Red-team strategy
Bijection Learning
bijection-learningTeaches the model a novel in-context substitution cipher (a bijection between letters and code tokens), then sends the objective encoded in that bijection so plaintext safety filters miss it while the model decodes-and-answers (Huang et al. 2410.01294). Unlike base64/rot13/morse, the mapping is supplied inline and inverted via in-context learning — no fixed signature to block.
YAML config
evalguard.config.yaml
redteam:
strategies:
- bijection-learningCLI
bash
# "bijection-learning" is layered onto attacks during red-team scans.
# List every available encoding/obfuscation strategy:
evalguard list strategies