Skip to content

Red-team strategy

Layered Encoding

layer

Wraps input in multiple encoding layers (base64 inside ROT13 inside leetspeak) to evade multi-stage filters

YAML config

evalguard.config.yaml
redteam:
  strategies:
    - layer

CLI

bash
# "layer" is layered onto attacks during red-team scans.
# List every available encoding/obfuscation strategy:
evalguard list strategies
Combine with attack plugins to generate adversarial payloads. The strategy wraps each base payload before it's sent to your target, testing whether the model decodes / unwraps the transform and follows the embedded instruction.

Threat-model fit

Layered Encoding is particularly effective against threat models that employ multi-stage filtering mechanisms, such as those found in web application firewalls or input sanitization systems. By obfuscating the input through multiple encoding layers, it can bypass simplistic detection methods that may only inspect the outermost layer.

LLM-generated (llm-gpt-4o) · 2026-05-23