adaptive

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 2, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

CaMeL Bypass targets the CaMeL capability-based access control defense, which achieves 67% attack neutralization. This module exploits policy definition gaps and capability boundary weaknesses.

Source: arXiv 2503.18813

Package adaptive implements adaptive attacks that systematically bypass specific defense mechanisms through optimization strategies.

DiffusionAttacker uses diffusion-model-inspired iterative refinement to generate adversarial prompts. The approach iteratively adds and removes noise from prompts to discover variants that bypass safety filters.

Note: Full diffusion model integration requires the Python ML bridge. This module implements the iterative refinement algorithm in pure Go using text-level perturbation (no actual diffusion model required).

Source: EMNLP 2025

Package adaptive contains evolutionary / feedback-driven attack engines.

jbfuzz.go implements the JBFuzz black-box mutation/feedback fuzzer (arXiv 2503.08990, March 2026). Synonym-substitution is the primary mutation operator (462x faster than LLM mutation per the paper's §4.2); RefusalSuppression and Rephrase are tier-2 ops borrowed from TurboFuzzLLM (arXiv 2502.18504). Selection is UCB1 with periodic random restart — MCTS-Explore is on the v0.10.0 plan but UCB1+restart is sufficient to avoid the local-optima pathology GPTFuzzer documented for pure UCB.

Fitness is the refusal-heuristic by default (cheap, deterministic, fits in v0.9.0 with no new dependencies). The plan's embedding-fitness (e5-base-v2 + small MLP) is opt-in only via metadata "fitness=embedding" and is currently a stub that returns ErrEmbeddingFitnessNotImplemented — wiring up an ONNX or local-Ollama embedding endpoint is a v0.10.0 task.

Per the v0.9.0 plan, jbfuzz requires config.Metadata["allow_experimental"] = "true" because the engine *discovers* novel jailbreaks at runtime, which is fundamentally different from running a curated handcrafted attack.

persona_evolve.go implements the genetic-algorithm persona-modulation engine described in arXiv 2507.22171 ("Enhancing Jailbreak Attacks on LLMs via Persona Prompts"). Persona modulation reduces refusal rates by 50–70% per the paper; this engine evolves seed personas via tournament selection, uniform crossover over trait slots, slot mutation, 5% elitism, and periodic immigration to escape mode collapse.

Encoding rationale (struct-of-traits, not string templates) per Promptbreeder (ICLR 2024) and GAAPO (Frontiers AI 2025): string-template crossover produces ungrammatical offspring and converges slowly. The trait dictionary is encoded in templates/genetic_persona_seeds.json with stable slot keys (role / expertise / tone / motivation / constraints / backstory / traits / style / fitness_seed) so uniform crossover over slots always yields a syntactically valid persona.

Per the v0.9.0 plan, persona_evolve requires config.Metadata["allow_experimental"] = "true" because the engine discovers novel jailbreak personas at runtime.

SaltResistance implements anti-salting techniques that counter LLM Salting, a defense that reduces ASR to 3% by adding deployment-specific fine-tuning.

Source: Sophos CAMLIS 2025

Index

Constants

This section is empty.

Variables

View Source
var ErrEmbeddingFitnessNotImplemented = errors.New(
	"jbfuzz: embedding fitness is opt-in for v0.9.0 and not yet wired " +
		"(needs ONNX Runtime or local Ollama embeddings endpoint); set " +
		"metadata fitness=heuristic or unset for the default refusal-string heuristic",
)

ErrEmbeddingFitnessNotImplemented is returned when an operator opts into the embedding-based fitness function but no embedding endpoint is wired.

Functions

This section is empty.

Types

type CaMeLBypassModule

type CaMeLBypassModule struct{}

CaMeLBypassModule targets CaMeL capability-based access control.

Source: arXiv 2503.18813

func (*CaMeLBypassModule) Category

func (m *CaMeLBypassModule) Category() common.AttackCategory

func (*CaMeLBypassModule) Description

func (m *CaMeLBypassModule) Description() string

func (*CaMeLBypassModule) Execute

func (*CaMeLBypassModule) Name

func (m *CaMeLBypassModule) Name() string

func (*CaMeLBypassModule) Techniques

func (m *CaMeLBypassModule) Techniques() []common.TechniqueInfo

type DefenseBypassOptimizerModule

type DefenseBypassOptimizerModule struct{}

DefenseBypassOptimizerModule implements systematic defense bypass through pluggable optimization strategies (random search, hill climbing, etc.).

WARNING: Requires --i-understand-risks flag. Logs all target information.

Source: OpenAI/Anthropic/DeepMind joint research 2025

func (*DefenseBypassOptimizerModule) Category

func (*DefenseBypassOptimizerModule) Description

func (m *DefenseBypassOptimizerModule) Description() string

func (*DefenseBypassOptimizerModule) Execute

func (*DefenseBypassOptimizerModule) Name

func (*DefenseBypassOptimizerModule) Techniques

type DiffusionAttackerModule

type DiffusionAttackerModule struct{}

DiffusionAttackerModule implements iterative prompt refinement inspired by diffusion models. Uses text perturbation in pure Go; optional Python ML bridge for actual diffusion model integration.

Source: EMNLP 2025

func (*DiffusionAttackerModule) Category

func (*DiffusionAttackerModule) Description

func (m *DiffusionAttackerModule) Description() string

func (*DiffusionAttackerModule) Execute

func (*DiffusionAttackerModule) Name

func (m *DiffusionAttackerModule) Name() string

func (*DiffusionAttackerModule) Techniques

func (m *DiffusionAttackerModule) Techniques() []common.TechniqueInfo

type JBFuzzModule added in v0.9.0

type JBFuzzModule struct{}

JBFuzzModule implements attacks.AttackModule for the JBFuzz fuzzer.

func (*JBFuzzModule) Category added in v0.9.0

func (m *JBFuzzModule) Category() common.AttackCategory

Category returns CategoryAdaptive.

func (*JBFuzzModule) Description added in v0.9.0

func (m *JBFuzzModule) Description() string

Description summarizes the technique.

func (*JBFuzzModule) Execute added in v0.9.0

func (m *JBFuzzModule) Execute(
	ctx context.Context,
	provider common.Provider,
	config common.AttackConfig,
) (*common.AttackResult, error)

Execute runs the fuzzer against the provider until budget is exhausted or a candidate crosses the success threshold.

func (*JBFuzzModule) Name added in v0.9.0

func (m *JBFuzzModule) Name() string

Name returns the registered technique name.

func (*JBFuzzModule) Techniques added in v0.9.0

func (m *JBFuzzModule) Techniques() []common.TechniqueInfo

Techniques returns the OWASP and metadata bundle.

type PersonaEvolveModule added in v0.9.0

type PersonaEvolveModule struct{}

PersonaEvolveModule implements attacks.AttackModule for the GA engine.

func (*PersonaEvolveModule) Category added in v0.9.0

Category returns CategoryAdaptive.

func (*PersonaEvolveModule) Description added in v0.9.0

func (m *PersonaEvolveModule) Description() string

Description summarizes the technique.

func (*PersonaEvolveModule) Execute added in v0.9.0

func (m *PersonaEvolveModule) Execute(
	ctx context.Context,
	provider common.Provider,
	config common.AttackConfig,
) (*common.AttackResult, error)

Execute runs the GA against the provider until budget is exhausted or a candidate crosses successThreshold (shared with jbfuzz).

func (*PersonaEvolveModule) Name added in v0.9.0

func (m *PersonaEvolveModule) Name() string

Name returns the registered technique name.

func (*PersonaEvolveModule) Techniques added in v0.9.0

func (m *PersonaEvolveModule) Techniques() []common.TechniqueInfo

Techniques returns the OWASP and metadata bundle.

type SaltResistanceModule

type SaltResistanceModule struct{}

SaltResistanceModule implements anti-salting techniques that generate attacks dynamically rather than relying on pre-computed static prompts.

Source: Sophos CAMLIS 2025

func (*SaltResistanceModule) Category

func (*SaltResistanceModule) Description

func (m *SaltResistanceModule) Description() string

func (*SaltResistanceModule) Execute

func (*SaltResistanceModule) Name

func (m *SaltResistanceModule) Name() string

func (*SaltResistanceModule) Techniques

func (m *SaltResistanceModule) Techniques() []common.TechniqueInfo

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL