Skip to content

MAINT: Migrating context compliance to technique#2177

Open
rlundeen2 wants to merge 2 commits into
microsoft:mainfrom
rlundeen2:rlundeen2-context-compliance-core-technique
Open

MAINT: Migrating context compliance to technique#2177
rlundeen2 wants to merge 2 commits into
microsoft:mainfrom
rlundeen2:rlundeen2-context-compliance-core-technique

Conversation

@rlundeen2

Copy link
Copy Markdown
Contributor

Summary

Migrates ContextComplianceAttack from a bespoke single-turn executor into a core simulated-conversation technique, mirroring the earlier role_play migration. The prompt-scaffolding work that used to live in the executor (fabricating a benign Q&A + offer, then sending a hardcoded "yes.") now belongs to the attack technique layer, per doc/code/framework.md.

What changed

  • New technique wiring: context_compliance is now registered in pyrit/setup/initializers/techniques/core.py via AttackTechniqueFactory.with_simulated_conversation(...) with num_turns=1, a fixed final_user_message="yes.", and dedicated adversarial + simulated-target system prompts (paths inlined like every other technique).
  • Factory extension: with_simulated_conversation now accepts simulated_target_system_prompt_path and final_user_message, appending the fixed final user turn as a static SeedPrompt.
  • New dataset YAMLs:
    • datasets/executors/red_teaming/context_compliance/context_compliance.yaml (adversarial → benign question)
    • datasets/executors/simulated_target/context_compliance_target.yaml (simulated target → benign answer + offer)
  • Removed the ContextComplianceAttack executor, its old dataset, and unit test; rewired the scam scenario's inline context_compliance branch to the factory; updated affected tests and docs; synced doc/bibliography.md.

Breaking change

Removes ContextComplianceAttack from the public API. Follow-up to the role_play technique migration.

Validation

  • All affected unit tests pass; ruff format/check and ty clean; pre-commit hooks pass.
  • Live end-to-end validated against gpt-4o (adversarial + target): benign question → offer → "yes." → objective delivered.

rlundeen2 and others added 2 commits July 13, 2026 10:00
Migrate ContextComplianceAttack from a bespoke single-turn executor into a
core simulated-conversation technique, mirroring the role_play migration.
The technique fabricates a benign Q and A plus offer via a 1-turn simulated
conversation and appends a fixed "yes." final user turn, instead of assembling
its own prompt scaffolding in the executor.

Removes ContextComplianceAttack from the public API (breaking change).

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: aeb8c8c6-5c23-490c-b451-a59c096f54f7
Add the CCA source paper (Russinovich and Salem, "Jailbreaking is (Mostly)
Simpler Than You Think", arXiv:2503.05264) to references.bib and bibliography.md,
and point the context-compliance dataset YAMLs' source field at it.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: aeb8c8c6-5c23-490c-b451-a59c096f54f7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant