I am happy to find that you have bedrock as a supported provider. But when I am trying to configure the test, it gives the following error:
2024-05-14 19:14:00,899 [WARNING] [interactive_mode.py:158]: Wrong value: 3 validation errors for BedrockChat
model_id
field required (type=value_error.missing)
model
extra fields not permitted (type=value_error.extra)
temperature
extra fields not permitted (type=value_error.extra)

Current configuration ...
┌────────────────────┬───────────────────────────────────────┐
│ Option │ Value │
├────────────────────┼───────────────────────────────────────┤
│ attack_provider │ bedrock │
│ attack_model │ anthropic.claude-3-haiku-20240307-v1 │
│ target_provider │ bedrock │
│ target_model │ anthropic.claude-3-haiku-20240307-v1 │
│ num_attempts │ 3 │
│ num_threads │ 4 │
│ attack_temperature │ 0.6 │
└────────────────────┴───────────────────────────────────────┘

I didnt see much documentation on what are the parameters to provide here so I guessed these targets and model names are appropriate. Any help on getting this running is appreciated.

I already have my AWS cli access with appropriate keys setup as environment variables.

Relevant discussion on Slack with Itamar: https://promptsecurity.slack.com/archives/C0686V2C82F/p1703516105537489

This is a project on its own, to be manageable, I broke it into subtasks below.

Subtasks

1. • The code is not really similar to promptmap from which inspiration was taken, but the prompt texts are still similar, although improved in some places.
   • TODO: consider modifying the prompts (like, try to rewrite them with ChatGTP help, but ensure it still works after it)
2. • Wrap underlying chat models behind a common interface, which can be langchain.
3. • Include a list of supported models and attacks in the README, and make it more elegant, like https://github.com/protectai/rebuff
4. • Add some unit tests and a badge about succesful test to be displayed in the README (on the repo main page)
5. • Add attacks: a. [start with this] running a known prompt injection database:
     b. https://www.jailbreakchat.com/
     c. https://promptsecurity.slack.com/archives/C066E7N99U3/p1703176492742389
     d. https://github.com/llm-attacks/llm-attacks
     e. https://github.com/utkusen/promptmap --- (this is where I picked up the first attack type from)
     f. https://github.com/leondz/garak
     g. and many others we've previously sent (let's aim to be most comprehensive)
6. • Differentiate between the attacking model and the protected model (make ATTACK_GENERATING_MODEL configurable).
     GPT-4 for example as 'protected' will get in that set-up always a perfect score. we want to show some variance
7. • Arrange a compelling video demonstration, preferably showing in CLI a specific system prompt and model (something more vulnerable than GPT-4) and how the protections run, leading to different results in colors and a final score. Like the screenshots of garak.
8. • Consider offering a managed demo environment through our website, which might improve our lead gen/SEO
     They could use their "bring your own" API keys, see if that's appropriate -> talk with Itamar.

Additional links of interest:

• Jailbreak Chat : Collection of ChatGPT jailbreak prompts
• Maksym Andriushchenko 🇺🇦 on X: "We all know that AGI is coming, BUT adversarial examples are *still* not solved and scale is not all you need! Simple random search using logprobs of GPT-4 reveals that it has quite limited robustness. Short paper: https://t.co/mD1dQOBnZk Code: https://t.co/0NJxLQXleH 🧵1/n https://t.co/azXnEdWij2" / X

More links:
https://github.com/utkusen/promptmap

https://github.com/wunderwuzzi23/token-turbulenz

https://github.com/leondz/garak

https://github.com/mnns/LLMFuzzer

https://github.com/dropbox/llm-security

https://github.com/llm-attacks/llm-attacks

https://github.com/velocitatem/raccoon

https://github.com/LostOxygen/llm-confidentiality

https://www.marktechpost.com/2023/08/18/meet-cipherchat-an-ai-framework-to-systematically-examine-the-generalizability-of-safety-alignment-to-non-natural-languages-specifically-ciphers/

Description:
I encountered an error while trying to use the prompt-security-fuzzer tool after installing it via pip3.10. Here are the details of the error:

Error Message:

Traceback (most recent call last):
  File "/opt/homebrew/bin/prompt-security-fuzzer", line 5, in <module>
    from ps_fuzz.cli import main
  File "/opt/homebrew/lib/python3.10/site-packages/ps_fuzz/cli.py", line 12, in <module>
    from .prompt_injection_fuzzer import *
  File "/opt/homebrew/lib/python3.10/site-packages/ps_fuzz/prompt_injection_fuzzer.py", line 13, in <module>
    import pydantic.v1.error_wrappers
ModuleNotFoundError: No module named 'pydantic.v1'

Steps to Reproduce:

1. Install the package using the command: pip3.10 install prompt-security-fuzzer

2. Attempt to run the command: prompt-security-fuzzer -h

Expected Behavior:
The prompt-security-fuzzer tool should execute without errors and display its help message.

Actual Behavior:
Encountered a ModuleNotFoundError related to the pydantic.v1 module.

Additional Information:

Operating System: mac-os
Python Version: 3.10

I believe this issue may be related to a missing dependency or compatibility issue. Any assistance in resolving this problem would be greatly appreciated.

Could you please add support for AWS Bedrock?

I'm getting this error while running this tool: 'interactive_mode.py:158]: Wrong value: Invalid backend name: open_ai. Supported backends: ' Any suggestions on fixing it?

Hi,

Are you going to add Ollama support or maybe I missed it?

Thanks.

Hi there,
Love this project.
I am the author of ChatScanner which is basically a pentesting tool for live chatbots.
My attack scenario involves simply sending/receiving messages and of course I don't know what backed API LLM the target is using.
Would it be possible to integrate your tool via a pure text message loop interface?
Cheers.

14 tests ready already. May add few more if we have time.

Itamar from #prompt-innovation channel:

• Lets add Google colab notebook to play with it (in google colab)
• Lets add pip install
• Add attacks - I'd like > 20
  • Toxicity : note: a bit hard due to validation requiring NLP (unless we find out a way to creatively design attack prompts so it would be easy to discriminate responses toxic/non-toxic)
  • Hidden unicode
  • Multilingual [DONE]
  • [DONE] Dan
  • Base64
  • Sydney
  • Chained Prompts (attached)
  • Crescendo Attack
  • UCAR [DONE]
  • Manyshot Jailbreak

In interactive mode, an attempt to modify the Target model name fails (no matter what you put there it reverts back to the default gpt-3.5-turbo).

Today the dataset based tests rely on the response classifier not contains_refusal_keyword() but this classifier is very basic for some of the advanced needs of the next few datasets that will be implemented.

What is going to be done is:

• We'll enhance the rule based mechanism that checks responses
• We'll implement a semantic mechanism to go over the response
• We'll allow for a choice between the two in the attack configuration

After successfully installing prompt_security_fuzzer, when I type -h or any other option, its giving this error:

Traceback (most recent call last):
File "/home/cloudshell-user/.local/bin/prompt-security-fuzzer", line 5, in
from ps_fuzz.cli import main
File "/home/cloudshell-user/.local/lib/python3.9/site-packages/ps_fuzz/cli.py", line 9, in
from .chat_clients import *
File "/home/cloudshell-user/.local/lib/python3.9/site-packages/ps_fuzz/chat_clients.py", line 1, in
from .langchain_integration import get_langchain_chat_models_info
File "/home/cloudshell-user/.local/lib/python3.9/site-packages/ps_fuzz/langchain_integration.py", line 6, in
def _get_class_member_doc(cls, param_name: str) -> str | None:
TypeError: unsupported operand type(s) for |: 'type' and 'NoneType'

For CI/CD support the tools needs to

• Exit with a non-zero exit code if a test fails
• Allow for non blocking mode(exit with 0 no matter what)
• Allow to configure minimum severity for a non-zero exit
• Maybe exit with a non-zero exit code for some other failures

These will allow the tool to be used within a CI/CD pipeline, and later the tool will be wrapped within a docker container and a GitHub action.

https://www.figma.com/file/iybtJ04wXKLycgy3fPAGPG/fuzzer-flow?type=whiteboard&node-id=0-1