Fix ASR scoring: use score-based threshold instead of passed field#46000
Merged
slister1001 merged 4 commits intoAzure:mainfrom Mar 31, 2026
Merged
Fix ASR scoring: use score-based threshold instead of passed field#46000slister1001 merged 4 commits intoAzure:mainfrom
slister1001 merged 4 commits intoAzure:mainfrom
Conversation
The sync eval API's 'passed' field indicates whether the eval task completed successfully, NOT whether the content passed a safety check. Using 'not passed' to determine attack success always returns False (since passed=True for successful evals), resulting in 0% ASR even for clearly harmful content (e.g. raw_score=5.0 for violence). Fix: Replace passed-based logic with score-based threshold comparison matching _evaluation_processor.py. Use get_default_threshold_for_evaluator() (default=3 for 0-7 scale, 0 for binary) and compare raw_score > threshold. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-actions
bot
added
the
Evaluation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes Attack Success Rate (ASR) scoring for RAI sync evaluations by removing reliance on the sync eval API’s passed field (which indicates task completion, not safety pass/fail) and instead determining attack success via a score-vs-threshold comparison consistent with the red team evaluation processor.
Changes:
- Update red team scoring logic to compute attack success as
raw_score > get_default_threshold_for_evaluator(metric). - Remove
passedfrom the red team response/score metadata and stop parsingthreshold/passedfrom sync eval results. - Update unit tests to validate default-threshold behavior.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| sdk/evaluation/azure-ai-evaluation/azure/ai/evaluation/red_team/_utils/_rai_service_eval_chat_target.py | Switches attack-success logic to default-threshold score comparison and updates emitted metadata. |
| sdk/evaluation/azure-ai-evaluation/azure/ai/evaluation/red_team/_foundry/_rai_scorer.py | Switches Foundry scorer attack-success logic to default-threshold score comparison; adds severity-label fallback. |
| sdk/evaluation/azure-ai-evaluation/tests/unittests/test_redteam/test_rai_service_eval_chat_target.py | Aligns expectations with default-threshold scoring and removed passed metadata. |
| sdk/evaluation/azure-ai-evaluation/tests/unittests/test_redteam/test_foundry.py | Aligns Foundry scorer tests with default-threshold scoring and removed passed/threshold fields. |
...ion/azure-ai-evaluation/azure/ai/evaluation/red_team/_utils/_rai_service_eval_chat_target.py
Show resolved
Hide resolved
sdk/evaluation/azure-ai-evaluation/azure/ai/evaluation/red_team/_foundry/_rai_scorer.py
Outdated
Show resolved
Hide resolved
…or test - Fix get_harm_severity_level call to pass evaluator=metric_name_str so non-0-7-scale evaluators (e.g. task_adherence) get correct severity labels - Add test_score_async_binary_evaluator_threshold covering binary evaluator threshold (task_adherence, threshold=0) to verify score>0 logic Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
...ion/azure-ai-evaluation/azure/ai/evaluation/red_team/_utils/_rai_service_eval_chat_target.py
Outdated
Show resolved
Hide resolved
- Extract is_attack_successful() helper into _common/utils.py to avoid duplicating threshold comparison logic across _rai_scorer.py and _rai_service_eval_chat_target.py - Fix get_harm_severity_level call in _rai_service_eval_chat_target.py to pass evaluator name for correct pattern-specific severity labels - Add CHANGELOG entry for 1.16.3 describing the ASR scoring fix Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
BryceByDesign
approved these changes
Mar 31, 2026
slister1001
added a commit
that referenced
this pull request
Apr 1, 2026
…46000) * Fix ASR scoring: use score-based threshold instead of passed field The sync eval API's 'passed' field indicates whether the eval task completed successfully, NOT whether the content passed a safety check. Using 'not passed' to determine attack success always returns False (since passed=True for successful evals), resulting in 0% ASR even for clearly harmful content (e.g. raw_score=5.0 for violence). Fix: Replace passed-based logic with score-based threshold comparison matching _evaluation_processor.py. Use get_default_threshold_for_evaluator() (default=3 for 0-7 scale, 0 for binary) and compare raw_score > threshold. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Pass evaluator name to get_harm_severity_level and add binary evaluator test - Fix get_harm_severity_level call to pass evaluator=metric_name_str so non-0-7-scale evaluators (e.g. task_adherence) get correct severity labels - Add test_score_async_binary_evaluator_threshold covering binary evaluator threshold (task_adherence, threshold=0) to verify score>0 logic Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Deduplicate attack success logic, fix severity labels, add changelog - Extract is_attack_successful() helper into _common/utils.py to avoid duplicating threshold comparison logic across _rai_scorer.py and _rai_service_eval_chat_target.py - Fix get_harm_severity_level call in _rai_service_eval_chat_target.py to pass evaluator name for correct pattern-specific severity labels - Add CHANGELOG entry for 1.16.3 describing the ASR scoring fix Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The sync eval API's 'passed' field indicates whether the eval task completed successfully, NOT whether the content passed a safety check. Using 'not passed' to determine attack success always returns False (since passed=True for successful evals), resulting in 0% ASR even for clearly harmful content (e.g. raw_score=5.0 for violence).
Fix: Replace passed-based logic with score-based threshold comparison matching _evaluation_processor.py. Use get_default_threshold_for_evaluator() (default=3 for 0-7 scale, 0 for binary) and compare raw_score > threshold.
Description
Please add an informative description that covers that changes made by the pull request and link all relevant issues.
If an SDK is being regenerated based on a new API spec, a link to the pull request containing these API spec changes should be included above.
All SDK Contribution checklist:
General Guidelines and Best Practices
Testing Guidelines