Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEAT GCG algorithm and AML pipeline #381

Merged
merged 151 commits into from
Oct 9, 2024
Merged

FEAT GCG algorithm and AML pipeline #381

merged 151 commits into from
Oct 9, 2024

Conversation

blakebullwinkel
Copy link
Contributor

@blakebullwinkel blakebullwinkel commented Sep 18, 2024
edited
Loading

Description

This PR adds the GCG algorithm, which can be used to generate adversarial suffixes that jailbreak language models. The GCG code is mostly the same as that in the original repo, with a few changes including:

  • Added support for Phi-3-mini
  • Logging using mlflow (functions added to pyrit/auxiliary_attacks/gcg/experiments/log.py)

This code been added to a new high-level directory pyrit/auxiliary_attacks, which will contain the code for attacks that do not fit into the core PyRIT functionality. This PR also adds a doc/code/auxiliary_attacks directory with two demo notebooks:

  • 1_auxiliary_attacks.ipynb: explains what we mean by "auxiliary attacks" and shows how to send a GCG suffix to a Phi-3-mini AzureMLChatTarget
  • 2_gcg.ipynb: provides the full AML pipeline to generate GCG suffixes including environment creation and job submission

Several additional dependencies are required to run the GCG algorithm. These have been added as optional dependencies under gcg in the pyproject.toml. We also update the github build pipeline to install these dependencies along with the dev dependencies so that we can continue to support this functionality in the future.

Tests and Documentation

Given that the GCG code runs independently from the rest of PyRIT, we decided not to add tests for it. Documentation has been added to doc/code/auxiliary_attacks.

NaijingGuo and others added 30 commits April 29, 2024 10:19
@NaijingGuo
added requirements for adv suffix
8b3f413
@NaijingGuo
added adv suffix code
611e3bd
@NaijingGuo
pre-commit white space changes
e04d1e7
@NaijingGuo
Merge branch 'main' into main
7bbaebe
@NaijingGuo
load data from url instead of copying to repo
66fe982
@NaijingGuo
Merge branch 'main' of https://github.com/NaijingGuo/PyRIT
29aaca4
@NaijingGuo
refactor generate suffix into class
2796e16
@NaijingGuo
updated loading HF token
3b5e863
@NaijingGuo
Some clean up; documented demo script
fbc3612
@NaijingGuo
refactored parse log and evaluation into a class, added eval demo code
7ad026c
@NaijingGuo
ignore evaluation output from suffix attack
b3b5361
@NaijingGuo
Merge branch 'main' into main
a717f11
@NaijingGuo
cleaned up and renamed files
9f8f76a
@NaijingGuo
updated readme
f5df72a
@dlmgary
refactor: move config files from Python to YAML files.
3dc9067
@dlmgary
build: add torch as an extra dependency to pyproject
6d6ec04
@dlmgary
refactor: fix imports
c81caa9
@dlmgary
refactor: remove dependency on ml_collections.config_flags and update…
ba4e50a 
… files to read from YAML.
@NaijingGuo
load HF token from env
da9cae2
@NaijingGuo
updated loading configs
407327f
@NaijingGuo
small cleanup
c26dd67
@NaijingGuo
updated evalutaion scipt to work w/ YAML config
0c2b20b
@NaijingGuo
added a common mistral failure prefix
0b296ce
@NaijingGuo
added multiprompt (single model) support
7fa1978
@NaijingGuo
added multimodel multiprompt support
95cc394
@NaijingGuo
Merge branch 'main' into main
8ca044b
@NaijingGuo
added llama3 support
901decb
@NaijingGuo
added vicuna support
29f7c18
@NaijingGuo
multiple prompts on all models
75c5089
@romanlutz
Merge branch 'main' of https://github.com/Azure/PyRIT into romanlutz/…
64a97eb 
…gcg_azureml
@blakebullwinkel
cleaned up gcg dependencies
cba9634
@blakebullwinkel
renamed gcg_aml notebooks to gcg_azure_ml
1ee5845
@blakebullwinkel
excluded auxiliary_attacks notebooks from ps conversion scripts
cb7e66c
@blakebullwinkel
replaced relative path with absolute in job submission command
7d2216e
@blakebullwinkel
removed space between dev and gcg in pip install command
189cce0
@blakebullwinkel
removed TODO
e469164
@blakebullwinkel
updated gcg azureml notebook to use pyrit common paths
f7f85ec
@blakebullwinkel
temporarily removing pyrit main git clone for testing
31c2306
@blakebullwinkel
added required loss argument to loss logging function
47dc758
@blakebullwinkel
updated gcg README with phi-3-mini
625eb6c
@blakebullwinkel
temporarily adding back azureml-mlflow post1 version to test logging …
964a1e9 
…issue
@blakebullwinkel
Merge remote-tracking branch 'blakebullwinkel/main' into romanlutz/gc…
19ab76f 
…g_azureml
@blakebullwinkel
changed log_first argument back to False by default
2c2e905
@blakebullwinkel
changed azureml-mlflow version back to non post1 release
ba36e18
@blakebullwinkel
ran pre-commit hooks
22548b9
rdheekonda
rdheekonda approved these changes Oct 8, 2024
View reviewed changes
Copy link
Contributor

@rdheekonda rdheekonda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, @blakebullwinkel !

@rlundeen2 rlundeen2 merged commit 4e2517f into Azure:main Oct 9, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@romanlutz romanlutz romanlutz left review comments

@rlundeen2 rlundeen2 rlundeen2 left review comments

@rdheekonda rdheekonda rdheekonda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FEAT Add adversarial suffix attack GCG
6 participants
@blakebullwinkel @romanlutz @rdheekonda @rlundeen2 @NaijingGuo @dlmgary