microsoft · rlundeen2 · Mar 24, 2026 · Mar 20, 2026 · Mar 21, 2026 · Mar 21, 2026
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -28,4 +28,13 @@ Do NOT leave comments about:
 
 Aim for fewer, higher-signal comments. A review with 2-3 important comments is better than 15 trivial ones.
 
-Follow `.github/instructions/style-guide.instructions.md` for style guidelines. And look in `.github/instructions/` for specific instructions on the different components.
+## Instruction Files
+
+BEFORE editing or code-reviewing any file, you MUST read the `.github/instructions/` files whose `applyTo` patterns match the files you are about to edit. For example:
+- Editing/code-reviewing `pyrit/**/*.py` → read `style-guide.instructions.md` and `user-custom.instructions.md`
+- Editing/code-reviewing `pyrit/scenario/**` → also read `scenarios.instructions.md`
+- Editing/code-reviewing `pyrit/prompt_converter/**` → also read `converters.instructions.md`
+- Editing/code-reviewing `tests/**` → also read `test.instructions.md`
+- Editing/code-reviewing `doc/**/*.py` or `doc/**/*.ipynb` → also read `docs.instructions.md`
+
+Follow every rule in the applicable instruction files. Do not skip this step.
diff --git a/.pyrit_conf_example b/.pyrit_conf_example
@@ -24,6 +24,8 @@ memory_db_type: sqlite
 # Available initializers:
 # - simple: Basic OpenAI configuration (requires OPENAI_CHAT_* env vars)
 # - airt: AI Red Team setup with Azure OpenAI (requires AZURE_OPENAI_* env vars)
+# - targets: Registers available prompt targets into the TargetRegistry
+# - scorers: Registers pre-configured scorers into the ScorerRegistry
 # - load_default_datasets: Loads default datasets for all registered scenarios
 # - objective_list: Sets default objectives for scenarios
 # - openai_objective_target: Sets up OpenAI target for scenarios
@@ -38,13 +40,14 @@ memory_db_type: sqlite
 # Example:
 # initializers:
 #   - simple
-#   - name: target
+#   - name: targets
 #     args:
 #       tags:
 #         - default
 #         - scorer
 initializers:
   - name: simple
+  - name: load_default_datasets
   - name: scorers
   - name: targets
     args:

diff --git a/doc/code/scenarios/1_configuring_scenarios.ipynb b/doc/code/scenarios/1_configuring_scenarios.ipynb
@@ -36,8 +36,9 @@
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "Found default environment files: ['./.pyrit/.env']\n",
-      "Loaded environment file: ./.pyrit/.env\n"
+      "Found default environment files: ['./.pyrit/.env', './.pyrit/.env.local']\n",
+      "Loaded environment file: ./.pyrit/.env\n",
+      "Loaded environment file: ./.pyrit/.env.local\n"
      ]
     }
    ],
@@ -74,47 +75,7 @@
      "name": "stderr",
      "output_type": "stream",
      "text": [
-      "\r",
-      "Loading datasets - this can take a few minutes:   0%|                                      | 0/46 [00:00<?, ?dataset/s]"
-     ]
-    },
-    {
-     "name": "stderr",
-     "output_type": "stream",
-     "text": [
-      "\r",
-      "Loading datasets - this can take a few minutes:   2%|▋                             | 1/46 [00:00<00:20,  2.20dataset/s]"
-     ]
-    },
-    {
-     "name": "stderr",
-     "output_type": "stream",
-     "text": [
-      "\r",
-      "Loading datasets - this can take a few minutes:  43%|████████████▌                | 20/46 [00:00<00:00, 45.31dataset/s]"
-     ]
-    },
-    {
-     "name": "stderr",
-     "output_type": "stream",
-     "text": [
-      "\r",
-      "Loading datasets - this can take a few minutes:  67%|███████████████████▌         | 31/46 [00:00<00:00, 39.43dataset/s]"
-     ]
-    },
-    {
-     "name": "stderr",
-     "output_type": "stream",
-     "text": [
-      "\r",
-      "Loading datasets - this can take a few minutes: 100%|█████████████████████████████| 46/46 [00:00<00:00, 51.19dataset/s]"
-     ]
-    },
-    {
-     "name": "stderr",
-     "output_type": "stream",
-     "text": [
-      "\n"
+      "Loading datasets - this can take a few minutes: 100%|██████████| 58/58 [00:00<00:00, 69.09dataset/s]\n"
      ]
     }
    ],
@@ -222,7 +183,7 @@
     {
      "data": {
       "application/vnd.jupyter.widget-view+json": {
-       "model_id": "fe242b7b0aaa476187fb5643e41cdd94",
+       "model_id": "811109e1b31543f3835ee76ed5c708bd",
        "version_major": 2,
        "version_minor": 0
       },
@@ -268,7 +229,7 @@
       "\u001b[1m  📋 Scenario Details\u001b[0m\n",
       "\u001b[36m    • Name: RedTeamAgent\u001b[0m\n",
       "\u001b[36m    • Scenario Version: 1\u001b[0m\n",
-      "\u001b[36m    • PyRIT Version: 0.10.1.dev0\u001b[0m\n",
+      "\u001b[36m    • PyRIT Version: 0.11.1.dev0\u001b[0m\n",
       "\u001b[36m    • Description:\u001b[0m\n",
       "\u001b[36m        RedTeamAgent is a preconfigured scenario that automatically generates multiple AtomicAttack instances based on\u001b[0m\n",
       "\u001b[36m        the specified attack strategies. It supports both single-turn attacks (with various converters) and multi-turn\u001b[0m\n",
@@ -280,58 +241,49 @@
       "\u001b[1m  🎯 Target Information\u001b[0m\n",
       "\u001b[36m    • Target Type: OpenAIChatTarget\u001b[0m\n",
       "\u001b[36m    • Target Model: gpt-4o\u001b[0m\n",
-      "\u001b[36m    • Target Endpoint: https://pyrit-japan-test.openai.azure.com/openai/v1\u001b[0m\n",
+      "\u001b[36m    • Target Endpoint: https://pyrit-dev.openai.azure.com/openai/v1\u001b[0m\n",
       "\n",
       "\u001b[1m  📊 Scorer Information\u001b[0m\n",
       "\u001b[37m    ▸ Scorer Identifier\u001b[0m\n",
-      "\u001b[36m      • Scorer Type: TrueFalseCompositeScorer\u001b[0m\n",
-      "\u001b[36m      • Score Aggregator: AND_\u001b[0m\n",
-      "\u001b[36m        └─ Composite of 2 scorer(s):\u001b[0m\n",
-      "\u001b[36m            • Scorer Type: FloatScaleThresholdScorer\u001b[0m\n",
-      "\u001b[36m            • Score Aggregator: OR_\u001b[0m\n",
-      "\u001b[36m            • threshold: 0.5\u001b[0m\n",
-      "\u001b[36m            • float_scale_aggregator: MAX_\u001b[0m\n",
-      "\u001b[36m              └─ Composite of 1 scorer(s):\u001b[0m\n",
-      "\u001b[36m                  • Scorer Type: AzureContentFilterScorer\u001b[0m\n",
-      "\u001b[36m                  • score_categories: ['Hate', 'SelfHarm', 'Sexual', 'Violence']\u001b[0m\n",
-      "\u001b[36m            • Scorer Type: TrueFalseInverterScorer\u001b[0m\n",
-      "\u001b[36m            • Score Aggregator: OR_\u001b[0m\n",
-      "\u001b[36m              └─ Composite of 1 scorer(s):\u001b[0m\n",
-      "\u001b[36m                  • Scorer Type: SelfAskRefusalScorer\u001b[0m\n",
-      "\u001b[36m                  • Target Model: gpt-4o\u001b[0m\n",
-      "\u001b[36m                  • Temperature: 0.9\u001b[0m\n",
-      "\u001b[36m                  • Score Aggregator: OR_\u001b[0m\n",
+      "\u001b[36m      • Scorer Type: TrueFalseInverterScorer\u001b[0m\n",
+      "\u001b[36m      • scorer_type: true_false\u001b[0m\n",
+      "\u001b[36m      • score_aggregator: OR_\u001b[0m\n",
+      "\u001b[36m        └─ Composite of 1 scorer(s):\u001b[0m\n",
+      "\u001b[36m            • Scorer Type: SelfAskRefusalScorer\u001b[0m\n",
+      "\u001b[36m            • scorer_type: true_false\u001b[0m\n",
+      "\u001b[36m            • score_aggregator: OR_\u001b[0m\n",
+      "\u001b[36m            • model_name: gpt-4o\u001b[0m\n",
       "\n",
       "\u001b[37m    ▸ Performance Metrics\u001b[0m\n",
-      "\u001b[31m      • Accuracy: 54.05%\u001b[0m\n",
-      "\u001b[36m      • Accuracy Std Error: ±0.0410\u001b[0m\n",
-      "\u001b[31m      • F1 Score: 0.2273\u001b[0m\n",
-      "\u001b[36m      • Precision: 0.7143\u001b[0m\n",
-      "\u001b[31m      • Recall: 0.1351\u001b[0m\n",
-      "\u001b[36m      • Average Score Time: 0.76s\u001b[0m\n",
+      "\u001b[36m      • Accuracy: 84.84%\u001b[0m\n",
+      "\u001b[36m      • Accuracy Std Error: ±0.0185\u001b[0m\n",
+      "\u001b[36m      • F1 Score: 0.8606\u001b[0m\n",
+      "\u001b[36m      • Precision: 0.7928\u001b[0m\n",
+      "\u001b[32m      • Recall: 0.9412\u001b[0m\n",
+      "\u001b[36m      • Average Score Time: 1.27s\u001b[0m\n",
       "\n",
       "\u001b[1m\u001b[36m▼ Overall Statistics\u001b[0m\n",
       "\u001b[36m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
       "\u001b[1m  📈 Summary\u001b[0m\n",
       "\u001b[32m    • Total Strategies: 4\u001b[0m\n",
       "\u001b[32m    • Total Attack Results: 8\u001b[0m\n",
-      "\u001b[32m    • Overall Success Rate: 0%\u001b[0m\n",
+      "\u001b[36m    • Overall Success Rate: 25%\u001b[0m\n",
       "\u001b[32m    • Unique Objectives: 4\u001b[0m\n",
       "\n",
       "\u001b[1m\u001b[36m▼ Per-Strategy Breakdown\u001b[0m\n",
       "\u001b[36m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
       "\n",
       "\u001b[1m  🔸 Strategy: baseline\u001b[0m\n",
       "\u001b[33m    • Number of Results: 2\u001b[0m\n",
-      "\u001b[32m    • Success Rate: 0%\u001b[0m\n",
+      "\u001b[33m    • Success Rate: 50%\u001b[0m\n",
       "\n",
       "\u001b[1m  🔸 Strategy: base64\u001b[0m\n",
       "\u001b[33m    • Number of Results: 2\u001b[0m\n",
       "\u001b[32m    • Success Rate: 0%\u001b[0m\n",
       "\n",
       "\u001b[1m  🔸 Strategy: binary\u001b[0m\n",
       "\u001b[33m    • Number of Results: 2\u001b[0m\n",
-      "\u001b[32m    • Success Rate: 0%\u001b[0m\n",
+      "\u001b[33m    • Success Rate: 50%\u001b[0m\n",
       "\n",
       "\u001b[1m  🔸 Strategy: ComposedStrategy(caesar, char_swap)\u001b[0m\n",
       "\u001b[33m    • Number of Results: 2\u001b[0m\n",

diff --git a/pyrit/registry/instance_registries/base_instance_registry.py b/pyrit/registry/instance_registries/base_instance_registry.py
@@ -204,6 +204,29 @@ def get_by_tag(
                 results.append(entry)
         return results
 
+    def add_tags(
+        self,
+        *,
+        name: str,
+        tags: Union[dict[str, str], list[str]],
+    ) -> None:
+        """
+        Add tags to an existing registry entry.
+
+        Args:
+            name: The registry name of the entry to tag.
+            tags: Tags to add. Accepts a ``dict[str, str]``
+                or a ``list[str]`` (each string becomes a key with value ``""``).
+
+        Raises:
+            KeyError: If no entry with the given name exists.
+        """
+        entry = self._registry_items.get(name)
+        if entry is None:
+            raise KeyError(f"No entry named '{name}' in registry.")
+        entry.tags.update(self._normalize_tags(tags))
+        self._metadata_cache = None
+
     def list_metadata(
         self,
         *,

diff --git a/pyrit/scenario/core/scenario.py b/pyrit/scenario/core/scenario.py
@@ -24,14 +24,15 @@
 from pyrit.memory.memory_models import ScenarioResultEntry
 from pyrit.models import AttackResult
 from pyrit.models.scenario_result import ScenarioIdentifier, ScenarioResult
-from pyrit.prompt_target import PromptTarget
+from pyrit.prompt_target import OpenAIChatTarget, PromptTarget
+from pyrit.registry import ScorerRegistry
 from pyrit.scenario.core.atomic_attack import AtomicAttack
 from pyrit.scenario.core.dataset_configuration import DatasetConfiguration
 from pyrit.scenario.core.scenario_strategy import (
     ScenarioCompositeStrategy,
     ScenarioStrategy,
 )
-from pyrit.score import Scorer, TrueFalseScorer
+from pyrit.score import Scorer, SelfAskRefusalScorer, TrueFalseInverterScorer, TrueFalseScorer
 
 if TYPE_CHECKING:
     from pyrit.executor.attack.core.attack_config import AttackScoringConfig
@@ -171,6 +172,19 @@ def default_dataset_config(cls) -> DatasetConfiguration:
             DatasetConfiguration: The default dataset configuration.
         """
 
+    def _get_default_objective_scorer(self) -> TrueFalseScorer:
+        # Deferred import to avoid circular dependency:
+        from pyrit.setup.initializers.components.scorers import ScorerInitializerTags
+
+        entries = ScorerRegistry.get_registry_singleton().get_by_tag(tag=ScorerInitializerTags.DEFAULT_OBJECTIVE_SCORER)
+        if entries and isinstance(entries[0].instance, TrueFalseScorer):
+            scorer = entries[0].instance
+            logger.info(f"Using registered default objective scorer: {type(scorer).__name__}")
+            return scorer
+        scorer = TrueFalseInverterScorer(scorer=SelfAskRefusalScorer(chat_target=OpenAIChatTarget()))
+        logger.info(f"No registered default objective scorer found, using fallback: {type(scorer).__name__}")
+        return scorer
+
     @apply_defaults
     async def initialize_async(
         self,

diff --git a/pyrit/scenario/scenarios/airt/content_harms.py b/pyrit/scenario/scenarios/airt/content_harms.py
@@ -28,7 +28,7 @@
     ScenarioCompositeStrategy,
     ScenarioStrategy,
 )
-from pyrit.score import SelfAskRefusalScorer, TrueFalseInverterScorer, TrueFalseScorer
+from pyrit.score import TrueFalseScorer
 
 logger = logging.getLogger(__name__)
 
@@ -185,8 +185,9 @@ def __init__(
                 removed_in="0.13.0",
             )
 
-        self._objective_scorer: TrueFalseScorer = objective_scorer if objective_scorer else self._get_default_scorer()
-        self._scorer_config = AttackScoringConfig(objective_scorer=self._objective_scorer)
+        self._objective_scorer: TrueFalseScorer = (
+            objective_scorer if objective_scorer else self._get_default_objective_scorer()
+        )
         self._adversarial_chat = adversarial_chat if adversarial_chat else self._get_default_adversarial_target()
 
         super().__init__(
@@ -206,19 +207,6 @@ def _get_default_adversarial_target(self) -> OpenAIChatTarget:
             temperature=1.2,
         )
 
-    def _get_default_scorer(self) -> TrueFalseInverterScorer:
-        endpoint = os.environ.get("AZURE_OPENAI_GPT4O_UNSAFE_CHAT_ENDPOINT")
-        return TrueFalseInverterScorer(
-            scorer=SelfAskRefusalScorer(
-                chat_target=OpenAIChatTarget(
-                    endpoint=endpoint,
-                    api_key=get_azure_openai_auth(endpoint),
-                    model_name=os.environ.get("AZURE_OPENAI_GPT4O_UNSAFE_CHAT_MODEL"),
-                    temperature=0.9,
-                )
-            ),
-        )
-
     def _resolve_seed_groups_by_harm(self) -> dict[str, list[SeedAttackGroup]]:
         """
         Resolve seed groups from deprecated objectives_by_harm or dataset configuration.
@@ -310,7 +298,7 @@ def _get_single_turn_attacks(
         """
         prompt_sending_attack = PromptSendingAttack(
             objective_target=self._objective_target,
-            attack_scoring_config=self._scorer_config,
+            attack_scoring_config=AttackScoringConfig(objective_scorer=self._objective_scorer),
         )
 
         role_play_attack = RolePlayAttack(
@@ -356,7 +344,7 @@ def _get_multi_turn_attacks(
         """
         many_shot_jailbreak_attack = ManyShotJailbreakAttack(
             objective_target=self._objective_target,
-            attack_scoring_config=self._scorer_config,
+            attack_scoring_config=AttackScoringConfig(objective_scorer=self._objective_scorer),
         )
 
         tap_attack = TreeOfAttacksWithPruningAttack(

diff --git a/pyrit/scenario/scenarios/airt/jailbreak.py b/pyrit/scenario/scenarios/airt/jailbreak.py
@@ -25,8 +25,6 @@
 from pyrit.scenario.core.scenario import Scenario
 from pyrit.scenario.core.scenario_strategy import ScenarioCompositeStrategy, ScenarioStrategy
 from pyrit.score import (
-    SelfAskRefusalScorer,
-    TrueFalseInverterScorer,
     TrueFalseScorer,
 )
 
@@ -156,9 +154,9 @@ def __init__(
                 " or `jailbreak_names` (specific selection)."
             )
 
-        if not objective_scorer:
-            objective_scorer = self._get_default_objective_scorer()
-        self._scorer_config = AttackScoringConfig(objective_scorer=objective_scorer)
+        self._objective_scorer: TrueFalseScorer = (
+            objective_scorer if objective_scorer else self._get_default_objective_scorer()
+        )
 
         self._num_templates = num_templates
         self._num_attempts = num_attempts
@@ -183,36 +181,14 @@ def __init__(
         super().__init__(
             version=self.VERSION,
             strategy_class=JailbreakStrategy,
-            objective_scorer=objective_scorer,
+            objective_scorer=self._objective_scorer,
             include_default_baseline=include_baseline,
             scenario_result_id=scenario_result_id,
         )
 
         # Will be resolved in _get_atomic_attacks_async
         self._seed_groups: Optional[list[SeedAttackGroup]] = None
 
-    def _get_default_objective_scorer(self) -> TrueFalseScorer:
-        """
-        Retrieve the default objective scorer.
-
-        The scoring mechanism detects non-refusal: if the target model refuses to
-        comply with the jailbreak attempt, we want that to register as a negative score.
-        A successful jailbreak (non-refusal) scores as True.
-
-        Returns:
-            TrueFalseScorer: A scorer that returns True when the model does NOT refuse.
-        """
-        endpoint = os.getenv("AZURE_OPENAI_GPT4O_UNSAFE_CHAT_ENDPOINT")
-        return TrueFalseInverterScorer(
-            scorer=SelfAskRefusalScorer(
-                chat_target=OpenAIChatTarget(
-                    endpoint=endpoint,
-                    api_key=get_azure_openai_auth(endpoint),
-                    model_name=os.environ.get("AZURE_OPENAI_GPT4O_UNSAFE_CHAT_MODEL"),
-                )
-            )
-        )
-
     def _create_adversarial_target(self) -> OpenAIChatTarget:
         """
         Create a new adversarial target instance.
@@ -292,7 +268,7 @@ async def _get_atomic_attack_from_strategy_async(
         attack: Optional[Union[ManyShotJailbreakAttack, PromptSendingAttack, RolePlayAttack, SkeletonKeyAttack]] = None
         args = {
             "objective_target": self._objective_target,
-            "attack_scoring_config": self._scorer_config,
+            "attack_scoring_config": AttackScoringConfig(objective_scorer=self._objective_scorer),
             "attack_converter_config": converter_config,
         }
         match strategy: