Skip to content

Red-team strategy

Best-of-N Jailbreak

best-of-n

Returns N rephrased variants of the payload (synonym swap, reorder, question form)

YAML config

evalguard.config.yaml
redteam:
  strategies:
    - best-of-n

CLI

bash
# "best-of-n" is layered onto attacks during red-team scans.
# List every available encoding/obfuscation strategy:
evalguard list strategies
Combine with attack plugins to generate adversarial payloads. The strategy wraps each base payload before it's sent to your target, testing whether the model decodes / unwraps the transform and follows the embedded instruction.

Threat-model fit

The Best-of-N Jailbreak strategy effectively probes models that are sensitive to variations in phrasing and context. By generating multiple rephrased variants of a prompt, it tests the model's ability to recognize and respond appropriately to potentially harmful queries while avoiding evasion through simple rewording.

LLM-generated (llm-gpt-4o) · 2026-05-23