search

sherdencooper / GPTFuzz

Official repo for GPTFUZZER : Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts
MIT License
371 stars 45 forks source link

Typos in example.ipynb #19

Open Junjie-Chu opened 10 months ago

Junjie-Chu commented 10 months ago

In the second code block, questions_set = pd.read_csv(seed_path)['question_path'].tolist() seems to be wrong. Maybe questions_set = pd.read_csv(path_path)['text'].tolist()

sherdencooper commented 10 months ago

Thanks a lot! You are right, here is indeed a typo. I have fixed this in the master branch, plz let us know if there are further issues. Thanks again for your careful review!

Junjie-Chu commented 10 months ago

Thanks a lot! You are right, here is indeed a typo. I have fixed this in the master branch, plz let us know if there are further issues. Thanks again for your careful review!

I have another question, about how to set the parameters. If I have a forbidden-question dataset, it has 160 questions. I would like to find 1 jailbreak prompt for each question, and budget allows 20 queries for each question. In this case, I have to set --max_jailbreak 160 --max_query 3200, right?

sherdencooper commented 10 months ago

Hi Junjie, if you want to allocate 20 queries for each question, then you just need to set max query as 3200. The max jailbreak is counted as the total number of successful jailbreak attempts during fuzzing. It is also a stop condition and any one of the stop conditions is satisfied, the fuzzing loop will terminate. For example, if there are 5 questions in total, in iteration 1, the results are [0,1,1,1,0], then the jailbreak number is 3. In iteration 2, if the results are [1,0,0,1,0], then the jailbreak number is 5. After it reaches 160, the fuzzing process will be terminated. However, you could just set one stop condition while leaving others empty to satisfy your needs. If you would like to stop the fuzzing only until each question can be jailbroken at least once, you need some modification because current stop conditions cannot support that. Plz let me know if you have any questions about the parameters

Junjie-Chu commented 10 months ago

Hi Junjie, if you want to allocate 20 queries for each question, then you just need to set max query as 3200. The max jailbreak is counted as the total number of successful jailbreak attempts during fuzzing. It is also a stop condition and any one of the stop conditions is satisfied, the fuzzing loop will terminate. For example, if there are 5 questions in total, in iteration 1, the results are [0,1,1,1,0], then the jailbreak number is 3. In iteration 2, if the results are [1,0,0,1,0], then the jailbreak number is 5. After it reaches 160, the fuzzing process will be terminated. However, you could just set one stop condition while leaving others empty to satisfy your needs. If you would like to stop the fuzzing only until each question can be jailbroken at least once, you need some modification because current stop conditions cannot support that. Plz let me know if you have any questions about the parameters

Thanks for your quick reply! Really thanks, for both this comment and e-mail. I think to obtain my target, the best way is to run single question :) I have already made it run XD