v0.7.0

What's Changed

Targets:

• [BREAKING] OpenAIChatTarget has become more generalized to more broadly support OpenAI-compatible models. See the blog describing the changes here!
• If api_version is set to None when instantiating OpenAITarget objects, it will not be added as a query parameter to requests.
• Added Google Gemini example environment variables to .env_example and added integration tests for Gemini/OpenAIChatTargets

Converters:

• [New] AddImageVideoConverter: PyRIT's first video converter! it allows users to add an image to a video in at a specified position. More video converters to come!
• [New] InsertPunctuationConverter: Inserts various punctuation into a prompt to test model robustness to perturbations.

Orchestrators:

• [New] ManyShotJailbreakOrchestrator: Prepend a faux dialogue between a human and an AI assistant within a single prompt for the target.
• [New] [BREAKING] ContextComplianceOrchestrator: Update the context to prime an objective_chat_target to answer. The context is set using instructions defined in context_description_instructions_path, along with an adversarial_chat to generate the first turns to send.
• [BREAKING] RolePlayOrchestrator improvements: Refactored for greater code re-use
• FlipAttackOrchestrator improvement: Allow for additional converters applied after the flip attack

Memory:

• Multimodal Seed Prompts Encoding Metadata: Adding non-text seed prompts to the database will automatically have metadata populated, including format (png, wav, etc.) and things like bitrate and duration for audio and video seed prompts.
• SeedPrompt Duplicates: Duplicate seed prompts within the same dataset (identical dataset_name) will no longer be uploaded to memory.
• Using Configured Paths for Multimodal Seed Prompts: Multimodal SeedPrompt file paths within .yaml files no longer use relative paths that break based on where the .yaml files are accessed. Instead, configured paths (located in paths.py) are used.
• [BREAKING] Removed calls to disposing memory engines in Orchestrator and Prompt Target objects and replaces it with the atexit and weakref methods of cleanup in the Memory interface to ensure cleanup on process exit. Orchestrators and targets no longer support the context manager protocol.
• Added get_values() method to the SeedPromptDataset class to simplify prompt values extraction from datasets. Optional filtering to retrieve the first and/or last N values has also been implemented.

Scorers:

• [New] HumanInTheLoopScorerGradio: Create scores from manual human input by running the Gradio interface in a separate process and adds the scores to the database. For now, the possible scores that users can give are "safe" and "unsafe."

Datasets:

• [New] Added new fetch function for Aya Red-Teaming Dataset
• [New] Added Pliny's prompts from the l1b3rt4s repo as templates
• [New] Added the Babelscape ALERT dataset
• Added support for filtering based on harm categories for PKU-SafeRLHF and AdvBench datasets

Misc:

• Other changes include various maintenance improvements and bug fixes, addition of integration tests, website enhancements, dependency updates, and doc improvements.

Full list of changes

• FIX unblock test pipelines by skipping certain tests on Ubuntu and adding Windows additionally by @romanlutz in #727
• MAINT: Update release version to 0.6.1.dev0 by @nina-msft in #731
• MAINT: Upgrading DuckDB by @jbolor21 in #712
• [FEAT][MAINT][4019] Make multi-modal easier to configure in seedprompt files by @shivenchawla in #696
• FEAT: set favicon for the website by @paulinek13 in #717
• FEAT: simplify extracting prompt values by @paulinek13 in #718
• FEAT: add a fetch function for Aya Red-teaming Dataset by @paulinek13 in #713
• MAINT update Roakey image to have transparent background by @romanlutz in #735
• FEAT Moonshot Attack Module: Insert Punctuation Attack by @u7780339 in #475
• FEAT: include scored_prompt_id in orchestrator_identifier of the system prompt by @NicolePell in #725
• FEAT: Create many shot jailbreak orchestrator by @AdrGav941 in #709
• MAINT pre-commit hook to remove notebook header from notebooks by @jbolor21 in #737
• FEAT Add Encoding Data to Multimodal Seed Prompts by @jsong468 in #740
• FEAT added Pliny's prompts from the l1b3rt4s repo as templates by @joaodunas in #710
• FEAT Adding babelscape dataset by @Jarro01X in #738
• FIX: Upgrading Packages by @rlundeen2 in #741
• FIX: Increasing pipeline timout by @rlundeen2 in #743
• FEAT PyRIT to not upload duplicate seed-prompts by @shivenchawla in #742
• MAINT: Azure SQL Integration Test Misc. Updates by @nina-msft in #745
• FIX Small bug fixes (renaming file, editing MANIFEST) by @jsong468 in #746
• [BREAKING] FEAT: OpenAI Generalization Improvements by @rlundeen2 in #747
• FEAT: Add example_count field to ManyShotJailbreakOrchestrator by @nina-msft in #748
• DOC: Blog: A More Generalized OpenAIChatTarget by @rlundeen2 in #751
• DOC: Updating git docs by @rlundeen2 in #753
• FIX: Fixing integration tests broken with OpenAIChatTarget Update by @rlundeen2 in #755
• FEAT Video Converter: Adding Images to Videos by @jbolor21 in #702
• FIX: Adding back static js by @rlundeen2 in #761
• [BREAKING] FEAT: RolePlayOrchestrator Improvements by @rlundeen2 in #758
• [BREAKING] FIX: Dispose Memory in Memory vs Class Objects by @nina-msft in #752
• MAINT clean up dependencies by @romanlutz in #757
• FEAT Adding converter support to many shot jailbreak orchestrator by @AdrGav941 in #760
• FIX: Default API Version for TTS Target by @jbolor21 in #749
• [BREAKING] FEAT: Adding Context Compliance Orchestrator by @rlundeen2 in #763
• DOC: Add Instructions for Tagging Breaking Changes in PR Template by @nina-msft in #765
• FEAT: support filtering based on harm categories for PKU-SafeRLHF dataset by @paulinek13 in #756
• DOC Update CCA Documentation for Clarity by @eugeniavkim in #773
• DOC: Update OpenAI Environment Variable Names in Documentation by @nina-msft in #776
• FEAT: add harm categories to AdvBench Dataset by @paulinek13 in #732
• FIX: Allow api_version to be set to None when instantiating OpenAITarget objects by @LeoVrana in #764
• MAINT standardize Hugging Face token environment variable, add integration tests for Google Gemini and Open AI by @romanlutz in #778
• FEAT: Gradio HiTL Scorer by @mart123p in #722
• DOC: clarify OpenAIChatTarget usage with Ollama by @jsdlm in #777
• FIX: small edits to make integration tests pass by @jsong468 in #780
• MAINT add notice generation to component governance by @romanlutz in #781
• MAINT update NOTICE file by @romanlutz in #782

New Contributors

• @u7780339 made their first contribution in #475
• @NicolePell made their first contribution in #725
• @joaodunas made their first contribution in #710
• @Jarro01X made their first contribution in #738
• @LeoVrana made their first contribution in #764

Full Changelog: releases/v0.6.0...releases/v0.7.0

v0.6.0

What's Changed

• Cookbooks are live, and replace our How To Guide! Cookbooks try to tackle a problem and use the components that work best, instead of our typical documentation which illustrates that many pieces of PyRITs are swappable.

Cookbooks:

• Sending a Million Prompts

Targets:

• OllamaChatTarget: Implement ability to forward custom parameters directly to the HTTP client
• HuggingFaceChatTarget: Adds optional keywords device_map, torch_dtype and attn_implementation
• [New] PlaywrightTarget: Interact with web applications using Playwright. This is particularly useful for testing interactions with web interfaces like chatbots.
• [New] RealtimeTarget: Send and receive audio with the Realtime API.
• [New] GroqChatTarget: Interact with Groq's OpenAI-compatible API.

Converters:

• [New] ANSI Escape Code Converter: AnsiAttackConverter
• [New] BinaryConverter: Convert input text into binary with configurable bits per character
• PDFConverter: Updates to support templated and non-templated PDF generation & enabling text injection into existing PDFs
• [New] TextToHexConverter: Convert text to hexadecimal encoded utf-8 string
• Add easier querying for converter-supported input/output types

Orchestrators:

• RedTeamingOrchestrator & CrescendoOrchestrator now support prepended conversations. You can set a system prompt on the objective target using this feature, or provide conversation history as context to continue execution from a specific point.
• ScoringOrchestrator: Add ability to score responses using filters.
• PromptSendingOrchestrator: Set Skip Criteria to specify which prompts to skip being sent to the target with this orchestrator.
• [New] RolePlayingOrchestrator: Single-turn orchestrator which prepends some prompts which describe fictional scenarios to attempt and elicit harmful responses
• XPIAOrchestrator: Fix to BlobNotFound exception
   
  Memory:
• [BREAKING] All notebooks must explicitly initialize Central Memory through a new initialize_pyrit() function: #616. This puts ownership into the hands of the user to set where your prompts will be stored. Read more here: Memory
• Ability to add memory labels on a per-prompt level, specifically useful in Multimodal scenarios
• Conversation Scores now available when exporting Prompt Data
• Filter Data by various queries (e.g. prompt ID, orchestrator ID, labels, etc) using get_prompt_request_pieces()
• Consolidated method to Export Conversations using Filters: export_conversations()
• SeedPrompts: Support for Multimodal Seed Prompts
• [BREAKING] NormalizerRequestPieces replaced with SeedPrompts: #648

Scorers:

• Add tasks by default to scorers to improve scorer accuracy

Misc:

• Other changes include various maintenance improvements and bug fixes, addition of integration tests, new blog posts, and doc improvements.

Full list of changes

• MAINT Update release version to 0.5.3.dev0 by @rdheekonda in #592
• DOC: Multi-turn docs and blog post by @rlundeen2 in #593
• DOC: Fixing title by @rlundeen2 in #594
• MAINT: Update Memory Doc and Other Small Fixes by @jsong468 in #587
• FEAT Passing HTTP client kwargs from OllamaChatTarget by @rlundeen2 in #596
• MAINT: Refactoring Single-Turn by @rlundeen2 in #598
• DOC: Clarifying OpenAI docs by @rlundeen2 in #600
• FEAT - Adding optional kwargs to huggingface chat target by @perezbecker in #602
• FEAT: Ansi Escape Code Converter by @KutalVolkan in #597
• MAINT Update gcg_attack.py by @Tiger-Du in #606
• MAINT empty integration tests pipeline by @romanlutz in #603
• MAINT update integration-tests trigger to work with PRs by @romanlutz in #610
• FEAT: Playwright target by @AlexRRR in #583
• MAINT Add support for Local Multimodal Input Prompts When Using AzureSQLMemory by @rdheekonda in #613
• MAINT: Add Integration Test Directory + Refusal Scorer Eval Integration Test by @jsong468 in #605
• FEAT: Add Prepending Conversation Support to RedTeamingOrchestrator and CrescendoOrchestrator by @nina-msft in #578
• FIX: Adding SHA256 hashes to responses by @rlundeen2 in #615
• FEAT: binary converter by @AlexRRR in #611
• FIX: Update pyproject.toml for new versions for httpx, respx and openai by @jsong468 in #623
• FEAT Adding labels for individual prompts by @jbolor21 in #624
• FEAT Add Scores to Data Export with PromptRequestPiece data by @eugeniavkim in #617
• FEAT: Prompt Memory Consolidation and Filters by @rlundeen2 in #625
• FEAT: PDF Converter Updates by @KutalVolkan in #622
• FIX: small edits to populate_prompt_piece_scores by @jsong468 in #626
• DOC: Updating contributor docs by @rlundeen2 in #627
• FEAT Consolidate Export Conversations into one method by @eugeniavkim in #628
• FEAT: Adding tasks to scorers by @rlundeen2 in #629
• FIX: sort_request_pieces bug by @rlundeen2 in #631
• FEAT: Allowing header SeedPrompt configuration by @rlundeen2 in #630
• FEAT: Add Support for Multimodal Seed Prompts and Update Data Type Serializer by @rdheekonda in #632
• FEAT: Explicitly Initialize Central Memory + Remove Defaults by @nina-msft in #616
• FIX Refactor to join queries for entries and scores by @eugeniavkim in #635
• MAINT: Cleanup Import Naming for initialize_pyrit func by @nina-msft in #636
• FEAT: Score Responses by Filters in ScoringOrchestrator by @nina-msft in #639
• MAINT infrastructure for integration tests by @romanlutz in #612
• MAINT: Add JSON Mode for Supported Targets and Scorers by @rdheekonda in #640
• DOC: Zero Day Quest blog post by @rlundeen2 in #643
• MAINT: Add Import Sorting (isort) Pre-Commit Hook by @nina-msft in #644
• FIX: Rerun Output for Audio Converter Notebook by @nina-msft in #645
• MAINT: Add Import Sorting for Docs and Jupyter Notebooks (isort/nbqa-isort) by @nina-msft in #646
• TEST: Converter Notebook Integration Tests by @nina-msft in #647
• FEAT: Replacing NormalizerRequestPieces with SeedPrompts by @rlundeen2 in #648
• MAINT: Remove Azure SQL Example from Audio Converters Notebook by @nina-msft in #649
• FIX: adding hashes to retrieved PromptRequestPiece by @rlundeen2 in #652
• DOC: Clarifying PromptTargets from PromptChatTargets by @rlundeen2 in #658
• DOC update pyrit.common API reference by @paulinek13 in #657
• FEAT - Realtime Target by @jbolor21 in #638
• MAINT: Updating get_seed_prompt_groups to include individual seed_prompts by @rlundeen2 in #651
• DOC: Deleting extra doc by @rlundeen2 in #663
• FIX: Fixing circular import by @rlundeen2 in #665
• DOC Cleaning up Datasets and adding documentation for datasets and seed prompts by @eugeniavkim in #660
• DOC Adding NCC HTTPTarget Blog post by @jbolor21 in #664
• TEST Integration Tests for Target Notebooks by @jbolor21 in #667
• FEAT: Enhance PDFConverter to support text injection into existing PDFs by @KutalVolkan in #641
• FIX Target Integration test rename by @jbolor21 in #675
• FEAT: Adding Skip Criteria and Sending Prompts Cookbook by @rlundeen2 in #668
• FIX: http target bug by @ayeganov in #674
• FEAT add value hash columns and calc hash when committing seed prompt to memory by @jorisdg in #659
• TEST: Integration Tests for Python Notebooks (Auxiliary Attacks, Datasets, Memory) by @nina-msft in #670
• FIX: PDF Converter and Cookbook integration test by @rlundeen2 in #680
• FEAT: adding hex code converter (#666) by @millashin in #681
• FIX: Converter PDF Integration Build Pipeline by @rlundeen2 in #683
• TEST In...

v0.5.2

What's Changed

• Pinned the httpx version to 0.27.2 and refactored the codebase to ensure compatibility.
• Fixed AzureSQLMemory authentication issues by adding token refresh, pool recycling, and pre-ping mechanisms.
• Redesigned PAIR attack technique to function as a specialized instance of TAP orchestrator, streamlining architecture.
• Added support for local Hugging Face model checkpoints.

Full list of changes

• [DOC] Updating README by @rlundeen2 in #579
• Fix Azure SQL Authentication Errors: Add Token Refresh, Pool Recycling, and Pre-Ping by @rdheekonda in #576
• FEAT: add support for local model checkpoints and trust_remote_code in HuggingFaceChatTarget by @KutalVolkan in #574
• FEAT: Refactor PAIR to be a special instance of TAP by @rlundeen2 in #580
• FIX: httpx proxy arg fix, pinned httpx version by @jsong468 in #589
• FIX: Not raising exceptions on None responses by @rlundeen2 in #590
• Fix Test Prompt Response Error Values by @rdheekonda in #591

Full Changelog: v0.5.0...v0.5.2

v0.5.0

What's Changed

• PyRIT now has a website

• We've been working on standardizing orchestrators in terms of naming and functionality:

  • The endpoint (of type PromptTarget) that PyRIT attacks will be referred to as objective_target.
  • The endpoint (of type PromptChatTarget) that helps us craft attacks will be referred to as adversarial_chat.
  • Beyond that, we've settled on a common interface for multi-turn orchestrators with a shared result object.
  • Instead of an attack_strategy arg we require a file path called adversarial_chat_system_prompt_path to make the connection to the adversarial_chat target clearer. Some orchestrators have a default for this, of course.
  • The initial prompt to the adversarial_chat is now called adversarial_chat_seed_prompt to also help with clarity and connection to adversarial_chat
  • Sometimes we use multiple scorers. For that reason, objective_scorer will be the scorer that decides if the objective has been achieved. Other scorers have similarly specific names, e.g., on_topic_scorer in the CrescendoOrchestrator
  • The new standard name for all orchestrators to execute an attack is run_attack_async.

  The standardization is not fully completed yet but will continue in future releases. So far, CrescendoOrchestrator, TreeOfAttacksWithPruningOrchestrator, and RedTeamingOrchestrator have been adjusted.

• Support for a centralized database using Azure SQL as an optional alternative to a local DuckDB database.

• Introduced (multi-modal) SeedPrompts and SeedPromptDatasets as a starting point for red teaming ops with integration to our databases.

• New orchestrators and auxiliary attacks:

  • FuzzerOrchestrator with 5 template converters
  • GCG support via Azure ML pipelines to optimize adversarial suffixes
  • FlipAttackOrchestrator

• New targets:

  • HuggingFaceChatTarget
  • HTTPTarget
  • Open AI and Azure Open AI targets were refactored to simplify the logic. They now share a common interface OpenAITarget and you can decide between Azure vs. Open AI using is_azure_target=True or False.

• New datasets:

  • HarmBench
  • PKU-SafeRLHF
  • wmdp-bio, wmdp-chem, and wmdp-cyber (now fetchable from the original data source)
  • AdvBench
  • Decoding Trust Stereotypes
  • LLM-LAT/harmful-dataset
  • tdc23 red teaming dataset
  • TrustAIRLab/forbidden_question_set
  • LibrAI 'Do Not Answer' Dataset

• New converters:

  • QRCodeConverter
  • AzureSpeechAudioToTextConverter
  • URLConverter
  • HumanInTheLoopConverter
  • ColloquialWordswapConverter
  • UnicodeConfusableConverter (updated with new functionality)
  • CharSwapGenerator
  • MaliciousQuestionGeneratorConverter
  • AsciiSmugglerConverter
  • MathPromptConverter
  • AudioFrequencyConverter
  • ZeroWidthConverter
  • DiacriticConverter

• New scorers:

  • SelfAskRefusalScorer
  • HumanInTheLoopScorer
  • InsecureCodeScorer

• We generally use a .env file to configure details of endpoints that PyRIT needs to execute. A new .env.local override file allow for further customization.

• Finally, PyRIT now comes with several extras that you can install using pip install pyrit[<extra>]

  • dev includes developer dependencies that you shouldn't need unless you plan on contributing to the project.
  • torch includes just pytorch which is needed for some targets (e.g. Hugging Face) or auxiliary attacks (e.g., GCG) but not core functionality. This allows you to choose whether you want to install it.
  • gcg includes extra dependencies that are only needed for running GCG. Since this requires dedicated compute (ideally with GPU) you can choose whether it is required for you.
  • all includes all of the above.

Full list of changes

• MAINT Update release version to 0.4.1.dev0 by @rdheekonda in #342
• [FEAT] QRCodeConverter by @jsong468 in #339
• [MAINT] Delete output_filename arg in image/text and text/image converters by @jsong468 in #344
• MAINT Update Release Instructions by @rdheekonda in #345
• FEAT: Add Likert scoring definition and prompt templates for persuasion and deception by @saphirqi7 in #307
• [FEAT] Add "task" to the scoring memory entry by @jsong468 in #349
• FEAT: Add fetch function for datasets from HarmBench #270 by @KutalVolkan in #341
• FEAT Add SQL Entra Auth for Azure SQL Server by @elgertam in #330
• [MAINT] Fix typos in OllamaChatTarget by @riedgar-ms in #357
• [FEAT] Azure Speech Audio to Text Converter by @jsong468 in #352
• FEAT: Add Rate Limit (RPM) Threshold Parameter to Prompt Targets by @nina-msft in #331
• FIX: correct type of the top_p argument in various PromptTarget classes by @s-zanella in #366
• FEAT Add ability to fetch PKU-SafeRLHF Data by @enrajka in #374
• FEAT: Refusal Scorer by @rlundeen2 in #371
• FEAT Add ability to fetch wmdp-bio, wmdp-chem, and wmdp-cyber datasets by @mshirsekar1 in #380
• TEST skip failing auth test after the new azure.identity version was released by @romanlutz in #387
• FEAT Added AdvBench dataset by @enrajka in #383
• FEAT: Fuzzer orchestrator by @gseetha04 in #360
• FIX Crescendo Bug and Improve Scorer Metaprompt Handling by @rdheekonda in #389
• FEAT: Add Centralized DB Support Using Azure by @rdheekonda in #379
• FIX: Updating memory and fixing bugs by @rlundeen2 in #394
• FEAT: Handling duplicate memory for PromptRequestPiece/Score entries by @jsong468 in #369
• [FEAT] Decoding Trust Stereotypes Dataset by @jsong468 in #385
• FEAT Centralized DB Support for Azure Speech Converters by @rdheekonda in #402
• FEAT add additional template converters for fuzzer orchestrator (crossover, similar, rephrase) by @roeybc in #378
• DOC: Update Custom Targets Demo Docs by @nina-msft in #404
• FEAT New URL Converter by @jbolor21 in #399
• [FEAT] HumanInTheLoop Converter by @jsong468 in #401
• DOC: Updating RTO example to use gpt4o for scoring by @rlundeen2 in #408
• MAINT: Crescendo and Score Refactor by @rlundeen2 in #405
• FEAT: Colloquial Wordswap Attack by @eugeniavkim in #406
• FEAT emoji jailbreak by @romanlutz in #314
• MAINT: Add Refusal docs and Filter logic by @rlundeen2 in #431
• DOC: Moving rate limiting to target by @rlundeen2 in #433
• FEAT: optimized huggingface model support by @KutalVolkan in #354
• DOC Enhance Azure SQL Database Setup and Permissions Documentation by @rdheekonda in #434
• FIX Azure SQL DB Permissions by @rdheekonda in #440
• FIX: Handle JSON markdown format exceptions by @meisman-ms in #435
• FEAT: Add ability to send prepend to the conversation in PromptSendingOrchestrator by @rlundeen2 in #441
• FEAT: Homoglyph Attack by @KutalVolkan in #407
• FEAT: Charswap Attack by @KutalVolkan in #403
• Add Python option for generate docs scripts by @sf-msft in #375
• FEAT: Violent Durian Attack Strategy by @KutalVolkan in #398
• FEAT GCG algorithm and AML pipeline by @blakebullwinkel in #381
• MAINT: Adding original values as score metadata for Azure Safety and Likert Scorers by @rlundeen2 in #445
• [DOC] Note on notebooks by @riedgar-ms in #460
• FIX: Fixing pre-commit check_links by @rlundeen2 in #462
• FEAT: Adding Flip Attack by @rlundeen2 in #456
• [FIX] Allow AAD Auth for AzureContentFilterScorer by @riedgar-ms in #455
• FEAT: Adding New Generic HTTP Target by @jbolor21 in #446
• MAINT: Rounds in CrescendoOrchestrator are now "Turns" by @jsong468 in #470
• DOC Add doc changes for database setup by @eugeniavkim in #476
• FEAT: OpenAI Target Refactor by @rlundeen2 in #466
• DOC: Edit Image Text Converter Docs by @jbolor21 in #477
• FEAT: Malicious Question Generator by @KutalVolkan in #397
• FIX: Changed AzureSpeechTextToAudioConverter input_type to text and added converter input_supported tests by @jsong468 in #472
• FEAT added ascii smuggler converter by @gio-msft in #479
• DOC Fix Invalid MD File Referenced in Deploy HF Model to Azure ML Module by @rdheekonda in https://...

v0.4.0

What's Changed

1. New Advanced Attack Techniques: Expanded orchestrators with advanced attack techniques, including PAIR, tree of attacks, and crescendo strategies.
2. New Targets: Crucible target, Prompt Shield Target, Azure OpenAI GPT-4o target
3. New Converters: Added Tense, Emoji, image to text, and Character Space converters.
4. New Scorers: Scale Scorer, Prompt Shield, and True/False Inverter Scorer
5. Automatic Scoring & Memory Labels: Introduced automatic scoring in the PromptSendingOrchestrator. Added support for scoring with user-provided memory labels.
6. Delegation SAS Authentication: Supported delegation SAS authentication for secure interactions with Azure Blob Storage targets.
7. Improved Resiliency: Enhanced the resiliency of targets, converters, and orchestrators with robust error handling mechanisms.
8. Bug Fixes & Performance: Various bug fixes, added support for Python 3.12, speedup unit tests
9. Fetch functionality: Introduced functionality to fetch adversarial datasets, such as SecLists, XStest etc.,
10. Updated Demo Codes: Replaced demo code examples with the GPT-4o target.

Full List of Changes

• FIX: Fixing policheck bug by @rlundeen2 in #261
• release v0.3.0 by @jbolor21 in #265
• DOC: Adding Guidance on Incorporating Research by @rlundeen2 in #268
• FEAT: Adding Tense Converter by @rlundeen2 in #273
• [FEAT] Add Scoring to PromptSendingOrchestrator by @nina-msft in #262
• FIX Fixed mypy Type Failures by @elgertam in #269
• FEAT: Adding Crucible Target by @rlundeen2 in #277
• FIX ValueError with Azure TTS Target in Single Turn Conversation Using PromptSendingOrchestrator by @nina-msft in #278
• FEAT: Converter Tokens by @rlundeen2 in #279
• [FIX] Add flake8-copyright check to pre-commit hooks by @nina-msft in #281
• FIX Exclude Morse Converter from Flake8 Precommit by @nina-msft in #284
• [DRAFT] [FIX] Replace Orchestrator ID with UUID by @nina-msft in #285
• DOC update citation for past tense paper by @romanlutz in #288
• FEAT Add scale scorer by @romanlutz in #274
• FEAT Add Delegation SAS-Based Auth, Update Storage Plugins, and Async Blob Download by @rdheekonda in #286
• FEAT add (back) Gandalf scorer by @romanlutz in #287
• MAINT clean up copyright by @romanlutz in #297
• FEAT: Add Error Handling to AML Chat Target by @nina-msft in #299
• FIX: bug with multi-modal image responses by @rlundeen2 in #301
• MAINT: Improving some LLM Converters by @rlundeen2 in #300
• [FIX][Issue #302] update language version enforcement to fix black-pre-commit installation incompatibility by @shivenchawla in #303
• FEAT return ID in conversation duplication code by @romanlutz in #296
• [FEAT] Implement PAIR by @dlmgary in #255
• FEAT add float scale threshold scorer by @romanlutz in #294
• FEAT: Add GPT4-o chat target by @shivenchawla in #293
• FEAT: Adding Emoji Converter by @rlundeen2 in #306
• DOC: Doc Reorg by @rlundeen2 in #304
• MAINT: Removing asyncio sleep by @rlundeen2 in #309
• MAINT add support for Python 3.12 and fix tests that started breaking by @romanlutz in #305
• FEAT Add print_conversation method to prompt sending orchestrator by @romanlutz in #312
• FEAT Add many-shot jailbreaking feature implementation by @KutalVolkan in #254
• FEAT: Add tree of attacks with pruning by @salmazainana in #210
• FEAT Add Space Converter by @rdheekonda in #316
• FEAT Add Flexible Memory Labels and Scoring to Orchestrators by @rdheekonda in #315
• FEAT: Crescendo Orchestrator by @SafwanA02 in #275
• Feat: Adding multi-turn promptSendingOrchestrator by @rlundeen2 in #317
• DOC Fix README.md link by @romanlutz in #319
• MAINT: Fixing data serializer ability to properly raise errors by @rlundeen2 in #318
• FEAT: Add fetch function for SecLists AI LLM Bias Testing datasets (#267) by @KutalVolkan in #280
• FEAT: Adding true_false inverter scorer by @rlundeen2 in #321
• FIX: fixing check links by @rlundeen2 in #323
• FEAT: Add Exception Handling to Azure TTS Target by @nina-msft in #322
• DOC - replacing gpt4 with gpt4o in example notebooks by @jsong468 in #313
• [MAINT] Changing Examples from stop signs by @jbolor21 in #325
• FEAT Prompt Shield by @ValbuenaVC in #271
• FEAT: add xstest dataset by @KutalVolkan in #320
• [FEAT] Created add_image_text_converter and unit tests by @jsong468 in #328
• DOC: Adding Notebook to document re-sending previous prompts by @rlundeen2 in #332
• MAINT: speeding up crescendo tests by @rlundeen2 in #333
• FIX Move pillow from dev to core dependency by @rdheekonda in #334
• FIX add sample image classifier file by @jbolor21 in #336
• FEAT: Add deterministic flag and custom substitutions to LeetspeakConverter by @KutalVolkan in #329
• MAINT Remove Duplicate Module by @rdheekonda in #337
• MAINT Restructure pyrit.models module and prune by @romanlutz in #338
• [MAINT] Speeding up unit tests by @jbolor21 in #335
• FIX Crescendo backtrack with same orchestrator ID and handling responses with markdown syntax by @romanlutz in #340

New Contributors

• @shivenchawla made their first contribution in #303
• @KutalVolkan made their first contribution in #254
• @salmazainana made their first contribution in #210
• @jsong468 made their first contribution in #313
• @ValbuenaVC made their first contribution in #271

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

• New and improved scorers! Many new scorers have been added, and scorers can now be swapped out and made generic.
• Many new attack techniques and variations have been introduced. These include skeleton key, most of GPTFuzz, adding text to images, repeated token attack, cipherchat, shorten/expand, tone, CodeChameleon, and more. A total of 13 new converters have been added!
• Framework improvements:
  • Ability to duplicate conversations for reuse (this makes implementation easier for attacks like PAIR/TAP/crescendo).
  • Converters can be added to LLM responses.
  • All framework calls are now async and parallelizable.
  • Error handling and intelligent automatic retries in targets (e.g., for network errors) and converters/scorers (e.g., for JSON deserialization).

Full list of Changes

• FEAT: Refactoring and Standardizing Scores and Scorers by @rlundeen2 in #190
• FIX: Making RESULTS_PATH be simple in pip packages by @rlundeen2 in #191
• FIX: Minor Self-Ask Scorer Improvements by @rlundeen2 in #194
• FEAT: Adding Scores to the Database by @rlundeen2 in #195
• MAINT use context manager in XPIA notebook by @romanlutz in #198
• FEAT: Update score_async to add score to database by @rlundeen2 in #200
• FEAT support duplicating memory when cloning orchestrators by @romanlutz in #177
• MAINT: Likert Scoring Tweaks to Reduce False Positives by @rlundeen2 in #201
• FEAT add CSV support by @romanlutz in #197
• FEAT: Adding Human in the Loop Scorer by @rlundeen2 in #202
• FEAT: Azure content filter scorer by @cseifert1 in #206
• FEAT Adding Image Converter: add text on image by @jbolor21 in #205
• FEAT: Score Prompts Orchestrator by @rlundeen2 in #208
• MAINT: Deprecated send_prompt methods by @mart123p in #204
• FEAT Add image generation example with red teaming orchestrator and unify existing orchestrator definitions by @romanlutz in #189
• FEAT: self ask conversation objective and verifier scorer for crescendo by @cseifert1 in #209
• FEAT: Centralize Exception Handling and Implement in GPTv Target by @rdheekonda in #207
• MAINT Making Prompt Converters Async by @jbolor21 in #211
• Update .env_example Typo "Azure Open AI"→"Azure OpenAI" by @hyoshioka0128 in #214
• MAINT: Small scoring updates by @rlundeen2 in #215
• MAINT: Adding pretty print functionality and small RTO updates by @rlundeen2 in #217
• DOC: Re-organizing documentation by @rlundeen2 in #219
• FEAT: Add Suffix Converter by @NaijingGuo in #212
• MAINT: Updating GPT-V to use new exception guide by @rlundeen2 in #220
• FEAT: Add nesting and prepend/append jailbreaks from papers by @jl8771 in #216
• MAINT Adding Error Handling to OpenAIChatInterface by @jbolor21 in #218
• MAINT Add Exception Handling to DALLE Target by @rdheekonda in #221
• FEAT: Add repeated token attack converter by @jl8771 in #224
• MAINT Resolve Install Issues and Add Multiline Text Wrapping in AddTextImageConverter by @rdheekonda in #230
• MAINT: PromptRequestPiece SHA setting update by @rlundeen2 in #231
• FEAT: Implements Crescendo-style attack based on system prompt. by @dlmgary in #237
• MAINT add notebook version disclaimer by @romanlutz in #234
• FEAT: Adding Converters to Output by @rlundeen2 in #236
• DOC: Reorganizing MemoryDocs by @rlundeen2 in #239
• Added complex code jailbreak template by @petebryan in #238
• FEAT: Add prompt converters for atbash, caesar, morse and cipherchat from paper by @jl8771 in #223
• MAINT add test instructions to release guide by @romanlutz in #232
• FIX: Fixing doc links by @rlundeen2 in #245
• FEAT: Adding Master Key Jailbreak by @SafwanA02 in #248
• MAINT Adding Error Handling Code for converters by @jbolor21 in #247
• FIX: Fixing score conversation history by @rlundeen2 in #251
• FEAT: Add shorten/expand converters by @jl8771 in #246
• FEAT: Add CodeChameleon converter by @jl8771 in #240
• FEAT: Adding Noise and Tone Converters by @rlundeen2 in #252
• FEAT: Add persuasion converter with 5 persuasion techniques by @jl8771 in #253
• FEAT Implementation of SQL Server connectivity by @elgertam in #227
• MAINT Error Handling for Scorers by @jbolor21 in #256
• FIX: Skeleton Key Orchestrator by @SafwanA02 in #260
• MAINT upgrading AOAI version by @jbolor21 in #264

New Contributors

• @mart123p made their first contribution in #204
• @hyoshioka0128 made their first contribution in #214
• @jl8771 made their first contribution in #216
• @SafwanA02 made their first contribution in #248
• @elgertam made their first contribution in #227

Full Changelog: v0.2.1...v0.3.0

v0.2.1

What's Changed

• added user authentication support for AOAI Chat Targets
• request validation in targets
• support for exporting conversations from the memory

Full list of changes

• Updating Release to 0.2.1.dev0 by @rlundeen2 in #181
• FEAT Add User AuthN Support to AOAI Chat Targets by @nina-msft in #182
• MAINT Add Request Validation for All Prompt Targets by @rdheekonda in #184
• FEAT Export Conversation by Orchestrator ID by @nina-msft in #183

Full Changelog: v0.2.0...v0.2.1

v0.2.0

What's Changed

• Multi-modal support: You can now input/output various multi-modal targets.
• XPIA support: Enabling easier second order prompt injection attacks.
• A more robust local (duckDB) database: Allowing querying and inserting previous conversations.

Full list of Changes

• Added a ChatMessageNormalizer that formats messages in the template specified by a Hugging Face tokenizer by @blakebullwinkel in #128
• PromptMemoryEntry Table Added for more Extensible Target Logic by @rlundeen2 in #125
• Added prompt softener prompt converter by @cseifert1 in #132
• Dataset Organization and Adding Public Jailbreaks by @rlundeen2 in #131
• Adding Image Target by @jbolor21 in #118
• Adding more authentication methods, add capital letters converter by @pgrek001 in #139
• Add cross-domain prompt injection orchestrator by @romanlutz in #127
• Added support to target an Ollama endpoint as a prompt chat target by @uskr in #141
• Normalizer multi modal/flexible support refactor by @rlundeen2 in #143
• Adding Identifiers to Memory by @rlundeen2 in #145
• Adding Data Type Normalizer Helpers by @rlundeen2 in #147
• Updating run_jupytext to cache notebooks that previously passed by @rlundeen2 in #148
• Gandalf through level7 by @jorisdg in #152
• Adding Multi-Modal Output Support to Converters by @rlundeen2 in #155
• Adding TTS Target by @rlundeen2 in #161
• Updating Gandalf Target to be more clear by @rlundeen2 in #153
• Support python 3.11 by @romanlutz in #168
• New Converters: Replace Whitespace and Leetspeak by @jbolor21 in #162
• Refactored SelfAskGptClassifier into SelfAskScore class and added Likert scale scoring by @blakebullwinkel in #154
• Fix mypy issues, convert Azure completion class to target, fix AOAI and OAI tests, remove clip embedding class by @romanlutz in #172
• Converter for prompt text to audio by @pgrek001 in #149
• Updating PromptSendingOrchestrator to handle multi-modal by @rlundeen2 in #174
• Generalize XPIA orchestrator by @romanlutz in #163
• Add Several Content Classifiers by @nina-msft in #175
• Add AzureOpenAIGPTVChatTarget to Support MultiModal by @rdheekonda in #160
• Refactoring Dalle Target to support database by @jbolor21 in #156

New Contributors

• @blakebullwinkel made their first contribution in #128
• @cseifert1 made their first contribution in #132
• @libera826 made their first contribution in #133
• @NaijingGuo made their first contribution in #140
• @uskr made their first contribution in #141
• @jorisdg made their first contribution in #144

Full Changelog: v0.1.2...v0.2.0

v0.1.2

What's Changed

Big changes this release include solidifying the orchestrator, converter, target model for attacks, and migrating the local memory storage from a JSON file to a DuckDB instance.

The first two demos have been updated with the new architecture, and two new demos have been added; send all prompts and using prompt converters

Full List of Changes

• FEAT: Adding StringJoinConverter by @rlundeen2 in #70
• DOC: Add release instructions by @romanlutz in #57
• FEAT: Chain Prompt Converters in Normalizer by @rlundeen2 in #73
• FEAT: Adding Support for 1:N PromptConverters by @rlundeen2 in #75
• FEAT: Adding NoOpTarget by @rlundeen2 in #79
• FEAT: Added converter for ascii art by @petebryan in #81
• FEAT: Add rot13 by @pgrek001 in #80
• FEAT: Adding Batch/Async Processing to PromptTargets by @rlundeen2 in #91
• FEAT: add support for chat messages dataset by @dlmgary in #90
• DOC: Release guidelines and PR template update by @romanlutz in #92
• DOC: Adding Docs for ChatMessageNormalizer by @rlundeen2 in #93
• FEAT: Prompt Variation Converter by @jbolor21 in #86
• DOC: Adding Converter Docs and Demos by @rlundeen2 in #100
• MAINT: Add red teaming orchestrators to replace RedTeamingBot by @romanlutz in #84
• FEAT: Making prompt_nop_target into a stream target by @rlundeen2 in #99
• MAINT: Adding orchestrator abstract base class by @rlundeen2 in #102
• FIX: simplify flow in red teaming orchestrator code by @romanlutz in #105
• DOC: use google style docstrings by @romanlutz in #104
• DOC: add short guide on how to handle stale PRs & introduce standardized prefixes by @romanlutz in #101
• FEAT: Language Translation Converter by @rlundeen2 in #106
• FEAT: Add scalable and efficient memory by @rdheekonda in #97
• FEAT: add support for question answering benchmark by @dlmgary in #94
• FEAT: New prompt target: AzureBlobStorageTarget by @nina-msft in #95
• FEAT: Add UTR39 confusability converter by @yonatanzunger in #115
• MAINT: Refactoring AzureOpenAIChat to only be a promptTarget by @rlundeen2 in #114
• FEAT: Add support to OpenAI API to use official or custom endpoints by @friyin in #65
• FEAT: Migrating Azure ML to PromptTarget by @rlundeen2 in #113
• Various bug fixes and smaller documentation updates by the AI Red Team

New Contributors

• @eltociear made their first contribution in #67
• @petebryan made their first contribution in #81
• @pgrek001 made their first contribution in #80
• @yonatanzunger made their first contribution in #115
• @friyin made their first contribution in #65

Full Changelog: v0.1.1...v0.1.2

v0.1.1

What's Changed

The previous release 0.1.0 did not include the datasets used in the example notebooks. Version 0.1.1 addresses this.

Full list of changes

• Cleanup notebook outputs by @rdheekonda in #56
• Fixing bug with pypi package directory by @rlundeen2 in #60
• Add Details to Contributor Guide About Forking/PRs by @nina-msft in #59
• Fix hyperlinks and updated package version by @rdheekonda in #58
• add datasets folder to wheel by @romanlutz (#61)

Full Changelog: https://github.com/Azure/PyRIT/commits/v0.1.1