Skip to content

Red-team strategy

GCG Adversarial Suffix

gcg

Appends adversarial suffix tokens (Greedy Coordinate Gradient style) to confuse model tokenizers. The static transform emits format-accurate suffixes; runAdaptive iteratively searches suffixes against a live target.

YAML config

evalguard.config.yaml
redteam:
  strategies:
    - gcg

CLI

bash
# "gcg" is layered onto attacks during red-team scans.
# List every available encoding/obfuscation strategy:
evalguard list strategies
Combine with attack plugins to generate adversarial payloads. The strategy wraps each base payload before it's sent to your target, testing whether the model decodes / unwraps the transform and follows the embedded instruction.

Threat-model fit

The GCG Adversarial Suffix strategy effectively probes models that rely heavily on tokenization and sequence understanding. It is particularly useful against systems that may misinterpret or mishandle unexpected token patterns, leading to potential information leakage or misclassification.

LLM-generated (llm-gpt-4o) · 2026-05-23