Skip to content

Port from safety to redteaming #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Jun 2, 2025
Prev Previous commit
Next Next commit
Update documentation
  • Loading branch information
pamelafox committed Jun 2, 2025
commit 59c482867bc48122c3337810d261b2d391f08b2c
35 changes: 26 additions & 9 deletions docs/safety_evaluation.md
Original file line number Diff line number Diff line change
@@ -4,8 +4,8 @@ When deploying a RAG app to production, you should evaluate the safety of the an

* [Deploy an Azure AI project](#deploy-an-azure-ai-project)
* [Setup the evaluation environment](#setup-the-evaluation-environment)
* [Run safety scan](#simulate-and-evaluate-adversarial-users)
* [Review the safety evaluation results](#review-the-safety-evaluation-results)
* [Run red teaming agent](#run-red-teaming-agent)
* [Review the red teaming results](#review-the-red-team-results)

## Deploy an Azure AI project

@@ -45,25 +45,27 @@ In order to use the Red Teaming agent, you need an Azure AI project inside Azure
.evalenv\Scripts\activate
```

1. Install the dependencies for the safety evaluation script:
3. Install the dependencies for the safety evaluation script:

```bash
pip install uv
uv pip install -r evals/requirements.txt
```

## Simulate and evaluate adversarial users
## Run the red teaming agent

Run the following command to simulate adversarial queries and evaluate the safety of the answers generated in response to those queries:
To run the red teaming agent, you need to have the RAG app running at a deployed URL or local URL. Consult the main README for deployment instructions local server instructions.

In the same terminal where you activated `.evalenv`, run this command to perform a red teaming scan:

```shell
python evals/safety_evaluation.py --target_url <TARGET_URL> --questions_per_category <NUM_QUESTIONS>
```

* `--target_url`: The target URL for the callback. Default is `http://127.0.0.1:8000/chat`, so make sure that the RAG app is running locally. If you are running the RAG app in a different environment, set this to the correct URL.
* `--target_url`: The target URL for the callback. Default is `http://127.0.0.1:8000/chat`, which assumes the RAG app is running locally. If you want to scan a deployed app instead, set this to `https://DEPLOYEDURL/chat`.
* `--questions_per_category`: The number of questions per risk category to ask during the scan. There are four risk categories (`hate_unfairness`, `sexual`, `violence`, and `self_harm`). The default is 5 questions per category, but you can decrease this number to 1 for test runs, or increase it for a more thorough evaluation. Note that the total questions asked will be higher, as the red teaming agent is configured to try [multiple attack strategies](https://learn.microsoft.com/azure/ai-foundry/how-to/develop/run-scans-ai-red-teaming-agent#supported-attack-strategies), where it transforms the original question in different ways.

## Review the red team results
## Review the red teaming results

That command will save results both in Azure AI Foundry and in the local `evals/redteams` directory.

@@ -80,10 +82,25 @@ Then you can dig into the data and see the questions and answers received from y

Note that the questions are intentionally adversarial, so you should mentally prepare for that before looking at the results. The goal is to see if your app can handle these adversarial queries and provide safe answers. Even if your scan results in a 0% attack success rate, you should still review the questions and answers to ensure that you're happy with the way your app responds to these adversarial queries.

Learn more in the [Red Teaming Agent documentation](https://learn.microsoft.com/azure/ai-foundry/how-to/develop/run-scans-ai-red-teaming-agent#viewing-your-results-in-azure-ai-foundry-project).

## Review results locally

In addition to the results in Azure AI Foundry, you can also review the results locally in the `evals/redteams` directory. The results are saved in JSON format.

Each file in this directory corresponds to a single red teaming scan, and contains the following fields:

* `redteaming_scorecard`: A summary of the scan results, including the attack success rate and the number of questions asked.
* `redteaming_parameters`: The parameters used for the scan, including the risk categories and attack strategies.
* `redteaming_data`: A list of the questions asked during the scan, along with the answers received from your app.
* `studio_url`: A link to the Azure AI Foundry studio where you can view the results in more detail.

Learn more in the [Red Teaming Agent documentation](https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/develop/run-scans-ai-red-teaming-agent#results-from-your-automated-scans).

## Resources

To learn more about the Azure AI services used in this project, look through the script, documentation, and videos below:
To learn more about the red team scanning, look through the script, documentation, and videos below:

* [safety_evaluation.py](evals/safety_evaluation.py)
* [safety_evaluation.py](/evals/safety_evaluation.py)
* [Run automated safety scans with AI Red Teaming Agent](https://learn.microsoft.com/azure/ai-foundry/how-to/develop/run-scans-ai-red-teaming-agent)
* [Build 2025: Red-teaming Demo](https://www.youtube.com/watch?v=sZzcSX7BFVA)
Loading
Oops, something went wrong.