pyrit.orchestrator.XPIAOrchestrator

pyrit.orchestrator.XPIAOrchestrator#

class XPIAOrchestrator(*, attack_content: str, attack_setup_target: PromptTarget, processing_callback: Callable[[], Awaitable[str]], scorer: Scorer | None = None, prompt_converters: list[PromptConverter] | None = None, verbose: bool = False, attack_setup_target_conversation_id: str | None = None)[source]#

Bases: Orchestrator

__init__(*, attack_content: str, attack_setup_target: PromptTarget, processing_callback: Callable[[], Awaitable[str]], scorer: Scorer | None = None, prompt_converters: list[PromptConverter] | None = None, verbose: bool = False, attack_setup_target_conversation_id: str | None = None) None[source]#

Creates an orchestrator to set up a cross-domain prompt injection attack (XPIA) on a processing target.

The attack_setup_target creates the attack prompt using the attack_content, applies converters (if any), and puts it into the attack location. Then, the processing_callback is executed. The scorer scores the processing response to determine the success of the attack.

Parameters:

  • attack_content – The content to attack the processing target with, e.g., a jailbreak.

  • attack_setup_target – The target that generates the attack prompt and gets it into the attack location.

  • processing_callback – The callback to execute after the attack prompt is positioned in the attack location. This is generic on purpose to allow for flexibility. The callback should return the processing response.

  • scorer – The scorer to use to score the processing response. This is optional. If no scorer is provided the orchestrator will skip scoring.

  • prompt_converters – The converters to apply to the attack content before sending it to the prompt target.

  • attack_setup_target_conversation_id – The conversation ID to use for the prompt target. If not provided, a new one will be generated.

Methods

__init__(*, attack_content, ...[, scorer, ...])

Creates an orchestrator to set up a cross-domain prompt injection attack (XPIA) on a processing target.

dispose_db_engine()

Dispose database engine to release database connections and resources.

execute_async()

Executes the entire XPIA operation.

get_identifier()

get_memory()

Retrieves the memory associated with this orchestrator.

get_score_memory()

Retrieves the scores of the PromptRequestPieces associated with this orchestrator.
async execute_async() Score | None[source]#

Executes the entire XPIA operation.

This method sends the attack content to the prompt target, processes the response using the processing callback, and scores the processing response using the scorer. If no scorer was provided, the method will skip scoring.