orchestration

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 4, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Bad Likert Judge exploits LLM evaluation capabilities via Likert scale scoring.

The attack reframes harmful content generation as an evaluation task. By asking the model to rate content on a Likert scale (1-5) and then generate examples at each level, it bypasses safety filters that don't recognize evaluation framing as harmful. Achieves 60%+ ASR increase over plain prompts.

Source: Palo Alto Unit 42 (multi-turn technique research)

Crescendo implements benign-to-malicious multi-turn escalation.

The technique gradually escalates from completely innocuous requests to harmful ones over <5 turns, exploiting pattern-following and recency bias in LLM self-generated text. Each turn builds on the model's previous responses to establish a cooperative pattern.

Source: arXiv 2404.01833, USENIX Security 2025

Many-Shot Jailbreaking exploits long context windows via in-context learning.

The attack primes the model with many (100-10,000+) examples of a fictional AI assistant that complies with harmful requests. This in-context learning overwhelms safety training through sheer volume of demonstrations. Effective on models with large context windows (Llama 4 Scout 10M, GPT-5 400K, Claude 4.5 200K).

Payload construction is streamed to avoid buffering 40MB+ payloads in memory for 10M-token contexts.

Source: Anthropic Research (many-shot jailbreaking)

Skeleton Key implements multi-turn mode-switching to bypass model safety.

The attack convinces the model to enter a special "educational" or "testing" mode across multiple turns, then leverages that mode to request harmful content that would normally be refused. It exploits instruction-following behaviors in models that acknowledge and adopt behavioral modifications.

Source: Microsoft Security Blog (2024-06-26)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action

type Action interface {
	Execute(context *FlowContext) error
}

Action performs operations during flow execution

type AlwaysTrue

type AlwaysTrue struct{}

Condition implementations

func (*AlwaysTrue) Evaluate

func (a *AlwaysTrue) Evaluate(context *FlowContext) bool

type AttackAnalysis

type AttackAnalysis struct {
	AttackID           string
	Duration           time.Duration
	ConversationCount  int
	VulnerabilityCount int
	SuccessRate        float64
	Insights           []string
	VulnerabilityTypes map[string]int
}

AttackAnalysis contains attack analysis results

type AttackState

type AttackState struct {
	ID              string
	TargetModel     string
	AttackType      string
	StartTime       time.Time
	EndTime         *time.Time
	Status          AttackStatus
	SuccessMetrics  map[string]float64
	Conversations   []*ConversationState
	Vulnerabilities []Vulnerability
	// contains filtered or unexported fields
}

AttackState tracks the overall attack progress

type AttackStatus

type AttackStatus string

AttackStatus represents the attack state

const (
	AttackStatusActive    AttackStatus = "active"
	AttackStatusSuccess   AttackStatus = "success"
	AttackStatusFailed    AttackStatus = "failed"
	AttackStatusSuspended AttackStatus = "suspended"
	AttackStatusCompleted AttackStatus = "completed"
)

type AttackStrategy

type AttackStrategy interface {
	Name() string
	NextTurn(state *ConversationState) (string, error)
	ShouldContinue(state *ConversationState) bool
	ExtractInfo(response string, state *ConversationState) error
}

AttackStrategy defines a multi-turn attack approach

type BadLikertJudgeModule added in v0.8.0

type BadLikertJudgeModule struct{}

BadLikertJudgeModule implements the Bad Likert Judge attack.

func (*BadLikertJudgeModule) Category added in v0.8.0

func (*BadLikertJudgeModule) Description added in v0.8.0

func (m *BadLikertJudgeModule) Description() string

func (*BadLikertJudgeModule) Execute added in v0.8.0

func (*BadLikertJudgeModule) Name added in v0.8.0

func (m *BadLikertJudgeModule) Name() string

func (*BadLikertJudgeModule) Techniques added in v0.8.0

func (m *BadLikertJudgeModule) Techniques() []common.TechniqueInfo

type ComplianceAchieved

type ComplianceAchieved struct {
	Level float64
}

func (*ComplianceAchieved) Description

func (c *ComplianceAchieved) Description() string

func (*ComplianceAchieved) IsMet

func (c *ComplianceAchieved) IsMet(context *FlowContext) bool

type ComplianceLevelAbove

type ComplianceLevelAbove struct {
	Threshold float64
}

func (*ComplianceLevelAbove) Evaluate

func (c *ComplianceLevelAbove) Evaluate(context *FlowContext) bool

type Condition

type Condition interface {
	Evaluate(context *FlowContext) bool
}

Condition evaluates whether a transition should be taken

type ConversationFlow

type ConversationFlow struct {
	ID              string
	Name            string
	StartNode       *FlowNode
	Nodes           map[string]*FlowNode
	Variables       map[string]interface{}
	SuccessCriteria []SuccessCriterion
}

ConversationFlow defines a flow template

type ConversationState

type ConversationState struct {
	ID              string
	TurnCount       int
	Context         []Message
	ExtractedInfo   map[string]interface{}
	CurrentStrategy string
	SuccessMetrics  map[string]float64
	// contains filtered or unexported fields
}

ConversationState tracks the state of a multi-turn attack

type CrescendoModule added in v0.8.0

type CrescendoModule struct{}

CrescendoModule implements the Crescendo multi-turn escalation attack.

func (*CrescendoModule) Category added in v0.8.0

func (m *CrescendoModule) Category() common.AttackCategory

func (*CrescendoModule) Description added in v0.8.0

func (m *CrescendoModule) Description() string

func (*CrescendoModule) Execute added in v0.8.0

func (m *CrescendoModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)

func (*CrescendoModule) Name added in v0.8.0

func (m *CrescendoModule) Name() string

func (*CrescendoModule) Techniques added in v0.8.0

func (m *CrescendoModule) Techniques() []common.TechniqueInfo

type DecisionEngine

type DecisionEngine struct {
	// contains filtered or unexported fields
}

Decision Engine for complex flow decisions

func NewDecisionEngine

func NewDecisionEngine() *DecisionEngine

type DecisionRule

type DecisionRule interface {
	Evaluate(context *FlowContext) (string, bool)
}

type DeepenRecursion

type DeepenRecursion struct {
	MaxDepth int
}

func (*DeepenRecursion) Execute

func (d *DeepenRecursion) Execute(context *FlowContext) error

type Evidence

type Evidence struct {
	ConversationID string
	TurnNumber     int
	Prompt         string
	Response       string
	Timestamp      time.Time
}

Evidence supports a vulnerability finding

type ExecutionStatus

type ExecutionStatus string

ExecutionStatus represents the state of flow execution

const (
	StatusRunning   ExecutionStatus = "running"
	StatusSuccess   ExecutionStatus = "success"
	StatusFailed    ExecutionStatus = "failed"
	StatusSuspended ExecutionStatus = "suspended"
)

type ExtractComplianceLevel

type ExtractComplianceLevel struct{}

Action implementations

func (*ExtractComplianceLevel) Execute

func (e *ExtractComplianceLevel) Execute(context *FlowContext) error

type FlowContext

type FlowContext struct {
	FlowID        string
	CurrentNodeID string
	Variables     map[string]interface{}
	History       []FlowEvent
	Responses     []string
	StartTime     time.Time
	// contains filtered or unexported fields
}

FlowContext maintains execution state

type FlowController

type FlowController struct {
	// contains filtered or unexported fields
}

FlowController manages conversation flow and branching logic

func NewFlowController

func NewFlowController() *FlowController

NewFlowController creates a new flow controller

func (*FlowController) ExecuteFlow

func (fc *FlowController) ExecuteFlow(ctx context.Context, flowID string, target interface{}) (*FlowExecution, error)

ExecuteFlow starts executing a conversation flow

func (*FlowController) RegisterFlow

func (fc *FlowController) RegisterFlow(flow *ConversationFlow)

RegisterFlow adds a new conversation flow

type FlowEvent

type FlowEvent struct {
	NodeID    string
	EventType string
	Data      interface{}
	Timestamp time.Time
}

FlowEvent records what happened during execution

type FlowExecution

type FlowExecution struct {
	Flow    *ConversationFlow
	Context *FlowContext
	Status  ExecutionStatus
}

FlowExecution tracks active flow execution

type FlowNode

type FlowNode struct {
	ID          string
	Type        NodeType
	Content     string
	Transitions []Transition
	Actions     []Action
	Metadata    map[string]interface{}
}

FlowNode represents a node in the conversation flow

type GradualContextBuilder

type GradualContextBuilder struct {
	// contains filtered or unexported fields
}

GradualContextBuilder slowly builds malicious context

func (*GradualContextBuilder) ExtractInfo

func (g *GradualContextBuilder) ExtractInfo(response string, state *ConversationState) error

func (*GradualContextBuilder) Name

func (g *GradualContextBuilder) Name() string

func (*GradualContextBuilder) NextTurn

func (g *GradualContextBuilder) NextTurn(state *ConversationState) (string, error)

func (*GradualContextBuilder) ShouldContinue

func (g *GradualContextBuilder) ShouldContinue(state *ConversationState) bool

type InMemoryStateStore

type InMemoryStateStore struct {
	// contains filtered or unexported fields
}

InMemoryStateStore provides in-memory state storage

func NewInMemoryStateStore

func NewInMemoryStateStore() *InMemoryStateStore

func (*InMemoryStateStore) Delete

func (s *InMemoryStateStore) Delete(id string) error

func (*InMemoryStateStore) List

func (s *InMemoryStateStore) List() ([]string, error)

func (*InMemoryStateStore) Load

func (s *InMemoryStateStore) Load(id string) ([]byte, error)

func (*InMemoryStateStore) Save

func (s *InMemoryStateStore) Save(id string, data []byte) error

type InformationExtracted

type InformationExtracted struct {
	MinItems int
}

Success criteria implementations

func (*InformationExtracted) Description

func (i *InformationExtracted) Description() string

func (*InformationExtracted) IsMet

func (i *InformationExtracted) IsMet(context *FlowContext) bool

type ManyShotModule added in v0.8.0

type ManyShotModule struct{}

ManyShotModule implements the many-shot jailbreaking attack.

func (*ManyShotModule) Category added in v0.8.0

func (m *ManyShotModule) Category() common.AttackCategory

func (*ManyShotModule) Description added in v0.8.0

func (m *ManyShotModule) Description() string

func (*ManyShotModule) Execute added in v0.8.0

func (m *ManyShotModule) Execute(ctx context.Context, provider common.Provider, config common.AttackConfig) (*common.AttackResult, error)

func (*ManyShotModule) Name added in v0.8.0

func (m *ManyShotModule) Name() string

func (*ManyShotModule) Techniques added in v0.8.0

func (m *ManyShotModule) Techniques() []common.TechniqueInfo

type MemoryPoisoningAttack

type MemoryPoisoningAttack struct {
	// contains filtered or unexported fields
}

MemoryPoisoningAttack attempts to poison conversation context

func (*MemoryPoisoningAttack) ExtractInfo

func (m *MemoryPoisoningAttack) ExtractInfo(response string, state *ConversationState) error

func (*MemoryPoisoningAttack) Name

func (m *MemoryPoisoningAttack) Name() string

func (*MemoryPoisoningAttack) NextTurn

func (m *MemoryPoisoningAttack) NextTurn(state *ConversationState) (string, error)

func (*MemoryPoisoningAttack) ShouldContinue

func (m *MemoryPoisoningAttack) ShouldContinue(state *ConversationState) bool

type Message

type Message struct {
	Role      string // "user" or "assistant"
	Content   string
	Timestamp time.Time
	Metadata  map[string]interface{}
}

Message represents a single turn in the conversation

type MockProvider added in v0.8.0

type MockProvider struct{}

MockProvider provides a mock provider for testing

func (*MockProvider) GetModel added in v0.8.0

func (m *MockProvider) GetModel() string

func (*MockProvider) GetName added in v0.8.0

func (m *MockProvider) GetName() string

func (*MockProvider) Query added in v0.8.0

func (m *MockProvider) Query(ctx context.Context, messages []jailbreak.Message, options map[string]interface{}) (string, error)

type MonitorContextWindow

type MonitorContextWindow struct{}

func (*MonitorContextWindow) Execute

func (m *MonitorContextWindow) Execute(context *FlowContext) error

type MultiTurnOrchestrator

type MultiTurnOrchestrator struct {
	// contains filtered or unexported fields
}

MultiTurnOrchestrator coordinates complex multi-turn attacks

func NewMultiTurnOrchestrator

func NewMultiTurnOrchestrator(config OrchestratorConfig) *MultiTurnOrchestrator

NewMultiTurnOrchestrator creates a new orchestrator

func (*MultiTurnOrchestrator) RegisterStrategy

func (o *MultiTurnOrchestrator) RegisterStrategy(strategy AttackStrategy)

RegisterStrategy adds a new attack strategy

func (*MultiTurnOrchestrator) StartSession

func (o *MultiTurnOrchestrator) StartSession(ctx context.Context, strategyName string, target interface{}) (*ConversationState, error)

StartSession begins a new multi-turn attack session

type NodeType

type NodeType string

NodeType defines the type of flow node

const (
	NodeTypePrompt    NodeType = "prompt"
	NodeTypeDecision  NodeType = "decision"
	NodeTypeBranch    NodeType = "branch"
	NodeTypeLoop      NodeType = "loop"
	NodeTypeExtract   NodeType = "extract"
	NodeTypeTerminate NodeType = "terminate"
)

type OrchestratorConfig

type OrchestratorConfig struct {
	MaxTurns           int
	TurnTimeout        time.Duration
	ParallelSessions   int
	AdaptiveStrategies bool
	MemoryRetention    bool
}

OrchestratorConfig configures the orchestrator

type RecursionDepthReached

type RecursionDepthReached struct {
	Depth int
}

func (*RecursionDepthReached) Evaluate

func (r *RecursionDepthReached) Evaluate(context *FlowContext) bool

type ResponseContains

type ResponseContains struct {
	Keywords []string
}

func (*ResponseContains) Evaluate

func (r *ResponseContains) Evaluate(context *FlowContext) bool

type RoleConfusionAttack

type RoleConfusionAttack struct {
	// contains filtered or unexported fields
}

RoleConfusionAttack attempts to confuse the model about roles

func (*RoleConfusionAttack) ExtractInfo

func (r *RoleConfusionAttack) ExtractInfo(response string, state *ConversationState) error

func (*RoleConfusionAttack) Name

func (r *RoleConfusionAttack) Name() string

func (*RoleConfusionAttack) NextTurn

func (r *RoleConfusionAttack) NextTurn(state *ConversationState) (string, error)

func (*RoleConfusionAttack) ShouldContinue

func (r *RoleConfusionAttack) ShouldContinue(state *ConversationState) bool

type SemanticDriftAttack

type SemanticDriftAttack struct {
	// contains filtered or unexported fields
}

SemanticDriftAttack gradually shifts conversation topic

func (*SemanticDriftAttack) ExtractInfo

func (s *SemanticDriftAttack) ExtractInfo(response string, state *ConversationState) error

func (*SemanticDriftAttack) Name

func (s *SemanticDriftAttack) Name() string

func (*SemanticDriftAttack) NextTurn

func (s *SemanticDriftAttack) NextTurn(state *ConversationState) (string, error)

func (*SemanticDriftAttack) ShouldContinue

func (s *SemanticDriftAttack) ShouldContinue(state *ConversationState) bool

type SimpleLogger added in v0.8.0

type SimpleLogger struct{}

SimpleLogger provides a basic logger implementation

func (*SimpleLogger) Debug added in v0.8.0

func (l *SimpleLogger) Debug(msg string, keysAndValues ...interface{})

func (*SimpleLogger) Error added in v0.8.0

func (l *SimpleLogger) Error(msg string, keysAndValues ...interface{})

func (*SimpleLogger) Info added in v0.8.0

func (l *SimpleLogger) Info(msg string, keysAndValues ...interface{})

func (*SimpleLogger) Warn added in v0.8.0

func (l *SimpleLogger) Warn(msg string, keysAndValues ...interface{})

type SkeletonKeyModule added in v0.8.0

type SkeletonKeyModule struct{}

SkeletonKeyModule implements the Skeleton Key multi-turn attack.

func (*SkeletonKeyModule) Category added in v0.8.0

func (m *SkeletonKeyModule) Category() common.AttackCategory

func (*SkeletonKeyModule) Description added in v0.8.0

func (m *SkeletonKeyModule) Description() string

func (*SkeletonKeyModule) Execute added in v0.8.0

func (*SkeletonKeyModule) Name added in v0.8.0

func (m *SkeletonKeyModule) Name() string

func (*SkeletonKeyModule) Techniques added in v0.8.0

func (m *SkeletonKeyModule) Techniques() []common.TechniqueInfo

type StateCheckpoint

type StateCheckpoint struct {
	ID        string
	StateID   string
	Timestamp time.Time
	TurnCount int
	Data      []byte
	Metadata  map[string]interface{}
}

StateCheckpoint represents a saved state

type StateConfig

type StateConfig struct {
	CheckpointInterval time.Duration
	MaxCheckpoints     int
	PersistenceEnabled bool
	CompressionEnabled bool
	EncryptionEnabled  bool
}

StateConfig configures the state manager

type StateManager

type StateManager struct {
	// contains filtered or unexported fields
}

StateManager handles persistence and recovery of conversation states

func NewStateManager

func NewStateManager(config StateConfig, store StateStore) *StateManager

NewStateManager creates a new state manager

func (*StateManager) AnalyzeAttackProgress

func (sm *StateManager) AnalyzeAttackProgress(attackState *AttackState) AttackAnalysis

AnalyzeAttackProgress analyzes overall attack progress

func (*StateManager) CreateAttackState

func (sm *StateManager) CreateAttackState(targetModel, attackType string) *AttackState

CreateAttackState initializes a new attack state

func (*StateManager) GetCheckpoints

func (sm *StateManager) GetCheckpoints(stateID string) []*StateCheckpoint

GetCheckpoints retrieves checkpoints for a state

func (*StateManager) RecordVulnerability

func (sm *StateManager) RecordVulnerability(attackState *AttackState, vuln Vulnerability)

RecordVulnerability adds a discovered vulnerability

func (*StateManager) RecoverState

func (sm *StateManager) RecoverState(stateID string) (*ConversationState, error)

RecoverState recovers a conversation state from checkpoint

func (*StateManager) RegisterConversation

func (sm *StateManager) RegisterConversation(state *ConversationState) error

RegisterConversation adds a conversation to tracking

func (*StateManager) RollbackToCheckpoint

func (sm *StateManager) RollbackToCheckpoint(checkpointID string) error

RollbackToCheckpoint restores state to a checkpoint

func (*StateManager) UpdateState

func (sm *StateManager) UpdateState(stateID string, updater func(*ConversationState)) error

UpdateState updates conversation state and creates checkpoint if needed

type StateStore

type StateStore interface {
	Save(id string, state []byte) error
	Load(id string) ([]byte, error)
	Delete(id string) error
	List() ([]string, error)
}

StateStore interface for persisting states

type SuccessCriterion

type SuccessCriterion interface {
	IsMet(context *FlowContext) bool
	Description() string
}

SuccessCriterion defines success conditions

type Transition

type Transition struct {
	TargetNodeID string
	Condition    Condition
	Priority     int
}

Transition defines how to move between nodes

type UpdateVariable

type UpdateVariable struct {
	Name  string
	Value interface{}
}

func (*UpdateVariable) Execute

func (u *UpdateVariable) Execute(context *FlowContext) error

type VariableEquals

type VariableEquals struct {
	Name  string
	Value interface{}
}

func (*VariableEquals) Evaluate

func (v *VariableEquals) Evaluate(context *FlowContext) bool

type Vulnerability

type Vulnerability struct {
	ID          string
	Type        string
	Severity    string
	Description string
	Evidence    []Evidence
	Discovered  time.Time
}

Vulnerability represents a discovered vulnerability

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL