API Reference#
pyrit.analytics
#
Handles analytics operations on conversation data, such as finding similar chat messages based on conversation history or embedding similarity. |
pyrit.auth
#
This module contains authentication functionality for a variety of services.
Abstract base class for authenticators. |
|
Azure CLI Authentication. |
|
A utility class for Azure Storage authentication, providing methods to generate SAS tokens using user delegation keys. |
pyrit.auxiliary_attacks
#
pyrit.chat_message_normalizer
#
This module contains the functionality to normalize chat messages into compatible formats for targets.
A no-op chat message normalizer that does not modify the input messages. |
|
A chat message normalizer that converts a list of chat messages to a ChatML string. |
|
This class enables you to apply the chat template stored in a Hugging Face tokenizer to a list of chat messages. |
pyrit.cli
#
This module provides command-line interface functionalities for PyRIT. The CLI module is currently experimental.
pyrit.common
#
This module contains common utilities for PyRIT.
Combines two dictionaries containing string keys and values into one. |
|
Combines two lists containing string keys, keeping only unique values. |
|
Converts a local image file to a data URL encoded in base64. |
|
Displays response images if running in notebook environment. |
|
Download a chunk of the file with a specified byte range. |
|
Download a file in multiple segments (splits) using byte-range requests. |
|
Download multiple files with parallel downloads and segmented downloading. |
|
Downloads specific files from a Hugging Face model repository. |
|
Fetches available files for a model from the Hugging Face repository. |
|
Get the httpx client for making requests. |
|
Gets a non-required value from an environment variable or a passed value, prefering the passed value. |
|
Generate a list of random indices based on the specified proportion of a given size. |
|
Gets a required value from an environment variable or a passed value, prefering the passed value |
|
Initializes PyRIT with the provided memory instance and loads environment files. |
|
Determines if the code is running in an IPython session. |
|
Make a request and raise an exception if it fails. |
|
Print chat messages with color to console. |
|
A metaclass for creating singleton classes. |
|
Abstract base class for objects that can be loaded from YAML files. |
pyrit.datasets
#
Retrieve AdvBench examples enhanced with categories from a collaborative and human-centered harms taxonomy. |
|
Fetch examples from the Aya Red-teaming dataset with optional filtering and create a SeedPromptDataset. |
|
Fetch the Babelscape/ALERT dataset and create a SeedPromptDataset. |
|
Fetch CCP-sensitive-prompts examples and create a SeedPromptDataset. |
|
Fetch DarkBench examples and create a SeedPromptDataset. |
|
Fetch DecodingTrust Stereotypes examples and create a SeedPromptDataset. |
|
Fetches the EquityMedQA dataset from Hugging Face and returns a SeedPromptDataset. |
|
Fetch examples from a specified source with caching support. |
|
Fetch Forbidden question dataset and return it as a SeedPromptDataset |
|
Fetch HarmBench examples and create a SeedPromptDataset. |
|
Fetch the LibrAI 'Do Not Answer' dataset and return it as a SeedPromptDataset. |
|
Fetch many-shot jailbreaking dataset from a specified source. |
|
Fetch examples from AILuminate v1.0 DEMO Prompt Set and create a SeedPromptDataset. |
|
Fetch multilingual vulnerability examples from "A Framework to Assess Multilingual Vulnerabilities of LLMs" and create a SeedPromptDataset. |
|
Fetch PKU-SafeRLHF examples and create a SeedPromptDataset. |
|
Fetch SecLists AI LLM Bias Testing examples from a specified source and create a SeedPromptDataset. |
|
Fetch SOSBench dataset and create a SeedPromptDataset. |
|
Fetch TDC23-RedTeaming examples and create a SeedPromptDataset. |
|
Fetch WMDP examples and create a QuestionAnsweringDataset. |
|
Fetch XSTest examples and create a SeedPromptDataset. |
pyrit.embedding
#
pyrit.exceptions
#
Exception class for bad client requests. |
|
Exception class for empty response errors. |
|
Exception class for blocked content errors. |
|
Exception class for missing prompt placeholder errors. |
|
A decorator to apply retry logic with exponential backoff to a function. |
|
A decorator to apply retry logic with exponential backoff to a function. |
|
A decorator to apply retry logic. |
|
Exception class for authentication errors. |
|
Checks if the response message is in JSON format and removes Markdown formatting if present. |
pyrit.memory
#
A class to manage conversation memory using Azure SQL Server as the backend database. |
|
Provides a centralized memory instance across the framework. |
|
A class to manage conversation memory using DuckDB as the backend database. |
|
Represents the embedding data associated with conversation entries in the database. |
|
Abstract interface for conversation memory storage systems. |
|
The MemoryEmbedding class is responsible for encoding the memory embeddings. |
|
Handles the export of data to various formats, currently supporting only JSON format. |
|
Represents the prompt data. |
pyrit.models
#
Built-in mutable sequence. |
|
Implementation of StorageIO for Azure Blob Storage. |
|
Represents a dataset of chat messages. |
|
alias of |
|
Constructs a response entry from a request. |
|
Abstract base class for data type normalizers. |
|
Factory method to create a DataTypeSerializer instance. |
|
Implementation of StorageIO for local disk storage. |
|
Groups prompt request pieces from the same conversation into PromptRequestResponses. |
|
Represents a piece of a prompt request to a target. |
|
alias of |
|
alias of |
|
Represents a response to a prompt request. |
|
Represents a dataset for question answering. |
|
Represents a question model. |
|
Represents a choice for a question. |
|
alias of |
|
Represents a seed prompt with various attributes and metadata. |
|
SeedPromptDataset manages seed prompts plus optional top-level defaults. |
|
A group of prompts that need to be sent together, along with an objective. |
|
Abstract interface for storage systems (local disk, Azure Storage Account, etc.). |
|
Score is an object that validates all the fields. |
pyrit.orchestrator
#
The CrescendoOrchestrator class represents an orchestrator that executes the Crescendo attack. |
|
This orchestrator implements the Flip Attack method found here: https://arxiv.org/html/2410.02832v1. |
|
An orchestrator that explores a variety of jailbreak options via fuzzing. |
|
The MultiTurnOrchestrator is an interface that coordinates attacks and conversations between a adversarial_chat target and an objective_target. |
|
The result of an orchestrator. |
|
This orchestrator implements the Prompt Automatic Iterative Refinement (PAIR) algorithm |
|
Question Answering Benchmark Orchestrator for processing multiple choice questions. |
|
This orchestrator scores prompts in a parallelizable and convenient way. |
|
Creates an orchestrator that executes a skeleton key jailbreak. |
|
TreeOfAttacksWithPruningOrchestrator follows the TAP alogrithm to attack a chat target. |
|
pyrit.prompt_converter
#
Adds a string to an image and wraps the text into multiple lines if necessary. |
|
Adds an image to a video at a specified position. |
|
Adds a string to an image and wraps the text into multiple lines if necessary. |
|
Generates prompts with ANSI codes to evaluate LLM behavior and system risks. |
|
Uses the art package to convert text into ASCII art. |
|
Implements encoding and decoding using Unicode Tags. |
|
Encodes text using the Atbash cipher. |
|
Shifts the frequency of an audio file by a specified value. |
|
Transcribes a .wav audio file into text using Azure AI Speech service. |
|
Generates a wave file from a text prompt using Azure AI Speech service. |
|
Converter that encodes text to base64 format. |
|
Transforms input text into its binary representation with configurable bits per character (8, 16, or 32). |
|
Encodes text using the Caesar cipher with a specified offset. |
|
Spaces out the input prompt and removes specified punctuations. |
|
Applies character swapping to words in the prompt to test adversarial textual robustness. |
|
Encrypts user prompt, adds stringified decrypt function in markdown and instructions. |
|
Converts text into colloquial Singaporean context. |
|
The result of a prompt conversion, containing the converted output and its type. |
|
Replaces forbidden words or phrases in a prompt with synonyms using an LLM. |
|
Applies diacritics to specified characters in a string. |
|
Converts English text to randomly chosen circle or square character emojis. |
|
Flips the input text prompt. |
|
Uses multiple prompt templates to generate new prompts. |
|
Generates versions of a prompt with new, prepended sentences. |
|
Generates versions of a prompt with rephrased sentences. |
|
Generates versions of a prompt with shortened sentences. |
|
Generates versions of a prompt with similar sentences. |
|
Allows review of each prompt sent to a target before sending it. |
|
Inserts punctuation into a prompt to test robustness. |
|
Converts a string to a leetspeak version. |
|
Represents a generic LLM converter that expects text to be transformed (e.g. no JSON parsing or format). |
|
Generates malicious questions using an LLM. |
|
Converts natural language instructions into symbolic mathematics problems using an LLM. |
|
Encodes prompts using morse code. |
|
Injects noise errors into a conversation using an LLM. |
|
Converts a text prompt into a PDF file. |
|
Rephrases prompts using a variety of persuasion techniques. |
|
Base class for converters that transform prompts into a different representation or format. |
|
Converts a text string to a QR code image. |
|
Takes a prompt and randomly capitalizes it by a percentage of the total characters. |
|
Repeats a specified token a specified number of times in addition to a given prompt. |
|
Encodes prompts using the ROT13 cipher. |
|
Converts a string by replacing chosen phrase with a new phrase of choice. |
|
Encodes and decodes text using a bit-level approach. |
|
Converts text by joining its characters with the specified join value. |
|
Appends a specified suffix to the prompt. |
|
Converts text to superscript. |
|
Uses a template to randomly split a prompt into segments defined by the template. |
|
Converts a conversation to a different tense using an LLM. |
|
Uses a jailbreak template to create a prompt. |
|
Converts text to a hexadecimal encoded utf-8 string. |
|
Converts a conversation to a different tone using an LLM. |
|
Generates toxic sentence starters using an LLM. |
|
Translates prompts into different languages using an LLM. |
|
Applies substitutions to words in the prompt to test adversarial textual robustness by replacing characters with visually similar ones. |
|
Converts a prompt to its unicode representation. |
|
Encodes the prompt using any unicode starting point. |
|
Converts a prompt to a URL-encoded string. |
|
Generates variations of the input prompts using the converter target. |
|
Encodes and decodes text using Unicode Variation Selectors. |
|
Converts text into cursed Zalgo text using combining Unicode marks. |
|
Injects zero-width spaces between characters in the provided text to bypass content safety mechanisms. |
pyrit.prompt_normalizer
#
Represents the configuration for a prompt response converter. |
|
Represents a single request sent to normalizer. |
pyrit.prompt_target
#
The AzureBlobStorageTarget takes prompts, saves the prompts to a file, and stores them as a blob in a provided storage account container. |
|
HTTP_Target is for endpoints that do not have an API and instead require HTTP request(s) to send a prompt |
|
The HuggingFaceChatTarget interacts with HuggingFace models, specifically for conducting red teaming activities. |
|
The HuggingFaceEndpointTarget interacts with HuggingFace models hosted on cloud endpoints. |
|
A decorator to enforce rate limit of the target through setting requests per minute. |
|
OpenAI DALL-E Target for generating images from text prompts. |
|
This class facilitates multimodal (image and text) input and text output generation |
|
This class enables communication with endpoints that support the OpenAI Response API. |
|
A prompt chat target is a target where you can explicitly set the conversation history using memory. |
|
PromptShield is an endpoint which detects the presence of a jailbreak. |
|
The TextTarget takes prompts, adds them to memory and writes them to io which is sys.stdout by default |
pyrit.score
#
A scorer that aggregates other true_false scorers using a specified aggregation function. |
|
A scorer that applies a threshold to a float scale score to make it a true/false score. |
|
Create scores from manual human input and adds them to the database. |
|
Create scores from manual human input using Gradio and adds them to the database. |
|
Create a score from analyzing the entire conversation and adds them to the database. |
|
Returns true if an attack or jailbreak has been detected by Prompt Shield. |
|
A class that represents a question answering scorer. |
|
Abstract base class for scorers. |
|
A class that represents a self-ask score for text classification and scoring. |
|
A class that represents a "self-ask" score for text scoring for a likert scale. |
|
A self-ask scorer that detects refusal in AI responses. |
|
A class that represents a "self-ask" score for text scoring for a customizable numeric scale. |
|
A class that represents a self-ask true/false for scoring. |
|
A class that represents a self-ask question answering scorer. |
|
Scorer that checks if a given substring is present in the text. |
|
A scorer that inverts a true false score. |
|
A class that represents a true/false question. |
|