Skip to content

Red-team strategy

AutoDAN (genetic stealthy jailbreak)

autodan

Evolves a population of fluent, low-perplexity jailbreak scaffolds via a genetic algorithm (crossover + mutation) — the deliberate inverse of GCG's high-perplexity token salad, designed to evade perplexity filters while staying coherent (Liu et al. 2310.04451). The static transform runs a deterministic GA pass; runAdaptive drives the iterative optimization against a live target.

YAML config

evalguard.config.yaml
redteam:
  strategies:
    - autodan

CLI

bash
# "autodan" is layered onto attacks during red-team scans.
# List every available encoding/obfuscation strategy:
evalguard list strategies
Combine with attack plugins to generate adversarial payloads. The strategy wraps each base payload before it's sent to your target, testing whether the model decodes / unwraps the transform and follows the embedded instruction.