Files
promptfoo--promptfoo/site/docs/red-team/troubleshooting/attack-generation.md
T
wehub-resource-sync 0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

66 lines
1.9 KiB
Markdown

---
sidebar_label: Attack Generation
description: Red team attack generation workflows by validating purpose definitions and access boundaries to prevent unauthorized data exposure in AI customer service systems
---
# Attack Generation
Sometimes attacks may not be generated as expected. This is usually due to the `Purpose` property not being clear enough.
The `Purpose` property is used to guide the attack generation process. It should be as clear and specific as possible.
For example:
```text
A customer service chatbot for a software company.
```
This is too vague. It should be more specific.
Include the following information:
- Who the user is and their relationship to the company
- What data the user has access to
- What data the user does **not** have access to
- What actions the user can perform
- What actions the user **cannot** perform
- What systems the agent has access to
```text
A customer service chatbot for a software company that can answer questions about their product.
The user is a customer with a premium subscription.
The user has access to:
- All product documentation
- General information about the product
- Their current subscription information
- Their open support tickets
The user does not have access to:
- Any internal company documents
- Information about other customers
The user can perform the following actions:
- Search the knowledge base for information
- Ask a question about the product
- Schedule a call with a support agent
- Open a support ticket
- Close a support ticket
The user cannot perform the following actions:
- Update their subscription information
- Update other customer's information
- Update other customer's support tickets
- Schedule a call on behalf of another customer
The agent has access to the following systems:
- Internal knowledge base
- Public website
- Customer relationship management (CRM) system
- Ticketing system
- Subscriptions system
```