Core code for AgentDojo

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dedeswim from gravatar.com dedeswim

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Edoardo Debenedetti
  • Maintainer: Edoardo Debenedetti
  • Tags benchmark , llms , machine learning , prompt injection , security
  • Requires: Python >=3.10
  • Provides-Extra: transformers
Classifiers
Report project as malware

Project description

AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents

GitHub License GitHub Actions Workflow Status PyPI - Python Version PyPI - Downloads PyPI - Version

Edoardo Debenedetti1, Jie Zhang1, Mislav Balunović1,2, Luca Beurer-Kellner1,2, Marc Fischer1,2, Florian Tramèr1

1ETH Zurich and 2Invariant Labs

Read Paper | Inspect Results

Quickstart

pip install agentdojo

[!IMPORTANT] Note that the API of the package is still under development and might change in the future.

If you want to use the prompt injection detector, you need to install the transformers extra:

pip install "agentdojo[transformers]"

Running the benchmark

The benchmark can be run with the benchmark script. Documentation on how to use the script can be obtained with the --help flag.

For example, to run the workspace suite on the tasks 0 and 1, with gpt-4o-2024-05-13 as the LLM, the tool filter as a defense, and the attack with tool knowlege, run the following command:

python -m agentdojo.scripts.benchmark -s workspace -ut user_task_0 \
    -ut user_task_1 --model gpt-4o-2024-05-13 \
    --defense tool_filter --attack tool_knowledge

To run the above, but on all suites and tasks, run the following:

python -m agentdojo.scripts.benchmark --model gpt-4o-2024-05-13 \
    --defense tool_filter --attack tool_knowledge

Inspect the results

To inspect the results, go to the dedicated results page of the documentation. AgentDojo results are also listed in the Invariant Benchmark Registry.Agent

Documentation of the Dojo

Take a look at our documentation.

Development set-up

Take a look at the development set-up docs.

Citing

If you use AgentDojo in your research, please consider citing our paper:

@inproceedings{
 debenedetti2024agentdojo,
 title={AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for {LLM} Agents},
 author={Edoardo Debenedetti and Jie Zhang and Mislav Balunovic and Luca Beurer-Kellner and Marc Fischer and Florian Tram{\`e}r},
 booktitle={The Thirty-eight Conference on Neural Information Processing Systems Datasets and Benchmarks Track},
 year={2024},
 url={https://openreview.net/forum?id=m1YYAQjO3w}
}

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dedeswim from gravatar.com dedeswim

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Edoardo Debenedetti
  • Maintainer: Edoardo Debenedetti
  • Tags benchmark , llms , machine learning , prompt injection , security
  • Requires: Python >=3.10
  • Provides-Extra: transformers
Classifiers

Release history Release notifications | RSS feed

0.0.3

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentdojo_core-0.0.2.tar.gz (177.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentdojo_core-0.0.2-py3-none-any.whl (66.9 kB view details)

Uploaded Python 3

File details

Details for the file agentdojo_core-0.0.2.tar.gz.

File metadata

  • Download URL: agentdojo_core-0.0.2.tar.gz
  • Upload date:
  • Size: 177.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for agentdojo_core-0.0.2.tar.gz
Algorithm Hash digest
SHA256 11fa0f918c28c2bcb432cc2310f3fe8e9b10110ad15cce23818fa1c2b5e0287a
MD5 5e130c934193addb95604128e10b4821
BLAKE2b-256 875ffcbdc30f6c8a9b3d2702e161d894f30085d1a9f5b205e2a5137c07e43f5f

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentdojo_core-0.0.2.tar.gz:

Publisher: publish.yaml on ethz-spylab/agentdojo-core

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agentdojo_core-0.0.2-py3-none-any.whl.

File metadata

  • Download URL: agentdojo_core-0.0.2-py3-none-any.whl
  • Upload date:
  • Size: 66.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for agentdojo_core-0.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 08e50f6b42466da5fe9ea2e9dcaf955870f64543117dc17f8c6f66612dcecab1
MD5 b0f304b880216689714ee5fa43e9c69e
BLAKE2b-256 baba06cd55bbccc1b643bdf83a89e4524cf77f0b6ae333f3611aa304954c8507

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentdojo_core-0.0.2-py3-none-any.whl:

Publisher: publish.yaml on ethz-spylab/agentdojo-core

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page