack(
Copy link
Contributor

@rlundeen2 rlundeen2 Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(not required) Wonder if we should send multiple times as an option

@rlundeen2 rlundeen2 self-assigned this Jan 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rlundeen2 rlundeen2 rlundeen2 left review comments

+1 more reviewer

@fdubut fdubut fdubut approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@rlundeen2 rlundeen2

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ValbuenaVC @fdubut @rlundeen2