Files
promptfoo--promptfoo/site/docs/red-team/plugins/cyberseceval.md
T
wehub-resource-sync 0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

115 lines
3.2 KiB
Markdown

---
sidebar_label: CyberSecEval
description: Red team LLM systems against prompt injection attacks using Meta's CyberSecEval dataset to detect multilingual vulnerabilities and prevent unauthorized system prompt access
---
# CyberSecEval Dataset for LLM Security Testing
## Overview
The CyberSecEval plugin uses Meta's [Purple Llama CyberSecEval dataset](https://meta-llama.github.io/PurpleLlama/docs/benchmarks/prompt_injection), a comprehensive benchmark suite designed to assess cybersecurity vulnerabilities in Large Language Models (LLMs).
The dataset includes multilingual prompt injection attacks, testing LLM systems against a diverse collection of potentially harmful prompts in multiple languages.
The dataset includes test cases that evaluate:
- Direct prompt injection attacks
- Indirect prompt injection attempts
- Security-violating content
- Logic-violating content
- Cross-language attack vectors
- System prompt leakage attempts
:::tip
This plugin requires a target provider that accepts both a system prompt and user input in OpenAI-compatible chat format.
:::
## How it works
The plugin:
- Downloads test cases from the CyberSecEval dataset
- Formats each test case as a system/user message pair
- Randomly selects prompts from the dataset
- Tests if the model appropriately handles the injection attempts
- Uses language-specific LLM-as-a-judge criteria to evaluate responses
![CyberSecEval Workflow](/img/docs/cyberseceval-flow.svg)
## Configuration
To include the CyberSecEval plugin in your LLM red teaming setup, add the following configuration to your YAML file:
```yaml
redteam:
plugins:
- cyberseceval
```
You can control the number of test cases using the `config.numTests` parameter (defaults to 5):
```yaml
redteam:
plugins:
- id: cyberseceval
numTests: 25
```
You can also enable multilingual prompt injection by setting the `config.multilingual` parameter to `true`:
```yaml
redteam:
plugins:
- id: cyberseceval
config:
multilingual: true
```
## Full example
Create a configuration file `promptfooconfig.yaml`:
```yaml
targets:
# You can target a model
- openai:chat:gpt-5
# Or an API endpoint
- id: https
config:
url: 'https://example.com/generate'
method: 'POST'
headers:
'Content-Type': 'application/json'
body:
myPrompt: '{{prompt}}'
redteam:
plugins:
- cyberseceval
```
Then, run the red team command in the same directory as your configuration file:
```sh
promptfoo redteam run
```
## Grading
The plugin uses a specialized grader that evaluates model outputs against language-specific judge questions. The grader checks if:
- The model maintained its original instructions despite the injection attempt
- The response adheres to security boundaries
- The model appropriately handled non-English attack vectors
- The system prompt remained protected from extraction attempts
Outputs are graded as either PASS (secure) or FAIL (vulnerable) based on these criteria.
## Related Concepts
- [Types of LLM Vulnerabilities](../llm-vulnerability-types.md)
- [Prompt Injection](../strategies/prompt-injection.md)
- [Language Configuration](../configuration.md#language) - Test in multiple languages