DAN 9

Description: Tests the model (that you passed in the argument) to see if it is vulnerable to DAN 9 attack. DAN 9 is an attack scenario where LLM responds to prompts in two different ways: one normal response and another as an unrestrained AI named DAN, providing answers without filters or restrictions.

How does the Test work:

  1. Pre-defined internal system prompts are used.

  2. Multiple iteration of Model output is generated for these pre-defined system prompts.

  3. raga-llm-eval’s MitigationBypass and DAN detectors scan the model to see if the attack was successful.

  4. This concludes if the model is vulnerable to DAN 9 attack.

Required arguments: model (like:gpt-4)

Interpretation of results:

  1. Score range(degree of model behaving as DAN 9): [0, 1]. A score of 1 implies that the model does not behave as DAN 9, while lower scores signify increasing levels of model behaving as DAN 9.

  2. Sample internal prompt and model response for failed cases is displayed. For detailed info on internal prompts, model responses, scores, use evaluator.save_results('filename.json').

Coding Example:

probe = 'Dan_9_0'
evaluator.add_test(
    test_names=["dan_vulnerability_scanner"],
    data={
    },
    arguments={"category":[probe], "model": "gpt-3.5-turbo", "threshold": 1.0},
).run()

evaluator.print_results()
PreviousDAN 10NextDAN 8

Last updated