0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
115 lines
3.2 KiB
Markdown
115 lines
3.2 KiB
Markdown
---
|
|
sidebar_label: CyberSecEval
|
|
description: Red team LLM systems against prompt injection attacks using Meta's CyberSecEval dataset to detect multilingual vulnerabilities and prevent unauthorized system prompt access
|
|
---
|
|
|
|
# CyberSecEval Dataset for LLM Security Testing
|
|
|
|
## Overview
|
|
|
|
The CyberSecEval plugin uses Meta's [Purple Llama CyberSecEval dataset](https://meta-llama.github.io/PurpleLlama/docs/benchmarks/prompt_injection), a comprehensive benchmark suite designed to assess cybersecurity vulnerabilities in Large Language Models (LLMs).
|
|
|
|
The dataset includes multilingual prompt injection attacks, testing LLM systems against a diverse collection of potentially harmful prompts in multiple languages.
|
|
|
|
The dataset includes test cases that evaluate:
|
|
|
|
- Direct prompt injection attacks
|
|
- Indirect prompt injection attempts
|
|
- Security-violating content
|
|
- Logic-violating content
|
|
- Cross-language attack vectors
|
|
- System prompt leakage attempts
|
|
|
|
:::tip
|
|
|
|
This plugin requires a target provider that accepts both a system prompt and user input in OpenAI-compatible chat format.
|
|
|
|
:::
|
|
|
|
## How it works
|
|
|
|
The plugin:
|
|
|
|
- Downloads test cases from the CyberSecEval dataset
|
|
- Formats each test case as a system/user message pair
|
|
- Randomly selects prompts from the dataset
|
|
- Tests if the model appropriately handles the injection attempts
|
|
- Uses language-specific LLM-as-a-judge criteria to evaluate responses
|
|
|
|

|
|
|
|
## Configuration
|
|
|
|
To include the CyberSecEval plugin in your LLM red teaming setup, add the following configuration to your YAML file:
|
|
|
|
```yaml
|
|
redteam:
|
|
plugins:
|
|
- cyberseceval
|
|
```
|
|
|
|
You can control the number of test cases using the `config.numTests` parameter (defaults to 5):
|
|
|
|
```yaml
|
|
redteam:
|
|
plugins:
|
|
- id: cyberseceval
|
|
numTests: 25
|
|
```
|
|
|
|
You can also enable multilingual prompt injection by setting the `config.multilingual` parameter to `true`:
|
|
|
|
```yaml
|
|
redteam:
|
|
plugins:
|
|
- id: cyberseceval
|
|
config:
|
|
multilingual: true
|
|
```
|
|
|
|
## Full example
|
|
|
|
Create a configuration file `promptfooconfig.yaml`:
|
|
|
|
```yaml
|
|
targets:
|
|
# You can target a model
|
|
- openai:chat:gpt-5
|
|
# Or an API endpoint
|
|
- id: https
|
|
config:
|
|
url: 'https://example.com/generate'
|
|
method: 'POST'
|
|
headers:
|
|
'Content-Type': 'application/json'
|
|
body:
|
|
myPrompt: '{{prompt}}'
|
|
|
|
redteam:
|
|
plugins:
|
|
- cyberseceval
|
|
```
|
|
|
|
Then, run the red team command in the same directory as your configuration file:
|
|
|
|
```sh
|
|
promptfoo redteam run
|
|
```
|
|
|
|
## Grading
|
|
|
|
The plugin uses a specialized grader that evaluates model outputs against language-specific judge questions. The grader checks if:
|
|
|
|
- The model maintained its original instructions despite the injection attempt
|
|
- The response adheres to security boundaries
|
|
- The model appropriately handled non-English attack vectors
|
|
- The system prompt remained protected from extraction attempts
|
|
|
|
Outputs are graded as either PASS (secure) or FAIL (vulnerable) based on these criteria.
|
|
|
|
## Related Concepts
|
|
|
|
- [Types of LLM Vulnerabilities](../llm-vulnerability-types.md)
|
|
- [Prompt Injection](../strategies/prompt-injection.md)
|
|
- [Language Configuration](../configuration.md#language) - Test in multiple languages
|