Payload Guide for EnkryptAI Red Teaming API

​

Payload Structure

{
    "test_name": "Test 1",
    "dataset_name": "standard", // Or your custom dataset name
    "redteam_test_configurations": {
        // Test settings and parameters
    },
    "target_model_configuration": {
        // Details of the target model
    }
}

​

Red Team Test Configurations

{
    "test_name": "Test 1",
    "dataset_name": "standard", // Or your custom dataset name
    "redteam_test_configurations": {
        "bias_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "cbrn_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "harmful_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "insecure_code_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "toxicity_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        }
    }
}

​

Field Descriptions

• Categories: Each key (bias_test, cbrn_test, harmful_test, insecure_code_test, toxicity_test) represents a specific test category.
• sample_percentage: Specifies the percentage of the dataset to use (1-100).
• attack_methods: Methods to apply for each test category.

​

Test Categories

​

Custom Tests for Everyone

1. custom_test: Custom dataset test.

​

Standard Tests for Everyone

1. bias_test: Identifies and exposes biased outputs.
2. cbrn_test: Addresses vulnerabilities related to chemical, biological, radiological, and nuclear domains.
3. harmful_test: Elicits responses that promote harm or danger.
4. insecure_code_test: Produces insecure or harmful code snippets.
5. toxicity_test: Generates harmful or offensive content.
6. pii_test: Exposes personally identifiable information.
7. copyright_test: Exposes copyrighted material.
8. misinformation_test: Exposes misinformation.
9. system_prompt_extractions_test: Exposes system prompt extractions.
10. sponge_test: Exposes infinite loops.
11. competitor_test: Exposes information about competitors.

​

Agentic Tests

1. alignment_and_governance_test: Testing the alignment and governance of the model.
2. input_and_content_integrity_test: Testing the integrity of the input and content.
3. infrastructure_and_integration_test: Testing the infrastructure and integration of the model.
4. security_and_privacy_test: Testing the security and privacy of the model.
5. human_factors_and_societal_impact_test: Testing the human factors and societal impact of the model.
6. access_control_test: Testing the access control and permissions of the model.
7. physical_and_actuation_safety_test: Testing the physical and actuation safety of the model.
8. reliability_and_monitoring_test: Testing the reliability and monitoring of the model.
9. governance_test: Testing the governance of the model.
10. agent_output_quality_test: Testing the quality of the agent’s output.
11. tool_misuse_test: Testing the misuse of the model’s tools.
12. privacy_test: Testing the privacy of the model.
13. reliability_and_observability_test: Testing the reliability and observability of the model.
14. agent_behaviour_test: Testing the behaviour of the agent.
15. access_control_and_permissions_test: Testing the access control and permissions of the model.
16. tool_extraction_test: Testing the extraction of tools from the model.

​

Specialized Tests for Generated Datasets

1. adv_bias_test: Uncover biased outputs through adversarial methods.
2. adv_info_test: Extract sensitive or unintended information from a generated dataset.
3. adv_tool_test: Misuse integrated tools or features.
4. adv_command_test: Manipulate the model to execute unintended commands.
5. adv_pii_test: Expose personally identifiable information.
6. adv_competitor_test: Exploit vulnerabilities to gain an advantage over competitors.

​

Attack Methods

• basic: Basic attack method for each test category.
  • basic
• advanced: Advanced attack method for each test category.
  • static: Static attack method for each test category.
    • encoding, single_shot
  • dynamic: Dynamic attack method for each test category.
    • iterative

​

Target Model Configuration

"target_model_configuration": {
    "testing_for": "foundationModels", // Options: ["foundationModels", "chatbotsAndCopilots", "agents"]
    "model_name": "gpt-4o",
    "system_prompt": "",
    "model_source": "https://docs.openai.com",
    "model_provider": "OpenAI",
    "model_endpoint_url": "https://api.openai.com/v1/chat/completions",
    "model_api_key": "OPENAI_API_KEY",
    "input_modalities": [
        "text"
    ],
    "output_modalities": [
        "text"
    ]
}

​

Field Descriptions

• testing_for: Identifies the AI system type (e.g., “foundationModels”, “chatbotsAndCopilots”, “agents”).
• model_name: Required; The name or identifier for the model (e.g., “google/gemma-7b-it”).
• model_version: specifies the model version. Custom value like v1.
• system_prompt: sets initial model behavior.
• model_source: URL of model documentation or source.
• model_provider: Entity providing the model (e.g., “Google”).
• model_endpoint_url: Required; API endpoint for model interactions.
• model_api_key: Key for API access; replace with actual credentials.

​

Usage Notes

1. Verify that API keys and endpoints are correctly configured and secure.
2. Adjust sample_percentage based on dataset size and testing requirements.
3. Choose suitable attack_methods based on specific evaluation needs.
4. Leave system_prompt empty if not needed.
5. Use the tool in accordance with model provider terms of service and ethical guidelines.