Skip to content

Red-team strategy

Crescendo Attack

crescendo

Gradually escalates from innocent topics toward the target. The static transform emits a seed ladder; runAdaptive drives a real multi-round LLM escalation against a live target.

YAML config

evalguard.config.yaml
redteam:
  strategies:
    - crescendo

CLI

bash
# "crescendo" is layered onto attacks during red-team scans.
# List every available encoding/obfuscation strategy:
evalguard list strategies
Combine with attack plugins to generate adversarial payloads. The strategy wraps each base payload before it's sent to your target, testing whether the model decodes / unwraps the transform and follows the embedded instruction.

Threat-model fit

Best for testing if your safety training resists gradual escalation. Adversaries that start innocuous and progressively push toward harmful requests are the most common real-world attack pattern — crescendo simulates that exact dynamic across 5-15 turns.

Pairs well with

Hand-written · 2026-05-21