DATA Add 488 TrustAIRLab in-the-wild jailbreak templates#2228
Open
romanlutz wants to merge 2 commits into
Open
DATA Add 488 TrustAIRLab in-the-wild jailbreak templates#2228romanlutz wants to merge 2 commits into
romanlutz wants to merge 2 commits into
Conversation
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 90aa97ce-7dc1-4ecc-8045-fa1fca8430b9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
PyRIT ships a small set of hand-authored jailbreak templates, but the research community has collected far larger corpora of "in-the-wild" prompts. The TrustAIRLab "Do Anything Now" dataset (Shen et al., 2024,
shen2023donotanything-- already cited in PyRIT) contains 1,405 jailbreak prompts scraped from Discord, Reddit, and open-source/website sources under an MIT license. Making these available as static, reviewedSeedPromptYAML templates lets any PyRIT user run large-scale jailbreak evaluations without a runtime download step.Approach
Curation pipeline (offline, not committed): downloaded the dataset from HuggingFace (
TrustAIRLab/in-the-wild-jailbreak-prompts, configjailbreak_2023_12_25, splittrain, commita10aab8). Deduplicated the 1,405 rows by normalized text, then assessed each prompt individually for conversion into a reusable template with a single{{ prompt }}Jinja slot.Template conversion: for each included prompt, the natural request/question/input slot was identified and replaced with
{{ prompt }}. Prompts that hard-code a specific non-removable request, are malformed/incomplete, are not reusable wrappers, contain PII/user handles, or cannot be faithfully templated were excluded. A second deduplication pass after conversion removed semantically identical templates.Final counts: 1,405 raw -> 1,152 after exact dedup -> 488 included as templates (664 excluded for reasons including: not a reusable wrapper, hard-coded specific request with no coherent prompt slot, duplicate after conversion, malformed/incomplete, or content that cannot be safely redistributed).
Repository integration:
pyrit/datasets/jailbreak/templates/in_the_wild/, each namedtrustairlab_<sha256_prefix>.yamlwith a stable content-based hash.parameters: [prompt],is_general_technique: true,data_type: text, and contains exactly one{{ prompt }}placeholder.{% raw %}...{% endraw %}blocks to prevent Jinja interpretation of non-placeholder content.source_platform,source_collection,source_dataset,source_dataset_commit,source_prompt_sha256,conversion_path, andconversion_methodfor full provenance.Attribution: the
sourcefield points to the canonical HuggingFace dataset URL. Thedescriptionaccurately states the prompts were "collected in the wild" by the TrustAIRLab study authors, not authored by them.authorsis left empty (the original posters are anonymous community members).groups: [TrustAIRLab]credits the dataset curators. No user handles or PII are included.Tests: added
tests/unit/datasets/test_jailbreak_in_the_wild.pycovering uniqueness, attribution fields, placeholder contract, and rendering for the new subfolder. Existing jailbreak template tests continue to pass.Non-obvious details
{% raw %}escaping to prevent Jinja from treating them as variable references. The{{ prompt }}slot is placed outside the raw block.TextJailBreak's filename-based resolution).