promptfoo 0.101.2 → 0.102.1

package/dist/src/redteam/constants.js

@@ -61,7 +61,6 @@ exports.HARM_PLUGINS = {
 exports.PII_PLUGINS = ['pii:api-db', 'pii:direct', 'pii:session', 'pii:social'];
 exports.BASE_PLUGINS = [
     'contracts',
-    'cross-session-leak',
     'excessive-agency',
     'hallucination',
     'hijacking',
@@ -72,6 +71,7 @@ exports.ADDITIONAL_PLUGINS = [
     'bfla',
     'bola',
     'competitors',
+    'cross-session-leak',
     'debug-access',
     'imitation',
     'indirect-prompt-injection',
@@ -86,7 +86,6 @@ exports.ADDITIONAL_PLUGINS = [
 // Plugins that require configuration and can't be enabled by default or included as additional.
 exports.CONFIG_REQUIRED_PLUGINS = ['intent', 'policy'];
 exports.DEFAULT_PLUGINS = new Set([
-    ...exports.COLLECTIONS,
     ...exports.BASE_PLUGINS,
     ...Object.keys(exports.HARM_PLUGINS),
     ...exports.PII_PLUGINS,
@@ -102,31 +101,94 @@ exports.FRAMEWORK_NAMES = {
 };
 exports.OWASP_LLM_TOP_10_MAPPING = {
     'owasp:llm:01': {
-        plugins: ['harmful'],
-        strategies: ['jailbreak', 'prompt-injection'],
+        // Prompt Injection
+        plugins: ['ascii-smuggling', 'indirect-prompt-injection', 'prompt-extraction', 'harmful'],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
     },
     'owasp:llm:02': {
-        plugins: ['harmful', 'overreliance'],
-        strategies: [],
+        // Sensitive Information Disclosure
+        plugins: [
+            'pii:api-db',
+            'pii:direct',
+            'pii:session',
+            'pii:social',
+            'harmful:privacy',
+            'cross-session-leak',
+            'prompt-extraction',
+        ],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
     },
     'owasp:llm:03': {
-        plugins: ['harmful', 'hallucination', 'overreliance'],
+        // Supply Chain
+        plugins: [],
         strategies: [],
     },
-    'owasp:llm:06': {
-        plugins: ['harmful:privacy', 'pii:api-db', 'pii:direct', 'pii:session', 'pii:social'],
+    'owasp:llm:04': {
+        // Data and Model Poisoning
+        plugins: [
+            'harmful:misinformation-disinformation',
+            'harmful:hate',
+            'harmful:radicalization',
+            'harmful:specialized-advice',
+        ],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
+    },
+    'owasp:llm:05': {
+        // Improper Output Handling
+        plugins: ['shell-injection', 'sql-injection', 'ssrf', 'debug-access'],
         strategies: ['jailbreak', 'prompt-injection'],
     },
+    'owasp:llm:06': {
+        // Excessive Agency
+        plugins: [
+            'excessive-agency',
+            'rbac',
+            'bfla',
+            'bola',
+            'shell-injection',
+            'sql-injection',
+            'ssrf',
+        ],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
+    },
     'owasp:llm:07': {
-        plugins: ['bfla', 'bola', 'debug-access', 'rbac', 'shell-injection', 'sql-injection'],
-        strategies: [],
+        // System Prompt Leakage
+        plugins: [
+            'prompt-extraction',
+            'rbac',
+            'harmful:privacy',
+            'pii:api-db',
+            'pii:direct',
+            'pii:session',
+            'pii:social',
+        ],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
     },
     'owasp:llm:08': {
-        plugins: ['excessive-agency', 'rbac'],
-        strategies: [],
+        // Vector and Embedding Weaknesses
+        plugins: [
+            'cross-session-leak',
+            'harmful:privacy',
+            'pii:api-db',
+            'pii:direct',
+            'pii:session',
+            'pii:social',
+        ],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
     },
     'owasp:llm:09': {
-        plugins: ['hallucination', 'overreliance'],
+        // Misinformation
+        plugins: [
+            'hallucination',
+            'overreliance',
+            'harmful:misinformation-disinformation',
+            'harmful:specialized-advice',
+        ],
+        strategies: ['jailbreak', 'prompt-injection', 'jailbreak:composite'],
+    },
+    'owasp:llm:10': {
+        // Unbounded Consumption
+        plugins: ['excessive-agency', 'overreliance'],
         strategies: [],
     },
 };
@@ -315,16 +377,16 @@ exports.ALIASED_PLUGIN_MAPPINGS = {
     'owasp:api': exports.OWASP_API_TOP_10_MAPPING,
     'owasp:llm': exports.OWASP_LLM_TOP_10_MAPPING,
 };
-exports.DEFAULT_STRATEGIES = ['jailbreak', 'prompt-injection'];
+exports.DEFAULT_STRATEGIES = ['jailbreak', 'jailbreak:composite'];
 exports.MULTI_TURN_STRATEGIES = ['crescendo', 'goat'];
 exports.AGENTIC_STRATEGIES = ['jailbreak', 'jailbreak:tree', 'crescendo', 'goat'];
 exports.ADDITIONAL_STRATEGIES = [
+    'prompt-injection',
     'ascii-smuggling',
     'base64',
     'citation',
     'crescendo',
     'goat',
-    'jailbreak:composite',
     'jailbreak:tree',
     'leetspeak',
     'math-prompt',
@@ -338,139 +400,139 @@ exports.ALL_STRATEGIES = [
     ...exports.ADDITIONAL_STRATEGIES,
 ];
 exports.subCategoryDescriptions = {
-    default: 'Includes common plugins',
-    'ascii-smuggling': 'Attempts to obfuscate malicious content using ASCII smuggling',
-    base64: 'Attempts to obfuscate malicious content using Base64 encoding',
-    basic: 'Single-shot, unoptimized attacks using raw prompts based on plugin description',
-    bfla: 'Broken Function Level Authorization (BFLA) tests',
-    bola: 'Broken Object Level Authorization (BOLA) tests',
-    citation: "Exploits model's bias toward authority",
-    competitors: 'Competitor mentions and endorsements',
-    contracts: 'Enters business or legal commitments without supervision',
-    crescendo: 'Conversational attack strategy (high cost)',
-    'cross-session-leak': 'Checks for information sharing between unrelated sessions',
-    'debug-access': 'Attempts to access or use debugging commands',
-    'excessive-agency': 'Model taking excessive initiative or misunderstanding its capabilities',
-    goat: 'Dynamically combines multiple adversarial prompting techniques in multi-turn conversations',
-    hallucination: 'Model generating false or misleading information',
-    harmful: 'All harmful categories',
-    'harmful:chemical-biological-weapons': 'Content related to chemical or biological weapons',
-    'harmful:child-exploitation': 'Content exploiting or harming children',
-    'harmful:copyright-violations': 'Content violating copyright laws',
-    'harmful:cybercrime': 'Content related to cybercriminal activities',
-    'harmful:graphic-content': 'Displaying graphic or violent content',
-    'harmful:harassment-bullying': 'Content that harasses or bullies individuals',
-    'harmful:hate': 'Content that promotes hate or discrimination',
-    'harmful:illegal-activities': 'Content promoting illegal activities',
-    'harmful:illegal-drugs': 'Content related to illegal drug use or trade',
-    'harmful:indiscriminate-weapons': 'Content related to weapons without context',
-    'harmful:insults': 'Content that insults or demeans individuals',
-    'harmful:intellectual-property': 'Content violating intellectual property rights',
-    'harmful:misinformation-disinformation': 'Spreading false or misleading information',
-    'harmful:non-violent-crime': 'Content related to non-violent criminal activities',
-    'harmful:privacy': 'Content violating privacy rights',
-    'harmful:profanity': 'Content containing profane or inappropriate language',
-    'harmful:radicalization': 'Content that promotes radical or extremist views',
-    'harmful:self-harm': 'Content that encourages self-harm or suicide',
-    'harmful:sex-crime': 'Content related to sexual crimes',
-    'harmful:sexual-content': 'Explicit or inappropriate sexual content',
-    'harmful:specialized-advice': 'Providing advice in specialized fields without expertise',
-    'harmful:unsafe-practices': 'Content promoting unsafe or harmful practices',
-    'harmful:violent-crime': 'Content related to violent criminal activities',
-    hijacking: 'Unauthorized or off-topic resource use',
-    imitation: 'Imitates people, brands, or organizations',
-    'indirect-prompt-injection': 'Tests if the prompt is vulnerable to instructions injected into variables in the prompt',
-    intent: 'Attempts to manipulate the model to exhibit specific behaviors',
-    jailbreak: 'Attempts to bypass security measures through iterative prompt refinement',
-    'jailbreak:composite': 'Finds novel jailbreak prompts by chaining together individual techniques',
-    'jailbreak:tree': 'Tree-based jailbreak search (medium cost)',
-    leetspeak: 'Attempts to obfuscate malicious content using leetspeak',
-    'math-prompt': 'Encodes potentially harmful content using mathematical concepts and notation',
-    multilingual: 'Translates the input into low-resource languages',
-    overreliance: 'Model susceptible to relying on an incorrect user assumption or input',
-    pii: 'All PII categories',
-    'pii:api-db': 'PII exposed through API or database',
-    'pii:direct': 'Direct exposure of PII',
-    'pii:session': 'PII exposed in session data',
-    'pii:social': 'PII exposed through social engineering',
-    policy: 'Violates a custom configured policy',
-    politics: 'Makes political statements',
-    'prompt-extraction': 'Attempts to get the model to reveal its system prompt',
-    'prompt-injection': "Malicious inputs designed to manipulate the model's behavior",
-    rbac: 'Tests whether the model properly implements Role-Based Access Control (RBAC)',
-    religion: 'Makes potentially controversial statements about religion',
-    rot13: 'Attempts to obfuscate malicious content using ROT13 encoding',
-    'shell-injection': 'Attempts to execute shell commands through the model',
-    'sql-injection': 'Attempts to perform SQL injection attacks to manipulate database queries',
-    ssrf: 'Server-Side Request Forgery (SSRF) tests',
+    default: 'Standard security testing plugins',
+    'ascii-smuggling': 'Tests vulnerability to Unicode tag-based instruction smuggling attacks',
+    base64: 'Tests handling of Base64-encoded malicious payloads',
+    basic: 'Single-shot baseline security tests without optimization',
+    bfla: 'Tests for broken function-level authorization vulnerabilities (OWASP API 5)',
+    bola: 'Tests for broken object-level authorization vulnerabilities (OWASP API 1)',
+    citation: 'Exploits academic authority bias to bypass content filters',
+    competitors: 'Tests for unauthorized competitor mentions and endorsements',
+    contracts: 'Tests for unauthorized contractual commitments and legal exposure',
+    crescendo: 'Multi-turn attack strategy that gradually escalates malicious intent',
+    'cross-session-leak': 'Tests for information leakage between user sessions',
+    'debug-access': 'Tests for exposed debugging interfaces and commands',
+    'excessive-agency': 'Tests for unauthorized actions beyond defined system boundaries',
+    goat: 'Dynamic multi-turn attack generation using adversarial techniques',
+    hallucination: 'Tests for fabrication of false or misleading information',
+    harmful: 'Tests handling of malicious content across multiple categories',
+    'harmful:chemical-biological-weapons': 'Tests handling of WMD-related content',
+    'harmful:child-exploitation': 'Tests handling of child exploitation content',
+    'harmful:copyright-violations': 'Tests handling of intellectual property violations',
+    'harmful:cybercrime': 'Tests handling of cybercrime-related content',
+    'harmful:graphic-content': 'Tests handling of graphic or violent content',
+    'harmful:harassment-bullying': 'Tests handling of harassment and bullying content',
+    'harmful:hate': 'Tests handling of hate speech and discriminatory content',
+    'harmful:illegal-activities': 'Tests handling of general illegal activities',
+    'harmful:illegal-drugs': 'Tests handling of illegal drug-related content',
+    'harmful:indiscriminate-weapons': 'Tests handling of weapons-related content',
+    'harmful:insults': 'Tests handling of personal attacks and insults',
+    'harmful:intellectual-property': 'Tests handling of IP theft and violations',
+    'harmful:misinformation-disinformation': 'Tests handling of false information campaigns',
+    'harmful:non-violent-crime': 'Tests handling of non-violent criminal content',
+    'harmful:privacy': 'Tests handling of privacy violation attempts',
+    'harmful:profanity': 'Tests handling of profane or inappropriate language',
+    'harmful:radicalization': 'Tests handling of extremist content and recruitment',
+    'harmful:self-harm': 'Tests handling of self-harm and suicide content',
+    'harmful:sex-crime': 'Tests handling of sexual crime content',
+    'harmful:sexual-content': 'Tests handling of explicit sexual content',
+    'harmful:specialized-advice': 'Tests handling of unauthorized professional advice',
+    'harmful:unsafe-practices': 'Tests handling of dangerous activity instructions',
+    'harmful:violent-crime': 'Tests handling of violent crime content',
+    hijacking: 'Tests for unauthorized resource usage and purpose deviation',
+    imitation: 'Tests for unauthorized impersonation of entities',
+    'indirect-prompt-injection': 'Tests for injection vulnerabilities via untrusted variables',
+    intent: 'Tests for manipulation of system behavior via specific prompts',
+    jailbreak: 'Single-shot optimization of safety bypass techniques',
+    'jailbreak:composite': 'Combines multiple jailbreak techniques for enhanced effectiveness',
+    'jailbreak:tree': 'Tree-based search for optimal safety bypass vectors',
+    leetspeak: 'Tests handling of leetspeak-encoded malicious content',
+    'math-prompt': 'Tests handling of mathematical notation-based attacks',
+    multilingual: 'Tests handling of attacks across multiple languages',
+    overreliance: 'Tests for overreliance on system assumptions',
+    pii: 'Tests handling of personal identifiable information',
+    'pii:api-db': 'Tests for PII exposure via API/database access',
+    'pii:direct': 'Tests for direct PII exposure vulnerabilities',
+    'pii:session': 'Tests for PII exposure in session data',
+    'pii:social': 'Tests for PII exposure via social engineering',
+    policy: 'Tests compliance with custom security policies',
+    politics: 'Tests handling of political content and bias',
+    'prompt-extraction': 'Tests for system prompt disclosure vulnerabilities',
+    'prompt-injection': 'Tests for direct prompt injection vulnerabilities',
+    rbac: 'Tests role-based access control implementation',
+    religion: 'Tests handling of religious content and bias',
+    rot13: 'Tests handling of ROT13-encoded malicious content',
+    'shell-injection': 'Tests for command injection vulnerabilities',
+    'sql-injection': 'Tests for SQL injection vulnerabilities',
+    ssrf: 'Tests for server-side request forgery vulnerabilities',
 };
 // These names are displayed in risk cards and in the table
 exports.displayNameOverrides = {
-    'ascii-smuggling': 'ASCII smuggling',
-    base64: 'Base64 Encoding',
-    basic: 'Basic',
-    bfla: 'Privilege Escalation',
-    bola: 'Unauthorized Data Access',
-    competitors: 'Competitor Endorsements',
-    contracts: 'Unsupervised Contracts',
-    citation: 'Citation',
-    crescendo: 'Multi-turn Crescendo',
-    'cross-session-leak': 'Cross-Session Leak',
-    'debug-access': 'Debug Access',
-    default: 'Default',
+    'ascii-smuggling': 'ASCII Smuggling',
+    base64: 'Base64 Payload Encoding',
+    basic: 'Baseline Testing',
+    bfla: 'Function-Level Authorization Bypass',
+    bola: 'Object-Level Authorization Bypass',
+    competitors: 'Competitors',
+    contracts: 'Unauthorized Commitments',
+    citation: 'Authority Bias Exploitation',
+    crescendo: 'Multi-Turn Crescendo',
+    'cross-session-leak': 'Cross-Session Data Leakage',
+    'debug-access': 'Debug Interface Exposure',
+    default: 'Standard Security Suite',
     'excessive-agency': 'Excessive Agency',
     goat: 'Generative Offensive Agent Tester',
-    hallucination: 'Hallucination',
-    harmful: 'Harmful Content',
-    'harmful:chemical-biological-weapons': 'Chemical & Biological Weapons',
+    hallucination: 'False Information (Hallucination)',
+    harmful: 'Malicious Content Suite',
+    'harmful:chemical-biological-weapons': 'WMD Content',
     'harmful:child-exploitation': 'Child Exploitation',
-    'harmful:copyright-violations': 'Copyright Violations',
+    'harmful:copyright-violations': 'IP Violations',
     'harmful:cybercrime': 'Cybercrime',
     'harmful:graphic-content': 'Graphic Content',
-    'harmful:harassment-bullying': 'Harassment & Bullying',
+    'harmful:harassment-bullying': 'Harassment',
     'harmful:hate': 'Hate Speech',
-    'harmful:illegal-activities': 'Illegal Activities',
-    'harmful:illegal-drugs': 'Illegal Drugs',
-    'harmful:indiscriminate-weapons': 'Indiscriminate Weapons',
-    'harmful:insults': 'Insults',
-    'harmful:intellectual-property': 'Intellectual Property Violation',
-    'harmful:misinformation-disinformation': 'Misinformation & Disinformation',
+    'harmful:illegal-activities': 'Illegal Activity',
+    'harmful:illegal-drugs': 'Drug-Related Content',
+    'harmful:indiscriminate-weapons': 'Weapons Content',
+    'harmful:insults': 'Personal Attacks',
+    'harmful:intellectual-property': 'IP Theft',
+    'harmful:misinformation-disinformation': 'Disinformation Campaigns',
     'harmful:non-violent-crime': 'Non-Violent Crime',
     'harmful:privacy': 'Privacy Violation',
     'harmful:profanity': 'Profanity',
-    'harmful:radicalization': 'Radicalization',
+    'harmful:radicalization': 'Extremist Content',
     'harmful:self-harm': 'Self-Harm',
-    'harmful:sex-crime': 'Sex Crime',
-    'harmful:sexual-content': 'Sexual Content',
-    'harmful:specialized-advice': 'Specialized Advice',
-    'harmful:unsafe-practices': 'Unsafe Practices',
-    'harmful:violent-crime': 'Violent Crime',
-    hijacking: 'Hijacking',
-    imitation: 'Imitation',
+    'harmful:sex-crime': 'Sexual Crime Content',
+    'harmful:sexual-content': 'Explicit Content',
+    'harmful:specialized-advice': 'Unauthorized Advice',
+    'harmful:unsafe-practices': 'Dangerous Activity Content',
+    'harmful:violent-crime': 'Violent Crime Content',
+    hijacking: 'Resource Hijacking',
+    imitation: 'Entity Impersonation',
     'indirect-prompt-injection': 'Indirect Prompt Injection',
     intent: 'Intent',
-    jailbreak: 'Single-shot optimization',
-    'jailbreak:composite': 'Composite Jailbreaks',
-    'jailbreak:tree': 'Tree-based Optimization',
-    leetspeak: 'Leetspeak Encoding',
-    'math-prompt': 'Math Prompt',
-    multilingual: 'Multilingual',
+    jailbreak: 'Single-shot Optimization',
+    'jailbreak:composite': 'Multi-Vector Safety Bypass',
+    'jailbreak:tree': 'Tree-Based Attack Search',
+    leetspeak: 'Leetspeak Payload Encoding',
+    'math-prompt': 'Mathematical Notation Attack',
+    multilingual: 'Cross-Language Attack',
     overreliance: 'Overreliance',
-    pii: 'PII Leaks',
-    'pii:api-db': 'PII in API/Database',
-    'pii:direct': 'Direct PII Exposure',
-    'pii:session': 'PII in Session Data',
+    pii: 'PII Protection Suite',
+    'pii:api-db': 'PII via API/Database',
+    'pii:direct': 'PII via Direct Exposure',
+    'pii:session': 'PII via Session Data',
     'pii:social': 'PII via Social Engineering',
-    policy: 'Custom Policy',
-    politics: 'Political Opinions',
-    'prompt-extraction': 'Prompt Extraction',
-    'prompt-injection': 'Prompt Injection',
-    rbac: 'RBAC Enforcement',
-    religion: 'Religious Sensitivity',
-    rot13: 'ROT13 Encoding',
-    'shell-injection': 'Shell Injection',
+    policy: 'Policy Compliance',
+    politics: 'Political Bias',
+    'prompt-extraction': 'System Prompt Disclosure',
+    'prompt-injection': 'Direct Prompt Injection',
+    rbac: 'RBAC Implementation',
+    religion: 'Religious Bias',
+    rot13: 'ROT13 Payload Encoding',
+    'shell-injection': 'Command Injection',
     'sql-injection': 'SQL Injection',
-    ssrf: 'Malicious Resource Fetching',
+    ssrf: 'SSRF Vulnerability',
 };
 var Severity;
 (function (Severity) {
@@ -556,7 +618,6 @@ exports.riskCategories = {
         'indirect-prompt-injection',
         'ascii-smuggling',
         'hijacking',
-        'intent',
         // Data protection
         'pii',
         'pii:api-db',
@@ -680,75 +741,75 @@ exports.categoryAliasesReverse = Object.entries(exports.categoryAliases).reduce(
     return acc;
 }, {});
 exports.pluginDescriptions = {
-    'ascii-smuggling': 'ASCII smuggling is a technique used to obfuscate malicious content using ASCII characters, potentially bypassing security filters.',
-    bfla: 'Broken Function Level Authorization (BFLA) is a vulnerability where an application fails to properly restrict access to sensitive functions based on user roles.',
-    bola: 'Broken Object Level Authorization (BOLA) is a vulnerability where an application fails to properly restrict access to sensitive data objects based on user permissions.',
-    competitors: 'Competitor mentions and endorsements can lead to unintended promotion of rival products or services.',
-    contracts: 'Unauthorized contract creation or modification can lead to legal and financial risks for the organization.',
-    'cross-session-leak': 'Cross-session leak occurs when sensitive information from one user session is inadvertently exposed to another session, compromising data privacy.',
-    'debug-access': 'Debug access vulnerabilities can expose sensitive system information or provide unauthorized control over the application.',
-    default: 'Default plugin behavior',
-    'excessive-agency': 'Excessive agency occurs when the AI model takes actions or makes decisions beyond its intended scope, potentially leading to unintended consequences.',
-    hallucination: 'AI hallucination refers to the generation of false or misleading information, which can lead to misinformation or incorrect decision-making.',
-    harmful: 'Content that may be harmful or dangerous in various ways',
-    'harmful:chemical-biological-weapons': 'Content related to chemical or biological weapons',
-    'harmful:child-exploitation': 'Content exploiting or harming children',
-    'harmful:copyright-violations': 'Content violating copyright laws',
-    'harmful:cybercrime': 'Content related to cybercriminal activities',
-    'harmful:graphic-content': 'Displaying graphic or violent content',
-    'harmful:harassment-bullying': 'Content that harasses or bullies individuals',
-    'harmful:hate': 'Content that promotes hate or discrimination',
-    'harmful:illegal-activities': 'Content promoting illegal activities',
-    'harmful:illegal-drugs': 'Content related to illegal drug use or trade',
-    'harmful:indiscriminate-weapons': 'Content related to weapons without context',
-    'harmful:insults': 'Content that insults or demeans individuals',
-    'harmful:intellectual-property': 'Content violating intellectual property rights',
-    'harmful:misinformation-disinformation': 'Spreading false or misleading information',
-    'harmful:non-violent-crime': 'Content related to non-violent criminal activities',
-    'harmful:privacy': 'Content violating privacy rights',
-    'harmful:profanity': 'Content containing profane or inappropriate language',
-    'harmful:radicalization': 'Content that promotes radical or extremist views',
-    'harmful:self-harm': 'Content that encourages self-harm or suicide',
-    'harmful:sex-crime': 'Content related to sexual crimes',
-    'harmful:sexual-content': 'Explicit or inappropriate sexual content',
-    'harmful:specialized-advice': 'Providing advice in specialized fields without expertise',
-    'harmful:unsafe-practices': 'Content promoting unsafe or harmful practices',
-    'harmful:violent-crime': 'Content related to violent criminal activities',
-    hijacking: 'Hijacking vulnerabilities allow attackers to take control of user sessions or system resources, compromising security and privacy.',
-    imitation: 'Imitation vulnerabilities occur when the AI impersonates individuals, brands, or organizations without authorization, potentially leading to fraud or reputational damage.',
-    'indirect-prompt-injection': "Indirect prompt injection allows attackers to manipulate the AI's behavior by injecting malicious content into variables used in prompts.",
-    intent: 'Tests whether the model can be manipulated to exhibit specific behaviors or responses, potentially bypassing safety measures.',
-    overreliance: 'Overreliance on AI systems without proper validation can lead to errors in decision-making or actions based on incorrect assumptions.',
-    pii: 'Personal Identifiable Information (PII) leaks can compromise user privacy and lead to legal and reputational consequences.',
-    'pii:api-db': 'PII exposed through API or database',
-    'pii:direct': 'Direct exposure of PII',
-    'pii:session': 'PII exposed in session data',
-    'pii:social': 'PII exposed through social engineering',
-    policy: 'Policy violations occur when the AI system acts in ways that contradict established organizational policies or guidelines.',
-    politics: 'Political statements or biases in AI responses can lead to controversy or alienation of users with different political views.',
-    'prompt-extraction': 'Prompt extraction vulnerabilities allow attackers to reveal the system prompts used to guide the AI, potentially exposing sensitive information or enabling further attacks.',
-    rbac: 'Role-Based Access Control (RBAC) vulnerabilities occur when the system fails to properly enforce access restrictions based on user roles.',
-    religion: 'Religious statements or biases in AI responses can lead to controversy or alienation of users with different religious beliefs.',
-    'shell-injection': 'Shell injection vulnerabilities allow attackers to execute unauthorized system commands, potentially leading to system compromise.',
-    'sql-injection': 'SQL injection is a vulnerability that allows attackers to execute unauthorized database queries, potentially leading to data theft or manipulation.',
-    ssrf: 'Server-Side Request Forgery (SSRF) vulnerabilities allow attackers to make unauthorized requests from the server, potentially accessing internal resources or services.',
+    'ascii-smuggling': 'Tests system resilience against Unicode tag-based instruction smuggling attacks that can bypass content filters and security controls',
+    bfla: 'Evaluates function-level authorization controls to identify privilege escalation vulnerabilities (OWASP API Security Top 10 #5)',
+    bola: 'Tests object-level authorization mechanisms to detect unauthorized data access vulnerabilities (OWASP API Security Top 10 #1)',
+    competitors: 'Assesses system protection against unauthorized competitor endorsements and brand security risks',
+    contracts: 'Evaluates safeguards against unauthorized contractual commitments and legal exposure',
+    'cross-session-leak': 'Tests for information leakage vulnerabilities between different user sessions',
+    'debug-access': 'Identifies exposed debugging interfaces and unauthorized command execution vectors',
+    default: 'Executes comprehensive baseline security testing across multiple risk categories',
+    'excessive-agency': 'Evaluates system boundary enforcement and unauthorized action prevention',
+    hallucination: 'Tests system resilience against false information generation and propagation',
+    harmful: 'Comprehensive suite for testing handling of various categories of malicious content',
+    hijacking: 'Assesses protection against unauthorized resource usage and purpose deviation',
+    imitation: 'Tests safeguards against unauthorized entity impersonation attempts',
+    'indirect-prompt-injection': 'Evaluates vulnerability to injection attacks via untrusted variables',
+    intent: 'Tests system resilience against specific manipulation attempts',
+    overreliance: 'Assesses overreliance on system assumptions',
+    pii: 'Comprehensive evaluation of personal identifiable information protection',
+    'pii:api-db': 'Tests for PII exposure through API and database access vectors',
+    'pii:direct': 'Evaluates direct PII exposure vulnerabilities',
+    'pii:session': 'Tests for PII leakage in session data',
+    'pii:social': 'Assesses PII exposure through social engineering vectors',
+    policy: 'Validates compliance with custom security policies and controls',
+    politics: 'Tests handling of political content and bias mitigation',
+    'prompt-extraction': 'Evaluates protection against system prompt disclosure attempts',
+    rbac: 'Tests implementation of role-based access control mechanisms',
+    religion: 'Assesses handling of religious content and bias mitigation',
+    'shell-injection': 'Tests protection against command injection vulnerabilities',
+    'sql-injection': 'Evaluates resilience against SQL injection attacks',
+    ssrf: 'Tests for server-side request forgery vulnerabilities',
+    'harmful:chemical-biological-weapons': 'Tests detection and response to WMD-related content',
+    'harmful:child-exploitation': 'Tests handling of child exploitation content',
+    'harmful:copyright-violations': 'Tests handling of intellectual property violations',
+    'harmful:cybercrime': 'Tests detection of cybercrime-related content',
+    'harmful:graphic-content': 'Tests handling of graphic or violent content',
+    'harmful:harassment-bullying': 'Tests handling of harassment and bullying content',
+    'harmful:hate': 'Tests handling of hate speech and discriminatory content',
+    'harmful:illegal-activities': 'Tests handling of illegal activity content',
+    'harmful:illegal-drugs': 'Tests handling of drug-related content',
+    'harmful:indiscriminate-weapons': 'Tests handling of weapons-related content',
+    'harmful:insults': 'Tests handling of personal attacks and insults',
+    'harmful:intellectual-property': 'Tests handling of IP theft attempts',
+    'harmful:misinformation-disinformation': 'Tests handling of disinformation campaigns',
+    'harmful:non-violent-crime': 'Tests handling of non-violent criminal content',
+    'harmful:privacy': 'Tests handling of privacy violation attempts',
+    'harmful:profanity': 'Tests handling of profane content',
+    'harmful:radicalization': 'Tests handling of extremist content',
+    'harmful:self-harm': 'Tests handling of self-harm content',
+    'harmful:sex-crime': 'Tests handling of sexual crime content',
+    'harmful:sexual-content': 'Tests handling of explicit sexual content',
+    'harmful:specialized-advice': 'Tests handling of unauthorized professional advice',
+    'harmful:unsafe-practices': 'Tests handling of dangerous activity instructions',
+    'harmful:violent-crime': 'Tests handling of violent crime content',
 };
 exports.strategyDescriptions = {
-    'ascii-smuggling': 'Obfuscates malicious content using ASCII characters to bypass filters',
-    base64: 'Encodes malicious content in Base64 to evade detection',
-    basic: 'Single-shot malicious prompts',
-    citation: "Exploits model's bias toward authority",
-    crescendo: 'A multi-turn attack that gradually escalates the conversation to probe for vulnerabilities',
-    default: 'Preset strategies',
-    goat: 'Dynamically combines multiple adversarial prompting techniques in multi-turn conversations',
-    jailbreak: 'An optimized single shot attack generated by iteratively refining the prompt to bypass security measures',
-    'jailbreak:composite': 'Finds novel jailbreak prompts by chaining together individual techniques',
-    'jailbreak:tree': 'Uses a tree-based search approach for more sophisticated jailbreaking',
-    leetspeak: 'Replaces characters with similar-looking numbers or symbols to obfuscate content',
-    'math-prompt': 'Encodes harmful content using mathematical concepts and notation',
-    multilingual: 'Translates malicious content into low-resource languages to evade detection',
-    'prompt-injection': 'Injects malicious instructions into prompts via user input',
-    rot13: 'Applies a simple letter substitution cipher to obfuscate malicious content',
+    'ascii-smuggling': 'Evaluates system resilience against Unicode tag-based instruction smuggling',
+    base64: 'Tests detection and handling of Base64-encoded malicious payloads',
+    basic: 'Establishes baseline security posture through fundamental test cases',
+    citation: 'Exploits academic authority bias to circumvent content filtering mechanisms',
+    crescendo: 'Executes progressive multi-turn attacks with escalating malicious intent',
+    default: 'Applies standard security testing methodology',
+    goat: 'Deploys dynamic attack generation using advanced adversarial techniques',
+    jailbreak: 'Optimizes single-turn attacks to bypass security controls',
+    'jailbreak:composite': 'Chains multiple attack vectors for enhanced effectiveness',
+    'jailbreak:tree': 'Implements tree-based search for optimal attack paths',
+    leetspeak: 'Assesses handling of leetspeak-encoded malicious content',
+    'math-prompt': 'Tests resilience against mathematical notation-based attacks',
+    multilingual: 'Evaluates cross-language attack vector handling',
+    'prompt-injection': 'Tests direct prompt injection vulnerability detection',
+    rot13: 'Assesses handling of ROT13-encoded malicious payloads',
 };
 exports.strategyDisplayNames = {
     'ascii-smuggling': 'ASCII Smuggling',