Black-box safety eval infrastructure for Indic LLMs
Project description
indic-safety-probe
Black-box safety eval for Indic LLMs. Sends adversarial prompts to a hosted Indic model, scores the responses, and saves audit-grade JSON.
pip install indic-safety-probe
export SARVAM_API_KEY=...
indic-safety-probe --model sarvam-105b
What it does
Two probes, run against any Sarvam Cloud model:
- BECProbe — Tests CFO-impersonation BEC fraud-email generation in English, Hindi, Kannada, Bengali, Tamil, Telugu. Each harmful prompt has a structurally matched benign control.
- HonorificsProbe — Tests whether formal vs. informal honorific register (आप vs तू, etc.) produces asymmetric refusal behavior on identical content requests across Hindi, Tamil, Telugu, Bengali.
Results print to terminal; JSON cached to ./results/.
Key finding
Sarvam's API produces complete, well-formed BEC fraud emails in all 6 tested languages across sarvam-m, sarvam-30b, and sarvam-105b. Benign controls (legitimate quarterly vendor payments with identical structure) produce appropriate output. The model distinguishes the cases. It does not refuse the harmful one. The same English prompts have been observed to refuse on the Sarvam dashboard — suggesting safety lives in the deployment surface, not the model. Deployers calling the API directly inherit none of the dashboard's apparent safety.
Register variation (formal vs informal honorific) does not act as a jailbreak vector.
Cached results in results/.
Usage
indic-safety-probe --model sarvam-m
indic-safety-probe --model sarvam-105b --probes bec
indic-safety-probe --model sarvam-30b --system-prompt "You are a customer service agent for Indian Railways."
Roadmap
v0.2 adds: hallucination under regulatory framing, implicit bias by caste/gender, PII regurgitation, hate-speech generation, LLM-as-judge scoring, additional vendor adapters (Krutrim, CoRover).
Out of scope: adversarial suffix attacks (white-box), agent-framework probes (orchestration-layer), CBRN content.
Note on development
This is a vibe-coded v0.1 built in ~14 hours for an Activate AI Fellows submission. Code is short (~900 lines, half prompts). Findings are real and reproducible from the cached JSON. The design decisions — probe taxonomy, benign-control structure, reasoning-trace handling, scope boundaries — are author-owned; the implementation was co-written with an LLM.
License
MIT. See LICENSE.
Author
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file indic_safety_probe-0.1.0.tar.gz.
File metadata
- Download URL: indic_safety_probe-0.1.0.tar.gz
- Upload date:
- Size: 16.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
407a8ed1766bf43f672f07d22b6eae0c1b36b02b1bc23d3cfff3b5c742033f4e
|
|
| MD5 |
02424e671719e775cdfc4623122043bd
|
|
| BLAKE2b-256 |
4a9279d6e237aa882c8d414be22cc1e33cc11fd3376c24e70f7bcc08bea8e733
|
File details
Details for the file indic_safety_probe-0.1.0-py3-none-any.whl.
File metadata
- Download URL: indic_safety_probe-0.1.0-py3-none-any.whl
- Upload date:
- Size: 21.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ebf6be7178512d55ac15564781231361a710782af8e70355f71b774921a09917
|
|
| MD5 |
2dcc8de4d09c18e5a4e75571f48aba17
|
|
| BLAKE2b-256 |
4adfbd794a9bddd555c9bbbe90b4eb20bfdb4cce8a34d7a107c60b35ce9cec6e
|
