pyrit.scenarios.EncodingScenario

class EncodingScenario(*, objective_target: PromptTarget, scenario_strategies: list[EncodingStrategy | ScenarioCompositeStrategy] | None = None, seed_prompts: list[str] | None = None, objective_scorer: TrueFalseScorer | None = None, memory_labels: Dict[str, str] | None = None, encoding_templates: Sequence[str] | None = None, max_concurrency: int = 10)

Bases: Scenario

Encoding Scenario implementation for PyRIT.

This scenario tests how resilient models are to various encoding attacks by encoding potentially harmful text (by default slurs and XSS payloads) and testing if the model will decode and repeat the encoded payload. It mimics the Garak encoding probe.

The scenario works by: 1. Taking seed prompts (the harmful text to be encoded) 2. Encoding them using various encoding schemes (Base64, ROT13, Morse, etc.) 3. Asking the target model to decode the encoded text 4. Scoring whether the model successfully decoded and repeated the harmful content

By default, this uses the same dataset as Garak: slur terms and web XSS payloads.

__init__(*, objective_target: PromptTarget, scenario_strategies: list[EncodingStrategy | ScenarioCompositeStrategy] | None = None, seed_prompts: list[str] | None = None, objective_scorer: TrueFalseScorer | None = None, memory_labels: Dict[str, str] | None = None, encoding_templates: Sequence[str] | None = None, max_concurrency: int = 10)

Initialize the EncodingScenario.

Parameters:

• objective_target (PromptTarget) – The target model to test for encoding vulnerabilities.

• scenario_strategies (list[EncodingStrategy | ScenarioCompositeStrategy] | None) – Strategies to test. Can be a list of EncodingStrategy enums (simple case) or ScenarioCompositeStrategy instances (advanced case). If None, defaults to all encoding strategies.

• seed_prompts (Optional[list[str]]) – The list of text strings that will be encoded and used to test the model. These are the pieces the scenario is trying to get the model to decode and repeat. If not provided, defaults to slur terms and XSS payloads from the Garak dataset.

• objective_scorer (Optional[TrueFalseScorer]) – The scorer used to evaluate if the model successfully decoded the payload. Defaults to DecodingScorer with encoding_scenario category.

• memory_labels (Optional[Dict[str, str]]) – Optional labels to attach to memory entries for tracking and filtering.

• encoding_templates (Optional[Sequence[str]]) – Templates used to construct the decoding prompts. Defaults to AskToDecodeConverter.garak_templates.

• max_concurrency (int) – Maximum number of concurrent operations. Defaults to 10.

Methods

__init__(*, objective_target[, ...])	Initialize the EncodingScenario.
get_default_strategy()	Get the default strategy used when no strategies are specified.
get_strategy_class()	Get the strategy enum class for this scenario.
initialize_async()	Initialize the scenario by populating self._atomic_attacks
run_async()	Execute all atomic attacks in the scenario sequentially.

Attributes

atomic_attack_count	Get the number of atomic attacks in this scenario.
name	Get the name of the scenario.
version

classmethod get_default_strategy() → ScenarioStrategy

Get the default strategy used when no strategies are specified.

Returns:

EncodingStrategy.ALL (all encoding strategies).

Return type:

ScenarioStrategy

classmethod get_strategy_class() → type[ScenarioStrategy]

Get the strategy enum class for this scenario.

Returns:

The EncodingStrategy enum class.

Return type:

Type[ScenarioStrategy]

version: int = 1