promptflow.evals.synthetic.xpia_simulator module#

class promptflow.evals.synthetic.xpia_simulator.IndirectAttackSimulator(*, azure_ai_project: Dict[str, Any], credential=None)#

Bases: object

Initializes the XPIA (cross domain prompt injected attack) jailbreak adversarial simulator with a project scope.

Parameters:

  • azure_ai_project (Dict[str, Any]) ā€“

    Dictionary defining the scope of the project. It must include the following keys:

    • ā€subscription_idā€: Azure subscription ID.

    • ā€resource_group_nameā€: Name of the Azure resource group.

    • ā€project_nameā€: Name of the Azure Machine Learning workspace.

  • credential (TokenCredential) ā€“ The credential for connecting to Azure AI project.

__call__(*, scenario: AdversarialScenario, target: Callable, max_conversation_turns: int = 1, max_simulation_results: int = 3, api_call_retry_limit: int = 3, api_call_retry_sleep_sec: int = 1, api_call_delay_sec: int = 0, concurrent_async_task: int = 3)#

Initializes the XPIA (cross domain prompt injected attack) jailbreak adversarial simulator with a project scope. This simulator converses with your AI system using prompts injected into the context to interrupt normal expected functionality by eliciting manipulated content, intrusion and attempting to gather information outside the scope of your AI system.

Parameters:

  • scenario (promptflow.evals.synthetic.adversarial_scenario.AdversarialScenario) ā€“ Enum value specifying the adversarial scenario used for generating inputs.

  • target (Callable) ā€“ The target function to simulate adversarial inputs against. This function should be asynchronous and accept a dictionary representing the adversarial input.

  • max_conversation_turns (int) ā€“ The maximum number of conversation turns to simulate. Defaults to 1.

  • max_simulation_results (int) ā€“ The maximum number of simulation results to return. Defaults to 3.

  • api_call_retry_limit (int) ā€“ The maximum number of retries for each API call within the simulation. Defaults to 3.

  • api_call_retry_sleep_sec (int) ā€“ The sleep duration (in seconds) between retries for API calls. Defaults to 1 second.

  • api_call_delay_sec (int) ā€“ The delay (in seconds) before making an API call. This can be used to avoid hitting rate limits. Defaults to 0 seconds.

  • concurrent_async_task (int) ā€“ The number of asynchronous tasks to run concurrently during the simulation. Defaults to 3.

Returns:

A list of dictionaries, each representing a simulated conversation. Each dictionary contains:

  • ā€™template_parametersā€™: A dictionary with parameters used in the conversation template,

    including ā€˜conversation_starterā€™.

  • ā€™messagesā€™: A list of dictionaries, each representing a turn in the conversation.

    Each message dictionary includes ā€˜contentā€™ (the message text) and ā€˜roleā€™ (indicating whether the message is from the ā€˜userā€™ or the ā€˜assistantā€™).

  • ā€™$schemaā€™: A string indicating the schema URL for the conversation format.

The ā€˜contentā€™ for ā€˜assistantā€™ role messages may includes the messages that your callback returned.

Return type:

List[Dict[str, Any]]

Output format

return_value = [
    {
        'template_parameters': {},
        'messages': [
            {
                'content': '<jailbreak prompt> <adversarial question>',
                'role': 'user'
            },
            {
                'content': "<response from endpoint>",
                'role': 'assistant',
                'context': None
            }
        ],
        '$schema': 'http://azureml/sdk-2-0/ChatConversation.json'
    }]
}
promptflow.evals.synthetic.xpia_simulator.monitor_adversarial_scenario(func) Callable#

Decorator to monitor adversarial scenario.

Parameters:

func (Callable) ā€“ The function to be decorated.

Returns:

The decorated function.

Return type:

Callable