v0.14.0

What's changed?

Welcome to PyRIT v0.14.0! We've continued to expand the library with lots of new features. This release has a significant number of renames and refactors, so read the "Breaking Changes" section below carefully.

⚠️ Breaking Changes

Please review the deprecation notes and migration guidance before upgrading.

• Core models migrated to Pydantic v2 — Message (#1885), MessagePiece (#1871), Score (#1891), AttackResult (#1899), ScenarioResult (#1908), the Seed* classes (#1898), Identifier classes (#1881), and other leaf types (#1769). Construction is now stricter (keyword-only, extra fields rejected) — update any positional or ad-hoc construction.
• _async suffix enforced on all async functions across pyrit/; some async helpers were renamed (#1889, #1744).
• Output/printer refactor — printers consolidated into a lightweight pyrit.output module; use await output_attack_async(result, ...) (with the new blur_images flag) instead of the old printer objects (#1732, #1768).
• Renames: SeedDatasetProvider.fetch_dataset → fetch_dataset_async (#1735); BASELINE_POLICY → BASELINE_ATTACK_POLICY (#1763).
• Removed all functionality previously deprecated for v0.14.0 (#1748).
• GCG is now experimental (emits ExperimentalWarning) with a new GCG/GCGConfig public API; fastchat dependency dropped (#1792, #1049, #1861).
• New deprecations (still functional, slated for removal): PromptChatTarget (#1678), Dall-E-specific image params (#1661), use_entra_auth on Azure Speech converters (#1634), MemoryExporter/export_conversations (#1870), display_image_response_async (#1930), label on MessagePiece (#1670), raise in PrependedConversationConfig (#1731), split kwarg on 8 single-split HF loaders (#1901), AtomicAttack(attack=...) (#1743, for v0.16.0), and ContentHarms/Originator aliases (#1816).

---

🎯 Targets & Attacks

• Round Robin Target (#1761) and Realtime streaming session support + server-side barge-in attack (#1766).
• TAP gains image functionality (#1036); PAIRAttack added as a TAP alias with PAIR-definitional defaults (#1822); StrategySequenceAttack compound primitive (#1819).
• single_turn_crescendo technique with adversarial config (#1665) and crescendo persona techniques — movie director, history lecture, journalist interview (#1677).
• Runtime capability discovery for prompt targets + migration to TargetConfiguration checks (#1699, #1645, #1778); an additional Microsoft target for api-version-sensitive Azure AI endpoints (#1730); HuggingFace reproducibility params + endpoint-target deprecation (#1672).
• New converters: image color-saturation/resize/rotate (#1633), Image Filter (#1669), ImageOverlay (#1764), and an Arabic adversarial set — Bidi (#1832), Tatweel/kashida (#1869), ArabicPresentationForm (#1888), Arabizi (#1906); plus generalized AddTextImage/AddImageConverter (#1591) and Translation/Variation/Persuasion now inheriting LLMGenericTextConverter (#1714).

📚 Datasets

New loaders: VLGuard (#1447), ComicJailbreak (#1591), MOSSBench (#1786), FigStep/SafeBench (#1787), MSTS (#1757), SGXSTest (#1754), HiXSTest (#1755), DangerousQA (#1751), CategoricalHarmfulQA/CatQA (#1749), CoCoNot (#1802), SIUO (#1799), StrongREJECT (#1800), DecodingTrust Toxicity (#1821), JailbreakV-28k (#1098), Agent Threat Rules/ATR (#1715), SALT-NLP MIC (#1831), and 0DIN JEF n-day sets (#1398). Plus class-level metadata backfill + author/affiliation YAML enrichment across datasets (#1780, #1834) and a shared multimodal image-fetch helper (#1776).

📊 Scoring

• RegexScorer + CredentialLeakScorer for regex-based secret detection (#1704).
• PromptInjectionScorer (OWASP LLM01) (#1774) and an OWASP LLM02 output-side pack — XSS / SQLi / Shell / Path (#1868); 0DIN JEF keyword scorers (#1398).
• Score partial content from content-filtered responses (#1689); unified error/blocked-response scoring across scorers (#1770).

🖥️ CoPyRIT (GUI) & CLI

• Isolated GUI deployment automation + guide, storage-account provisioning, inline Container App secret with Key Vault lockdown, and AKV-referenced secrets (#1655, #1658, #1693, #1721, #1836).
• REST API for scenarios: listing endpoints, run, parameters/initializers, and initializer scripts (#1666, #1696, #1724, #1728); custom scenario parameters via CLI/YAML (#1680).
• GUI UX: signed-in user display (#1636), searchable Attack History filters (#1643), Entra auth for new targets (#1762), AzureML target support (#1681), modality-aware send blocking (#1692), Home landing page (#1750), chat ribbon redesign + contrast/label fixes (#1736, #1708, #1711), structured capability columns (#1691), pretty-printed JSON responses (#1706), and a frontend core refactor (#1753).

🧩 Framework internals

• DB schema tracking via Alembic, including a safe upgrade path from 0.13.0 (#1631, #1772, #1895).
• Memory-interface batching (#1325); lazy imports for startup performance (#1668); eliminated blocking I/O on async paths (#1878).
• Migration mypy → ty with strict typing (#1319, #1515); Python 3.14 support (#1130); pathlib + JSON-serialization standardization and to_dict/from_dict roundtrips (#1877, #1815, #1813, #1738); defined pyrit.models boundary and moved Identifiers into it (#1771, #1858).

🔃 Scenarios

• New Rapid Response (#1622), Adversarial Benchmark (#1662, refactor #1765), and text-adaptive (#1760) scenarios.
• Better scenario tracking (#1758), parallel atomic-attack execution (#1783), per-group success-rate sorting (#1809), scenario/attack error propagation (#1720), technique-registry consolidation (#1654, #1785), Leakage scenario refactor (#1687), and unified default adversarial/scorer target wiring (#1695).

🔒 Security

• Stopped leaking absolute media paths and SAS tokens in Attack History "Last Message" (#1865).
• Resolved 38+ Dependabot vulnerabilities (#1683, #1701) and specific CVEs: starlette BadHost CVE-2026-48710 (#1818), idna CVE-2026-45409 (#1796), and ws GHSA-58qx-3vcg-4xpx (#1873); plus Key Vault lockdown for GUI deployments (#1721, #1836).

🧪 Tests & Tooling

• Added Dependabot configuration (#1835) and a broad ruff/ty/CI dependency-bump rollout; merge-queue CI support (#1663).
• GCG unit/integration tests no longer hit HuggingFace (#1684, #1886); unit-test speedups and flaky-test fixes (#1872, #1874, #1716, #1795, #1797); build-script tests (#1642); kernelspec-stripping pre-commit hook (#1637).

📖 Docs

• Multi-version docs on GitHub Pages (replaces ReadTheDocs) (#1866); auto-linked API symbol references (#1823); scoring docs refactor (#1892); citation/bibliography cleanup (#1686, #1747); MyST cross-reference polish + reST-role removal (#1824, #1782); cross-OS troubleshooting + per-OS ODBC steps (#1932); simplified Getting Started (#1727); dataset-loader contributor guide (#1775); Scoring Evaluations blog (#1617).

🐛 Bug Fixes and Improvements

See the full changelog below for everything else.

Full list of changes

• FIX add image input for oai chat by default by @hannahwestra25 in #1628
• FIX: resolve npm path in prepare_package.py on Windows by @adrian-gavrila in #1629
• FEAT normalize messages before sending by @hannahwestra25 in #1613
• DOC: Scoring Evaluations Blog by @jsong468 in #1617
• MAINT: Refactoring scenario strategy selection by @rlundeen2 in #1627
• MAINT post-0.13.0 release update to 0.14.0.dev0 by @adrian-gavrila in #1630
• FEAT update target identifier by @hannahwestra25 in #1632
• MAINT: enable strict mypy checking and fix violations by @tejas0077 in #1515
• FEAT: Add ComicJailbreak multimodal dataset loader and generalize AddTextImageConverter & AddImageTextConverter by @romanlutz in #1591
• Normalize SeedPrompt file extension detection by @biefan in #1501
• FEAT: Add three image converters (color saturation, resize, rotate) by @fdubut in #1633
• MAINT: Add pre-commit hook to strip kernelspec from jupytext .py files by @romanlutz in #1637
• FIX: Refusal Scorer Notebook by @jbolor21 in #1639
• FEAT: Deprecate use_entra_auth and add auto-detect auth for Azure Speech converters by @varunj-msft in #1634
• FEAT [GUI] Display signed-in user info in top bar and populate operator label with username by @behnam-o in #1636
• FIX: Fix multi-turn attacks using RealtimeTarget by @jsong468 in #1638
• MAINT: mypy fixes (comicjailbreak) by @jbolor21 in #1640
• Preserve empty responses in prompt normalizer batches by @biefan in #1506
• MAINT: Rapid response Scenario by @rlundeen2 in #1622
• MAINT Add Python 3.14 support by @cclauss in #1130
• FIX Stop using deprecated AttackResult.attack_identifier in attack_service by @romanlutz in #1644
• FEAT Add VLGuard multimodal safety dataset loader by @romanlutz in #1447
• FIX Reject explicit empty objectives in batch scoring by @biefan in #1503
• MAINT: Set PYRIT_CORS_ORIGINS env var in Bicep instead of imperatively by @adrian-gavrila in #1646
• FIX VLGuard review fixes: document subcategory mapping, move import to top by @romanlutz in #1649
• FEAT: Implement DB schema tracking with alembic by @behnam-o in #1631
• FIX: Use underlying_model_name for evaluation identifier and add param_fallbacks by @jsong468 in #1647
• FIX: AIRTInitializer container crash and parameters.example.json typo by @varunj-msft in #1648
• FIX: prompt_normalizer.send_prompt_async attempts to save duplicate message pieces to memory by @behnam-o in #1656
• FEAT: Searchable multi-select filters for Attack History (ADO 7834) by @adrian-gavrila in #1643
• FIX remove check_schema flag from config loader (forgotten in a previous diff) by @behnam-o in #1660
• FEAT implement batching for memory interface by @maifeeulasad in #1325
• MAINT: Refactor Cyber scenario to use technique registry pattern by @rlundeen2 in #1654
• MAINT: Add merge_group trigger to CI workflows for merge queue support by @romanlutz in #1663
• MAINT remove path from frontend tests by @hannahwestra25 in #1667
• MAINT: Add deprecation warnings when Message Piece is constructed with labels by @behnam-o in #1670
• DOC: Deployment guide for GUI instances by @varunj-msft in #1658
• FEAT: Deployment automation for isolated GUI instances by @varunj-msft in #1655
• MAINT Migration from mypy to ty by @maifeeulasad in #1319
• TEST add unit tests for build scripts by @tejas0077 in #1642
• FIX Surface AttackResultEntry.timestamp on hydrated AttackResult by @thirteeneight in #1653
• FEAT: Add single_turn_crescendo technique with adversarial_config by @rlundeen2 in #1665
• MAINT: Lazy Imports for perf by @rlundeen2 in #1668
• FEAT Migrate consumers to TargetConfiguration capability checks by @hannahwestra25 in #1645
• MAINT FIX: Fix ReadTheDocs config validation error by @romanlutz in #1673
• MAINT: Deprecating Dall-E specific parameters and aligning OpenAIImageTarget with GPT Image endpoints by @jsong468 in #1661
• FIX: RTD build - install deps explicitly in build.jobs.install by @romanlutz in #1676
• MAINT: pyproject update by @rlundeen2 in #1674
• FEAT: Add scenario listing API endpoints to backend by @rlundeen2 in #1666
• FIX set editable_history in 2_red_teaming_attack by @hannahwestra25 in #1675
• FEAT add crescendo persona scenario techniques (movie director, history lecture, journalist interview) by @precognitivem0nk in #1677
• FEAT: Add Image functionality to TAP by @awksrj in #1036
• MAINT: Simplifying Initializers by @rlundeen2 in #1679
• MAINT: Add labels to attack results by @behnam-o in #1624
• FEAT: HuggingFace reproducibility params, OpenAI-compatible integration tests, and endpoint target deprecation by @romanlutz in #1672
• FIX Return no memory results for empty prompt ID filters by @biefan in #1499
• FIX Preserve tool and developer roles in conversation context by @biefan in #1510
• FIX: RTD build - use --group dev for PEP 735 dependency groups by @romanlutz in #1682
• FEAT Add AzureMLChatTarget support to GUI by @blakebullwinkel in #1681
• MAINT Remove dict identifiers, and update message_piece to silence unit test warnings by @behnam-o in #1685
• TEST: add unit and integration tests for GCG attack by @romanlutz in #1684
• FIX Updates to address Integration Test failures (Likert notebook + dict identifier) by @behnam-o in #1688
• DOC: Updating Citations by @rlundeen2 in #1686
• FEAT: Custom scenario parameters from CLI and YAML by @adrian-gavrila in #1680
• MAINT: reorder pyrit_conf example initializers, use default font in AddImageTextConverter by @rlundeen2 in #1690
• MAINT: Leakage Scenario Refactor and Scenario Improvements by @rlundeen2 in #1687
• FIX: Auto Preview of LLM based converters by @jbolor21 in #1694
• FEAT: Adversarial Benchmark Scenario by @ValbuenaVC in #1662
• FEAT: Storage account creation for GUI deployments by @varunj-msft in #1693
• FIX: Render target capabilities as structured columns in config table by @romanlutz in #1691
• FIX default to editable history for OAI response target by @hannahwestra25 in #1698
• FEAT deprecate prompt chat by @hannahwestra25 in #1678
• FEAT: Block GUI sends when target doesn't support the modality by @romanlutz in #1692
• MAINT: Fix 16 dependabot security vulnerabilities by @romanlutz in #1683
• MAINT: Fix 22 additional dependabot security vulnerabilities by @romanlutz in #1701
• TEST Fix flaky XPIA unit tests by stubbing workflow._memory by @hannahwestra25 in #1716
• FEAT: Adding Scenario run to the REST API by @rlundeen2 in #1696
• DOC: Re-execute 1_class_registry notebook to populate cell outputs by @romanlutz in #1713
• DOC: Execute 1_loading_datasets notebook to populate cell outputs by @romanlutz in #1707
• MAINT: Bump datasets to >=4.8.0 to silence multiprocess SyntaxWarning by @romanlutz in #1709
• DOC: Fix trailing-space typo in 4_dataset_coding sample code by @romanlutz in #1710
• MAINT unify how default adversarial and scorer targets are set in scenarios by @behnam-o in #1695
• DOC: Re-execute pyrit_initializer notebook to populate cell outputs by @romanlutz in #1718
• FEAT: Image Filter Converter by @jbolor21 in #1669
• DOC: Re-execute 4_openai_video_target to drop stale pydub/ffmpeg warnings by @romanlutz in #1723
• FEAT: Propagating Scenario/Attack Errors by @rlundeen2 in #1720
• FIX Restore chat bubble contrast in light mode by @romanlutz in #1708
• feat: preserve unknown config keys in extensions by @extrasmall0 in #1712
• FIX Standardize icon-button labels and tooltips in chat surfaces by @romanlutz in #1711
• MAINT: GCG in AzureML fix & improved test coverage, remove mlflow by @romanlutz in #1705
• FIX Pretty-print structured JSON assistant responses in chat bubble by @romanlutz in #1706
• FEAT: Drop fastchat from GCG (#965) by @varshini2305 in #1049
• FEAT: REST API Scenario parameters and initializers by @rlundeen2 in #1724
• FEAT: Score partial content from content-filtered responses by @jsong468 in #1689
• FIX revert alembic version by @hannahwestra25 in #1726
• MAINT: Bump urllib3 to >=2.7.0 to fix dependabot alerts by @romanlutz in #1725
• FEAT: Runtime capability discovery for prompt targets by @hannahwestra25 in #1699
• FIX enforce immutability in CI by @hannahwestra25 in #1729
• MAINT: Move include_baseline from Scenario constructor to initi… by @adrian-gavrila in #1700
• FEAT: Inline Container App secret + KV lockdown for GUI deployments by @varunj-msft in #1721
• FEAT: Adding initializer scripts to REST API by @rlundeen2 in #1728
• FEAT: deprecate raise in PrependedConversationConfig by @hannahwestra25 in #1731
• FIX Add an additional Microsoft target that supports api-version-sensitive Azure AI endpoints by @behnam-o in #1730
• MAINT simplify Getting Started docs by @behnam-o in #1727
• FIX: Converter Mixed Media Types by @jbolor21 in #1719
• REFACTOR rename SeedDatasetProvider.fetch_dataset to fetch_dataset_async by @romanlutz in #1735
• MAINT: Refactor printers into lightweight and flexible output module by @rlundeen2 in #1732
• FIX: RTD build - remove broken TOC entries, fix AML image paths, build PDF in CI by @romanlutz in #1740
• MAINT: migrate AdversarialBenchmark off deprecated PromptChatTarget by @romanlutz in #1746
• DOC: Correct citations in doc/references.bib (audit pass) by @romanlutz in #1747
• MAINT Remove v0.14.0 deprecations by @romanlutz in #1748
• MAINT: Delete unused _TextEmbedding ABC by @romanlutz in #1742
• MAINT: Add to_dict/from_dict roundtrip serialization to model classes by @rlundeen2 in #1738
• MAINT: Tag AtomicAttack(attack=...) deprecation for v0.16.0 removal by @romanlutz in #1743
• MAINT: add _async suffix to async helpers in pyrit/common by @romanlutz in #1744
• Rename BASELINE_POLICY to BASELINE_ATTACK_POLICY for clarity by @hannahwestra25 in #1763
• FEAT: Better Scenario Tracking by @rlundeen2 in #1758
• FEAT Add RegexScorer and CredentialLeakScorer for regex-based secret detection by @francose in #1704
• FIX: Use sequence=0 for both pieces in multimodal dataset loaders by @romanlutz in #1756
• DOC: Enable --strict on docs build, fix converter anchors + broken internal refs (closes #1741) by @romanlutz in #1745
• FEAT: Add SGXSTest dataset loader by @romanlutz in #1754
• FEAT [GUI] Add Home landing page and fix empty-chat message by @romanlutz in #1750
• FEAT: Add HiXSTest (Hindi exaggerated-safety) dataset loader by @romanlutz in #1755
• DOC: Add contributor instructions for dataset loaders by @romanlutz in #1775
• FEAT: Add MSTS multimodal safety dataset loader by @romanlutz in #1757
• FIX Add pre-Alembic schema for safe upgrades from 0.13.0 by @behnam-o in #1772
• TEST: Regenerate notebooks and fix execution errors in 2_red_teaming_attack and 0_output by @rlundeen2 in #1777
• FEAT: Add DangerousQA dataset loader by @romanlutz in #1751
• REFACTOR: Make Translation/Variation/Persuasion inherit from LLMGenericTextConverter by @romanlutz in #1714
• REFACTOR: Shared image fetch helper for multimodal seed datasets by @romanlutz in #1776
• FEAT: Add CategoricalHarmfulQA (CatQA) dataset loader by @romanlutz in #1749
• FIX send single-image edit requests as single element not array by @behnam-o in #1773
• Add input/output modality validation to TargetRequirements.validate() by @hannahwestra25 in #1778
• FIX Redesign chat ribbon for clarity and narrow viewports by @romanlutz in #1736
• FIX add back print_conversation_async with deprecation warning by @behnam-o in #1781
• FEAT: Add blur_images flag to pyrit.output for safer image rendering by @rlundeen2 in #1768
• MAINT: Frontend core refactor by @rlundeen2 in #1753
• REFACTOR: unify error/blocked response scoring across scorers by @romanlutz in #1770
• FEAT: Round Robin Target by @jsong468 in #1761
• FIX test_video_scorer: use tmp_path for sample video so tests are xdist-safe by @immu4989 in #1795
• FIX: Sync docs TOC with generated API pages + fail-fast TOC validation by @romanlutz in #1793
• FIX: bump transitive idna 3.11 -> 3.16 (Dependabot #169, CVE-2026-45409) by @romanlutz in #1796
• FIX: use tmp_path for hardcoded test files to fix xdist races by @romanlutz in #1797
• FEAT: sort scenario per-group breakdown by success rate by @hannahwestra25 in #1809
• FIX add missing import causing notebook execution failure by @behnam-o in #1810
• DOC: Replace reST cross-reference roles in docstrings with plain backticks by @romanlutz in #1782
• DOCS: Fix dead URL for Robust Intelligence (Cisco) bibliography entry by @romanlutz in #1801
• FEAT: Add CoCoNot refusal-calibration dataset loaders by @romanlutz in #1802
• MAINT: Formalize JSON-condition helper contract on MemoryInterface by @romanlutz in #1814
• MAINT: Emit deprecation warnings for ContentHarms and Originator aliases by @romanlutz in #1816
• FIX use 32-byte test JWT key to silence PyJWT InsecureKeyLengthWarning by @immu4989 in #1804
• FIX guard ttest_1samp against zero-variance diff in HarmScorerEvaluator by @immu4989 in #1807
• MAINT: Standardize path handling on pathlib by @romanlutz in #1815
• MAINT: Standardize JSON serialization in models by @romanlutz in #1813
• FEAT add Agent Threat Rules (ATR) adversarial payload dataset loader by @eeee2345 in #1715
• FIX: Bump starlette to >=1.0.1 to address CVE-2026-48710 (BadHost) by @romanlutz in #1818
• FIX: Correct red_teaming_attack notebook by @rlundeen2 in #1779
• MAINT: Convert leaf model types to Pydanticv2 by @rlundeen2 in #1769
• MAINT: Standardize deprecation calls and removed_in format by @romanlutz in #1817
• ADD SIUO seed dataset loader by @romanlutz in #1799
• FEAT: Add ImageOverlayConverter for compositing images with overlays by @jka236 in #1764
• FEAT Add PromptInjectionScorer for OWASP LLM01 prompt injection detection by @francose in #1774
• MAINT: remove unused per-loader max_examples knobs by @romanlutz in #1788
• FIX: RTD build - add --html flag so static index.html is generated by @romanlutz in #1825
• FEAT add StrategySequenceAttack compound attack primitive by @hannahwestra25 in #1819
• FEAT: Run atomic attacks in parallel (better) within a scenario by @rlundeen2 in #1783
• MAINT: Defining pyrit.models boundary by @rlundeen2 in #1771
• FEAT: Add PAIRAttack as a TAP alias with PAIR-definitional defaults pinned by @romanlutz in #1822
• [FEAT]: GUI: Adding Entra Auth Option to New Targets by @jbolor21 in #1762
• FEAT Consolidating scenario techniques by @rlundeen2 in #1785
• MAINT: Simplifying scenario class vars by @rlundeen2 in #1784
• FEAT: GCG public API - GCG + GCGConfig + ExperimentalWarning, shifts module to experimental status by @romanlutz in #1792
• MAINT: add dependabot configuration by @spencrr in #1835
• MAINT: Bump https://github.com/pre-commit/pre-commit-hooks from v5.0.0 to 6.0.0 by @dependabot[bot] in #1838
• MAINT: Bump https://github.com/astral-sh/ruff-pre-commit from v0.14.4 to 0.15.15 by @dependabot[bot] in #1839
• MAINT: Bump https://github.com/allganize/ty-pre-commit from v0.0.32 to 0.0.40 by @dependabot[bot] in #1840
• MAINT: Bump actions/deploy-pages from 4 to 5 by @dependabot[bot] in #1841
• MAINT: Bump actions/checkout from 3 to 6 by @dependabot[bot] in #1842
• MAINT: Bump actions/setup-python from 3 to 6 by @dependabot[bot] in #1843
• MAINT: Bump actions/upload-pages-artifact from 3 to 5 by @dependabot[bot] in #1844
• MAINT: Bump docker/build-push-action from 5 to 7 by @dependabot[bot] in #1845
• MAINT: Bump types-simplejson from 3.20.0.20250822 to 3.20.0.20260518 by @dependabot[bot] in #1852
• MAINT: Bump types-six from 1.17.0.20251009 to 1.17.0.20260518 by @dependabot[bot] in #1853
• MAINT: Bump pyarrow from 21.0.0 to 24.0.0 by @dependabot[bot] in #1854
• MAINT: Bump types-aiofiles from 25.1.0.20251011 to 25.1.0.20260518 by @dependabot[bot] in #1855
• FEAT: Add authors and group affiliations to 21 seed-dataset YAMLs by @romanlutz in #1834
• MAINT: fix ruff 0.15.15 D420 errors and revert ty-pre-commit to v0.0.32 by @spencrr in #1857
• FEAT: Add SALT-NLP Moral Integrity Corpus (MIC) dataset loader by @sajisanchu1913-source in #1831
• FEAT: Add StrongREJECT seed dataset loader by @romanlutz in #1800
• MAINT: Bump the minor-and-patch group in /frontend with 12 updates by @dependabot[bot] in #1846
• FEAT: Add FigStep SafeBench multimodal dataset loader by @romanlutz in #1787
• MAINT: Bump eslint from 9.39.1 to 10.4.1 in /frontend by @dependabot[bot] in #1850
• MAINT: Bump vite to 8.0.14 + bundle frontend dep bumps (closes #1848, #1849) by @dependabot[bot] in #1847
• FIX allow AKV-referenced secrets in CoPYRIT deployments by @behnam-o in #1836
• MAINT: Bump devcontainers/python from 3.11-bookworm to 3.14-bookworm in /.devcontainer in the minor-and-patch group across 1 directory by @dependabot[bot] in #1837
• MAINT: Bump the minor-and-patch group across 1 directory with 36 updates by @dependabot[bot] in #1851
• FEAT: Add 0DIN JEF keyword scorers and n-day seed datasets by @athal7 in #1398
• FEAT: Add BidiConverter for Arabic adversarial Unicode manipulation by @Raulster24 in #1832
• DOC: Auto-link symbol references in generated API docs by @romanlutz in #1823
• MAINT: Moving Identifiers to models by @rlundeen2 in #1858
• TEST: Unit test speed up by @rlundeen2 in #1872
• FIX: bump transitive ws to 8.21.0 to address GHSA-58qx-3vcg-4xpx by @romanlutz in #1873
• FEAT: Add DecodingTrust Toxicity dataset loader by @v0ropaev in #1821
• FEAT: Adversarial Benchmark Scenario Refactor by @ValbuenaVC in #1765
• MAINT: Deprecate MemoryExporter and export_conversations methods by @rlundeen2 in #1870
• MAINT: Fix [project.optional-dependencies] all drift by @romanlutz in #1876
• MAINT: Refactoring MessagePiece to Pydantic by @rlundeen2 in #1871
• MAINT: Refactoring Identifiers to be Pydantic classes by @rlundeen2 in #1881
• FIX: Clear stale conversation_id when opening another attack from history by @romanlutz in #1859
• Fix two failing E2E dataset providers (ComicJailbreak timeout, VLGuard 401) by @romanlutz in #1863
• FIX: unblock main CI — Test GUI (PyPI), Crescendo parser, CoCoNot empty prompt by @romanlutz in #1862
• FIX: Restore airt.cyber E2E + azure-ai-evaluation partner contract by @romanlutz in #1864
• FEAT: Backfill class-level metadata for all remote seed datasets by @romanlutz in #1780
• MAINT: Migrate AddImage/AddTextImage converter deprecations to print_deprecation_message by @romanlutz in #1875
• FEAT: Add TatweelConverter for Arabic kashida insertion by @Raulster24 in #1869
• FEAT: Multi-version docs on GitHub Pages (replaces RTD) by @romanlutz in #1866
• FEAT Add JailbreakV_28k dataset from HF by @adrian-gavrila in #1098
• FEAT: Add ArabicPresentationFormConverter for Arabic isolated-form substitution by @Raulster24 in #1888
• MAINT: Remove redundant PromptTarget from OpenAI target subclasses by @hannahwestra25 in #1882
• MAINT: Making Message a Pydantic model by @rlundeen2 in #1885
• FIX: support moderation errors for MAI image models by @fdubut in #1890
• TEST: stop GCG unit tests from hitting HuggingFace by @romanlutz in #1886
• Add OWASP LLM02 output-side scorer pack (XSS / SQLi / Shell / Path) by @ppcvote in #1868
• FEAT: Add MOSSBench multimodal over-sensitivity dataset loader by @romanlutz in #1786
• MAINT: Eliminate blocking I/O on async code paths by @romanlutz in #1878
• MAINT: Integrate RoundRobinTarget into Initializers by @jsong468 in #1833
• MAINT: Migrate os.path.* to pathlib.Path in pyrit/ by @romanlutz in #1877
• MAINT: Alembic Initialize_pyrit output by @rlundeen2 in #1895
• MAINT: Making Score a Pydantic model by @rlundeen2 in #1891
• MAINT: Fix flaky sleeps and MagicMock misuse in unit tests by @romanlutz in #1874
• [BREAKING] MAINT: enforce _async suffix on async functions across pyrit/ by @romanlutz in #1889
• FEAT: Define GCG extension protocols (typing surface only) by @romanlutz in #1861
• FIX: Integration test fixes by @ValbuenaVC in #1897
• BUG: Stop leaking absolute media paths and SAS tokens in Attack History 'Last Message' by @romanlutz in #1865
• MAINT: Migrating AttackResult to Pydantic by @rlundeen2 in #1899
• MAINT: Migrating Seed classes to Pydantic by @rlundeen2 in #1898
• FEAT: Realtime streaming session support and server-side barge-in attack by @adrian-gavrila in #1766
• DOC: Scoring Docs Refactor by @rlundeen2 in #1892
• FEAT text adaptive scenario by @hannahwestra25 in #1760
• MAINT: Deprecate dead split kwarg on 8 single-split HF dataset loaders by @romanlutz in #1901
• MAINT Breaking: Convert ScenarioResult to Pydantic by @rlundeen2 in #1908
• FIX (frontend): omit misleading byte size on media attachment chip by @romanlutz in #1896
• FIX: Integration Test Fixes by @ValbuenaVC in #1907
• DOC: Polish MyST cross-references (bases, re-exports, page labels) by @romanlutz in #1824
• MAINT: Bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260518 by @dependabot[bot] in #1928
• MAINT: Bump the minor-and-patch group with 5 updates by @dependabot[bot] in #1925
• MAINT: Bump websockets from 15.0.1 to 16.0 by @dependabot[bot] in #1926
• MAINT: Bump types-decorator from 5.2.0.20251101 to 5.2.0.20260519 by @dependabot[bot] in #1927
• MAINT: Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in #1924
• MAINT: Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #1922
• MAINT: Bump actions/download-artifact from 4 to 8 by @dependabot[bot] in #1920
• MAINT: Bump actions/cache from 4 to 5 by @dependabot[bot] in #1921
• MAINT: Bump the minor-and-patch group in /frontend with 4 updates by @dependabot[bot] in #1914
• MAINT: Bump https://github.com/allganize/ty-pre-commit from v0.0.32 to 0.0.43 by @dependabot[bot] in #1919
• MAINT: Bump aiohttp from 3.13.5 to 3.14.0 by @dependabot[bot] in #1913
• MAINT: Bump jest and @types/jest in /frontend by @dependabot[bot] in #1917
• MAINT: Bump actions/setup-node from 4 to 6 by @dependabot[bot] in #1923
• MAINT: Bump typescript from 5.9.3 to 6.0.3 in /frontend by @dependabot[bot] in #1915
• MAINT: deprecate display_image_response_async by @rlundeen2 in #1930
• MAINT: Bump react and @types/react in /frontend by @dependabot[bot] in #1918
• FEAT: Add ArabiziConverter for Arabic transliteration by @Raulster24 in #1906
• DOC: cross-OS troubleshooting + per-OS ODBC install steps by @romanlutz in #1932
• MAINT: suppress ty missing-override-decorator rule by @romanlutz in #1935
• FIX: Preserve DatasetConfiguration subclass when backend overrides dataset_names by @varunj-msft in #1911
• DOC: Update 0_scenarios.ipynb output with adaptive.text_adaptive scenario by @hannahwestra25 in #1936
• MAINT: fix remaining pre-commit failures on main (ty + reST roles) by @romanlutz in #1938

New Contributors

• @maifeeulasad made their first contribution in #1325
• @thirteeneight made their first contribution in #1653
• @precognitivem0nk made their first contribution in #1677
• @extrasmall0 made their first contribution in #1712
• @francose made their first contribution in #1704
• @immu4989 made their first contribution in #1795
• @eeee2345 made their first contribution in #1715
• @jka236 made their first contribution in #1764
• @athal7 made their first contribution in #1398
• @Raulster24 made their first contribution in #1832
• @v0ropaev made their first contribution in #1821
• @ppcvote made their first contribution in #1868

Full Changelog: v0.13.0...v0.14.0