PyRIT is Microsoft’s open-source AI red team framework for automating multi-turn attack campaigns against LLM systems, and it has been validated on more than 100 internal operations including Phi-3 and Copilot. It combines targets, converters, scorers, and orchestrators to scale prompt injection testing, Crescendo-style attacks, TAP branching, and cross-domain prompt injection workflows for bounty programs and lab work. #PyRIT #Microsoft #Phi3 #Copilot #CrescendoOrchestrator #TreeOfAttacksWithPruningOrchestrator #XPIAOrchestrator
Keypoints
- PyRIT automates structured red team campaigns against LLM targets.
- Converters stack prompts like payload encoders to evade filters.
- Scorers measure success with true/false, refusal, harm, or LLM judging.
- Crescendo and TAP drive multi-turn attacks that pay off in bounty programs.
- XPIAOrchestrator targets indirect prompt injection through untrusted external data.