Datasets and Seed Prompts

Datasets and Seed Prompts#

11 Feb 2025 - Eugenia Kim

How should we approach datasets in PyRIT? As red teamers, we use multimodal data types - text, images, audio, video - from various sources and need to work with these datasets effectively to build out robust attacks. Let’s dive into how a SeedPromptDataset works in PyRIT to help us do just that!

The problem#

We need to be able to use multimodal datasets which include text, audio, and video while also loading from locally stored prompts and open-source repositories! Dataset needs can change quickly which we’ve see through the evolution of text-based models to now multi-modal generative AI systems. With new data types and generative AI modalities, how can we build out prompts to attack with?

The solution: Introducing a SeedPrompt#

PyRIT makes this super easy with seed prompts! By standardizing how prompts are used in PyRIT, we can easily send unique prompts by loading and/or building datasets used for probing. Let’s look at some of the attributes in a SeedPrompt which makes each prompt not only unique, but also with metadata helpful for filtering:

  • id defines a unique identifier associated with the prompt

  • value refers to either the actual text value or path to file containing the prompt (i.e. image path)

  • value_sha256 is the hash value used for recognizing duplicates

  • data_type specifies the type of prompt data (e.g. text, audio_path)

  • harm_categories is a list of harm categories associated with the prompt (e.g. violence)

We can also use a SeedPrompt as a template! By using render_template_value, we can put in parameters like {{ prompt }} to put the prompt into the template.

For more examples, updated documentation on seed prompts is here.

Loading datasets with seed prompts#

The next step to using a SeedPrompt is to organize it within a SeedPromptDataset. This structure makes it easy to fetch and load datasets whether pulling from external repositories or importing YAML files! Using the same attributes listed above, we can directly load in our datasets by providing prompts by their value, including their harm_categories and other fields in a SeedPrompt. But what if we want to use a dataset from an open source repository? Let’s load them in as a SeedPromptDataset!

Currently in PyRIT, we already have twelve datasets which are ready to be used through our fetch functions. They are in the fetch_example_datasets.py file. Since PyRIT is an open-source project, we’d love to see more datasets contributed! If you have a dataset that could improve red teaming efforts, consider submitting a PR — looking forward to adding it to the collection!

See the updated documentation here.

What else can we do with this?#

Now that we’ve loaded our dataset into PyRIT as a SeedPromptDataset the really exciting red teaming can begin. A great example of this is in our Sending a Million Prompts notebook! We can use the prompts to evaluate the target by sending all the previously loaded promtps, modifying which attacks to use, and storing the scores for further analysis.

In this blog post, we’ve walked through how we use structured datasets through our SeedPrompt and SeedPromptDataset classes. PyRIT’s architecture allows for customization at every stage - whether through converters or configuring different scorers - and seed prompts set us up to effectively probe for risks in AI systems. Send over any contributions to add more datasets, refine seed prompts, or any open issues on Github! Now that you understand a core component of PyRIT, go ahead and try it out!