Files
promptfoo--promptfoo/site/docs/_shared/data/strategies.ts
T
wehub-resource-sync 0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

382 lines
13 KiB
TypeScript

export interface Strategy {
category: string;
categoryLink?: string;
strategy: string;
displayName: string;
description: string;
longDescription: string;
cost: string;
asrIncrease: string;
link?: string;
recommended?: boolean;
isRemote?: boolean;
}
export const strategies: Strategy[] = [
{
category: 'Custom',
strategy: 'custom',
displayName: 'Custom Strategies',
description: 'User-defined transformations',
longDescription:
'Allows creation of custom red team testing approaches by programmatically transforming test cases using JavaScript',
cost: 'Variable',
asrIncrease: 'Variable',
link: '/docs/red-team/strategies/custom/',
},
{
category: 'Custom',
strategy: 'custom-strategy',
displayName: 'Custom Strategy',
description: 'Custom prompt-based multi-turn strategy',
longDescription:
'Write natural language instructions to create powerful multi-turn red team strategies. No coding required.',
cost: 'Variable',
asrIncrease: 'Variable',
link: '/docs/red-team/strategies/custom-strategy/',
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'best-of-n',
displayName: 'Best-of-N',
description: 'Parallel sampling attack',
longDescription:
'Tests multiple variations in parallel using the Best-of-N technique from Anthropic research',
cost: 'High',
asrIncrease: '40-60%',
link: '/docs/red-team/strategies/best-of-n/',
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'citation',
displayName: 'Citation',
description: 'Academic framing',
longDescription:
'Tests vulnerability to academic authority bias by framing harmful requests in research contexts',
cost: 'Medium',
asrIncrease: '40-60%',
link: '/docs/red-team/strategies/citation/',
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'authoritative-markup-injection',
displayName: 'Authoritative Markup Injection',
description: 'Structured format authority',
longDescription:
'Tests vulnerability to authoritative formatting by embedding prompts in structured markup that exploits trust in formatted content',
cost: 'Medium',
asrIncrease: '40-60%',
link: '/docs/red-team/strategies/authoritative-markup-injection/',
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'jailbreak:composite',
displayName: 'Composite Jailbreaks',
description: 'Combined techniques',
longDescription:
'Chains multiple jailbreak techniques from research papers to create more sophisticated attacks',
cost: 'Medium',
asrIncrease: '60-80%',
link: '/docs/red-team/strategies/composite-jailbreaks/',
recommended: true,
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'gcg',
displayName: 'GCG',
description: 'Gradient-based optimization',
longDescription:
'Implements the Greedy Coordinate Gradient attack method for finding adversarial prompts using gradient-based search techniques',
cost: 'High',
asrIncrease: '0-10%',
link: '/docs/red-team/strategies/gcg/',
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'jailbreak',
displayName: 'Jailbreak',
description: 'Lightweight iterative refinement',
longDescription:
'Uses an LLM-as-a-Judge to iteratively refine prompts until they bypass security controls',
cost: 'High',
asrIncrease: '60-80%',
link: '/docs/red-team/strategies/iterative/',
recommended: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'jailbreak:meta',
displayName: 'Meta-Agent Jailbreaks',
description: 'Strategic taxonomy builder',
longDescription:
'Builds custom attack taxonomies and learns from all attempts using persistent strategic memory to choose which attack types work against your specific target',
cost: 'High',
asrIncrease: '70-90%',
link: '/docs/red-team/strategies/meta/',
recommended: true,
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'jailbreak:likert',
displayName: 'Likert-based Jailbreaks',
description: 'Academic evaluation framework',
longDescription:
'Leverages academic evaluation frameworks and Likert scales to frame harmful requests within research contexts',
cost: 'Medium',
asrIncrease: '40-60%',
link: '/docs/red-team/strategies/likert/',
isRemote: true,
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'math-prompt',
displayName: 'Math Prompt',
description: 'Mathematical encoding',
longDescription:
'Tests resilience against mathematical notation-based attacks using set theory and abstract algebra',
cost: 'Medium',
asrIncrease: '40-60%',
link: '/docs/red-team/strategies/math-prompt/',
},
{
category: 'Dynamic (Single-Turn)',
strategy: 'jailbreak:tree',
displayName: 'Tree-based',
description: 'Branching attack paths',
longDescription:
'Creates a tree of attack variations based on the Tree of Attacks research paper',
cost: 'High',
asrIncrease: '60-80%',
link: '/docs/red-team/strategies/tree/',
},
{
category: 'Multi-turn',
strategy: 'crescendo',
displayName: 'Crescendo',
description: 'Gradual escalation',
longDescription:
'Gradually escalates prompt harm over multiple turns while using backtracking to optimize attack paths',
cost: 'High',
asrIncrease: '70-90%',
link: '/docs/red-team/strategies/multi-turn/',
},
{
category: 'Multi-turn',
strategy: 'goat',
displayName: 'GOAT',
description: 'Generative Offensive Agent Tester',
longDescription:
'Uses a Generative Offensive Agent Tester to dynamically generate multi-turn conversations',
cost: 'High',
asrIncrease: '70-90%',
link: '/docs/red-team/strategies/goat/',
isRemote: true,
},
{
category: 'Multi-turn',
strategy: 'jailbreak:hydra',
displayName: 'Hydra Multi-turn',
description: 'Adaptive multi-turn branching',
longDescription:
'Adaptive multi-turn jailbreak agent that pivots across branches with persistent scan-wide memory to uncover hidden vulnerabilities',
cost: 'High',
asrIncrease: '70-90%',
link: '/docs/red-team/strategies/hydra/',
isRemote: true,
},
{
category: 'Multi-turn',
strategy: 'mischievous-user',
displayName: 'Mischievous User',
description: 'Mischievous user conversations',
longDescription: 'Simulates a multi-turn conversation between a mischievous user and an agent',
cost: 'High',
asrIncrease: '10-20%',
link: '/docs/red-team/strategies/mischievous-user/',
},
{
category: 'Static (Single-Turn)',
strategy: 'video',
displayName: 'Video Encoding',
description: 'Text-to-video encoding bypass',
longDescription:
'Tests handling of text embedded in videos and encoded as base64 to potentially bypass text-based content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/video/',
},
{
category: 'Static (Single-Turn)',
strategy: 'image',
displayName: 'Image Encoding',
description: 'Text-to-image encoding bypass',
longDescription:
'Tests handling of text embedded in images and encoded as base64 to potentially bypass text-based content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/image/',
},
{
category: 'Static (Single-Turn)',
strategy: 'audio',
displayName: 'Audio Encoding',
description: 'Text-to-speech encoding bypass',
longDescription:
'Tests handling of text converted to speech audio and encoded as base64 to potentially bypass text-based content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/audio/',
isRemote: true,
},
{
category: 'Static (Single-Turn)',
strategy: 'base64',
displayName: 'Base64',
description: 'Base64 encoding bypass',
longDescription:
'Tests detection and handling of Base64-encoded malicious payloads to bypass content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/base64/',
},
{
category: 'Static (Single-Turn)',
strategy: 'hex',
displayName: 'Hex',
description: 'Hex encoding bypass',
longDescription:
'Tests detection and handling of hex-encoded malicious payloads to bypass content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/hex/',
},
{
category: 'Static (Single-Turn)',
strategy: 'homoglyph',
displayName: 'Homoglyph',
description: 'Unicode confusable characters',
longDescription:
'Tests detection and handling of text with homoglyphs (visually similar Unicode characters) to bypass content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/homoglyph/',
},
{
category: 'Static (Single-Turn)',
strategy: 'basic',
displayName: 'Basic',
description: 'Plugin-generated test cases',
longDescription:
'Controls whether original plugin-generated test cases are included without any strategies applied',
cost: 'Low',
asrIncrease: 'None',
link: '/docs/red-team/strategies/basic/',
},
{
category: 'Static (Single-Turn)',
strategy: 'leetspeak',
displayName: 'Leetspeak',
description: 'Character substitution',
longDescription:
'Tests handling of leetspeak-encoded malicious content by replacing standard letters with numbers or special characters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/leetspeak/',
},
{
category: 'Static (Single-Turn)',
strategy: 'jailbreak-templates',
displayName: 'Jailbreak Templates',
description: 'Static jailbreak templates',
longDescription:
'Tests LLM resistance to known jailbreak techniques (DAN, Skeleton Key, etc.) using static templates. Note: Does not cover modern prompt injection techniques.',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/jailbreak-templates/',
},
{
category: 'Static (Single-Turn)',
strategy: 'rot13',
displayName: 'ROT13',
description: 'Letter rotation encoding',
longDescription:
'Tests handling of ROT13-encoded malicious payloads by rotating each letter 13 positions in the alphabet',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/rot13/',
},
{
category: 'Static (Single-Turn)',
strategy: 'morse',
displayName: 'Morse Code',
description: 'Dots and dashes encoding',
longDescription:
'Tests handling of text encoded in Morse code (dots and dashes) to potentially bypass content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/other-encodings/#morse-code',
},
{
category: 'Static (Single-Turn)',
strategy: 'piglatin',
displayName: 'Pig Latin',
description: 'Word transformation encoding',
longDescription:
'Tests handling of text transformed into Pig Latin (rearranging word parts) to potentially bypass content filters',
cost: 'Low',
asrIncrease: '20-30%',
link: '/docs/red-team/strategies/other-encodings/#pig-latin',
},
{
category: 'Static (Single-Turn)',
strategy: 'camelcase',
displayName: 'camelCase',
description: 'camelCase transformation',
longDescription:
'Tests handling of text transformed into camelCase (removing spaces and capitalizing words) to potentially bypass content filters',
cost: 'Low',
asrIncrease: '0-5%',
link: '/docs/red-team/strategies/other-encodings/#camelcase',
},
{
category: 'Static (Single-Turn)',
strategy: 'emoji',
displayName: 'Emoji Smuggling',
description: 'Variation selector encoding',
longDescription:
'Tests hiding UTF-8 payloads inside emoji variation selectors to evaluate filter evasion.',
cost: 'Low',
asrIncrease: '0-5%',
link: '/docs/red-team/strategies/other-encodings/#emoji-encoding',
},
{
category: 'Custom',
strategy: 'layer',
displayName: 'Layer',
description: 'Compose multiple strategies',
longDescription:
'Compose multiple red team strategies sequentially (e.g., jailbreak → base64) to create sophisticated attack chains',
cost: 'Variable',
asrIncrease: 'Cumulative',
link: '/docs/red-team/strategies/layer/',
},
{
category: 'Regression',
strategy: 'retry',
displayName: 'Retry',
description: 'Historical failure testing',
longDescription:
'Automatically incorporates previously failed test cases into your test suite, creating a regression testing system that learns from past failures',
cost: 'Low',
asrIncrease: '50-70%',
link: '/docs/red-team/strategies/retry/',
recommended: false,
},
];