The payload for EnkryptAI’s Red Teaming API is structured as a JSON object with two primary sections: redteam_test_configurations and target_model_configuration.

Payload Structure

JSON
{
    "test_name": "Test 1",
    "dataset_name": "standard", // Or your custom dataset name
    "redteam_test_configurations": {
        // Test settings and parameters
    },
    "target_model_configuration": {
        // Details of the target model
    }
}

Red Team Test Configurations

This section specifies the test categories and parameters for each.
JSON
{
    "test_name": "Test 1",
    "dataset_name": "standard", // Or your custom dataset name
    "redteam_test_configurations": {
        "bias_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "cbrn_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "harmful_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "insecure_code_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        },
        "toxicity_test": {
            "sample_percentage": 1,
            "attack_methods": {
                "basic": [
                    "basic"
                ]
            }
        }
    }
}

Field Descriptions

  • Categories: Each key (bias_test, cbrn_test, harmful_test, insecure_code_test, toxicity_test) represents a specific test category.
  • sample_percentage: Specifies the percentage of the dataset to use (1-100).
  • attack_methods: Methods to apply for each test category.

Test Categories

Custom Tests for Everyone

  1. custom_test: Custom dataset test.

Standard Tests for Everyone

  1. bias_test: Identifies and exposes biased outputs.
  2. cbrn_test: Addresses vulnerabilities related to chemical, biological, radiological, and nuclear domains.
  3. harmful_test: Elicits responses that promote harm or danger.
  4. insecure_code_test: Produces insecure or harmful code snippets.
  5. toxicity_test: Generates harmful or offensive content.
  6. pii_test: Exposes personally identifiable information.
  7. copyright_test: Exposes copyrighted material.
  8. misinformation_test: Exposes misinformation.
  9. system_prompt_extractions_test: Exposes system prompt extractions.
  10. sponge_test: Exposes infinite loops.
  11. competitor_test: Exposes information about competitors.

Agentic Tests

  1. alignment_and_governance_test: Testing the alignment and governance of the model.
  2. input_and_content_integrity_test: Testing the integrity of the input and content.
  3. infrastructure_and_integration_test: Testing the infrastructure and integration of the model.
  4. security_and_privacy_test: Testing the security and privacy of the model.
  5. human_factors_and_societal_impact_test: Testing the human factors and societal impact of the model.
  6. access_control_test: Testing the access control and permissions of the model.
  7. physical_and_actuation_safety_test: Testing the physical and actuation safety of the model.
  8. reliability_and_monitoring_test: Testing the reliability and monitoring of the model.
  9. governance_test: Testing the governance of the model.
  10. agent_output_quality_test: Testing the quality of the agent’s output.
  11. tool_misuse_test: Testing the misuse of the model’s tools.
  12. privacy_test: Testing the privacy of the model.
  13. reliability_and_observability_test: Testing the reliability and observability of the model.
  14. agent_behaviour_test: Testing the behaviour of the agent.
  15. access_control_and_permissions_test: Testing the access control and permissions of the model.
  16. tool_extraction_test: Testing the extraction of tools from the model.

Specialized Tests for Generated Datasets

  1. adv_bias_test: Uncover biased outputs through adversarial methods.
  2. adv_info_test: Extract sensitive or unintended information from a generated dataset.
  3. adv_tool_test: Misuse integrated tools or features.
  4. adv_command_test: Manipulate the model to execute unintended commands.
  5. adv_pii_test: Expose personally identifiable information.
  6. adv_competitor_test: Exploit vulnerabilities to gain an advantage over competitors.

Attack Methods

  • basic: Basic attack method for each test category.
    • basic
  • advanced: Advanced attack method for each test category.
    • static: Static attack method for each test category.
      • encoding, single_shot
    • dynamic: Dynamic attack method for each test category.
      • iterative

Target Model Configuration

This section provides specifics about the model to be tested.
JSON
"target_model_configuration": {
    "testing_for": "foundationModels", // Options: ["foundationModels", "chatbotsAndCopilots", "agents"]
    "model_name": "gpt-4o",
    "system_prompt": "",
    "model_source": "https://docs.openai.com",
    "model_provider": "OpenAI",
    "model_endpoint_url": "https://api.openai.com/v1/chat/completions",
    "model_api_key": "OPENAI_API_KEY",
    "input_modalities": [
        "text"
    ],
    "output_modalities": [
        "text"
    ]
}

Field Descriptions

  • testing_for: Identifies the AI system type (e.g., “foundationModels”, “chatbotsAndCopilots”, “agents”).
  • model_name: Required; The name or identifier for the model (e.g., “google/gemma-7b-it”).
  • model_version: specifies the model version. Custom value like v1.
  • system_prompt: sets initial model behavior.
  • model_source: URL of model documentation or source.
  • model_provider: Entity providing the model (e.g., “Google”).
  • model_endpoint_url: Required; API endpoint for model interactions.
  • model_api_key: Key for API access; replace with actual credentials.

Usage Notes

  1. Verify that API keys and endpoints are correctly configured and secure.
  2. Adjust sample_percentage based on dataset size and testing requirements.
  3. Choose suitable attack_methods based on specific evaluation needs.
  4. Leave system_prompt empty if not needed.
  5. Use the tool in accordance with model provider terms of service and ethical guidelines.
This payload structure facilitates in-depth testing across various model types, allowing for comprehensive assessments of behavior and security.