Skip to content

[DRAFT] BREAKING FEAT XPIA example with website #1005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

romanlutz
Copy link
Contributor

@romanlutz romanlutz commented Jul 16, 2025

Description

This PR modifies the Azure blob storage XPIA example to leverage the website capabilities of Azure blob storage. By putting html files into the $web container they can be made publicly accessible. The processing target uses the OpenAI SDK with function tool call to retrieve that website including the XPIA and processes it. The model doesn't actually fall for it, so perhaps we need to find an older open source model (and without defenses) to illustrate this.

One of the best parts of this PR is that it completely gets rid of our semantic-kernel dependency in the dev extra. We currently use the OpenAI SDK for the responses API tool call, but once we support that with the responses target we can even simplify that part.

As part of this, I restructured the XPIA Orchestrators slightly to be more in line with other orchestrators which will also make them more amenable to refactoring into the attacks structure (if we want to do that in the near term).

TBD:

  • rerun other half of the XPIA notebook
  • rerun with AZURE_SQL as memory (tested with DUCK_DB)
  • update notebook text to reflect change from storage account retrieval to website query.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant