[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-EasyJailbreak--EasyJailbreak":3,"tool-EasyJailbreak--EasyJailbreak":64},[4,17,27,35,43,56],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":16},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面,旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点,将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师,还是想要深入探索模型潜力的开发者与研究人员,都能从中获益。其核心亮点在于极高的功能丰富度:不仅支持文生图、图生图、局部重绘(Inpainting)和外绘(Outpainting)等基础模式,还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外,它内置了 GFPGAN 和 CodeFormer 等人脸修复工具,支持多种神经网络放大算法,并允许用户通过插件系统无限扩展能力。即使是显存有限的设备,stable-diffusion-webui 也提供了相应的优化选项,让高质量的 AI 艺术创作变得触手可及。",162132,3,"2026-04-05T11:01:52",[13,14,15],"开发框架","图像","Agent","ready",{"id":18,"name":19,"github_repo":20,"description_zh":21,"stars":22,"difficulty_score":23,"last_commit_at":24,"category_tags":25,"status":16},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手(如 Claude Code、Codex、Cursor 等)打造的高性能优化系统。它不仅仅是一组配置文件,而是一个经过长期实战打磨的完整框架,旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能,everything-claude-code 能显著提升 AI 在复杂任务中的表现,帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略,使得模型响应更快、成本更低,同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库,还是需要 AI 协助进行安全审计与自动化测试,everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目,它融合了多语言支持与丰富的实战钩子(hooks),让 AI 真正成长为懂上",138956,2,"2026-04-05T11:33:21",[13,15,26],"语言模型",{"id":28,"name":29,"github_repo":30,"description_zh":31,"stars":32,"difficulty_score":23,"last_commit_at":33,"category_tags":34,"status":16},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎,专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式,采用直观的节点式流程图界面,让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景,也能自由组合模型、调整参数并实时预览效果,轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性,不仅支持 Windows、macOS 和 Linux 全平台,还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构,并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者,还是追求极致创作自由度的设计师与资深 AI 绘画爱好者,ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能,使其成为当前最灵活、生态最丰富的开源扩散模型工具之一,帮助用户将创意高效转化为现实。",107662,"2026-04-03T11:11:01",[13,14,15],{"id":36,"name":37,"github_repo":38,"description_zh":39,"stars":40,"difficulty_score":23,"last_commit_at":41,"category_tags":42,"status":16},3704,"NextChat","ChatGPTNextWeb\u002FNextChat","NextChat 是一款轻量且极速的 AI 助手,旨在为用户提供流畅、跨平台的大模型交互体验。它完美解决了用户在多设备间切换时难以保持对话连续性,以及面对众多 AI 模型不知如何统一管理的痛点。无论是日常办公、学习辅助还是创意激发,NextChat 都能让用户随时随地通过网页、iOS、Android、Windows、MacOS 或 Linux 端无缝接入智能服务。\n\n这款工具非常适合普通用户、学生、职场人士以及需要私有化部署的企业团队使用。对于开发者而言,它也提供了便捷的自托管方案,支持一键部署到 Vercel 或 Zeabur 等平台。\n\nNextChat 的核心亮点在于其广泛的模型兼容性,原生支持 Claude、DeepSeek、GPT-4 及 Gemini Pro 等主流大模型,让用户在一个界面即可自由切换不同 AI 能力。此外,它还率先支持 MCP(Model Context Protocol)协议,增强了上下文处理能力。针对企业用户,NextChat 提供专业版解决方案,具备品牌定制、细粒度权限控制、内部知识库整合及安全审计等功能,满足公司对数据隐私和个性化管理的高标准要求。",87618,"2026-04-05T07:20:52",[13,26],{"id":44,"name":45,"github_repo":46,"description_zh":47,"stars":48,"difficulty_score":23,"last_commit_at":49,"category_tags":50,"status":16},2268,"ML-For-Beginners","microsoft\u002FML-For-Beginners","ML-For-Beginners 是由微软推出的一套系统化机器学习入门课程,旨在帮助零基础用户轻松掌握经典机器学习知识。这套课程将学习路径规划为 12 周,包含 26 节精炼课程和 52 道配套测验,内容涵盖从基础概念到实际应用的完整流程,有效解决了初学者面对庞大知识体系时无从下手、缺乏结构化指导的痛点。\n\n无论是希望转型的开发者、需要补充算法背景的研究人员,还是对人工智能充满好奇的普通爱好者,都能从中受益。课程不仅提供了清晰的理论讲解,还强调动手实践,让用户在循序渐进中建立扎实的技能基础。其独特的亮点在于强大的多语言支持,通过自动化机制提供了包括简体中文在内的 50 多种语言版本,极大地降低了全球不同背景用户的学习门槛。此外,项目采用开源协作模式,社区活跃且内容持续更新,确保学习者能获取前沿且准确的技术资讯。如果你正寻找一条清晰、友好且专业的机器学习入门之路,ML-For-Beginners 将是理想的起点。",84991,"2026-04-05T10:45:23",[14,51,52,53,15,54,26,13,55],"数据工具","视频","插件","其他","音频",{"id":57,"name":58,"github_repo":59,"description_zh":60,"stars":61,"difficulty_score":10,"last_commit_at":62,"category_tags":63,"status":16},3128,"ragflow","infiniflow\u002Fragflow","RAGFlow 是一款领先的开源检索增强生成(RAG)引擎,旨在为大语言模型构建更精准、可靠的上下文层。它巧妙地将前沿的 RAG 技术与智能体(Agent)能力相结合,不仅支持从各类文档中高效提取知识,还能让模型基于这些知识进行逻辑推理和任务执行。\n\n在大模型应用中,幻觉问题和知识滞后是常见痛点。RAGFlow 通过深度解析复杂文档结构(如表格、图表及混合排版),显著提升了信息检索的准确度,从而有效减少模型“胡编乱造”的现象,确保回答既有据可依又具备时效性。其内置的智能体机制更进一步,使系统不仅能回答问题,还能自主规划步骤解决复杂问题。\n\n这款工具特别适合开发者、企业技术团队以及 AI 研究人员使用。无论是希望快速搭建私有知识库问答系统,还是致力于探索大模型在垂直领域落地的创新者,都能从中受益。RAGFlow 提供了可视化的工作流编排界面和灵活的 API 接口,既降低了非算法背景用户的上手门槛,也满足了专业开发者对系统深度定制的需求。作为基于 Apache 2.0 协议开源的项目,它正成为连接通用大模型与行业专有知识之间的重要桥梁。",77062,"2026-04-04T04:44:48",[15,14,13,26,54],{"id":65,"github_repo":66,"name":67,"description_en":68,"description_zh":69,"ai_summary_zh":69,"readme_en":70,"readme_zh":71,"quickstart_zh":72,"use_case_zh":73,"hero_image_url":74,"owner_login":67,"owner_name":67,"owner_avatar_url":75,"owner_bio":76,"owner_company":77,"owner_location":77,"owner_email":77,"owner_twitter":77,"owner_website":77,"owner_url":78,"languages":79,"stars":92,"forks":93,"last_commit_at":94,"license":95,"difficulty_score":23,"env_os":76,"env_gpu":96,"env_ram":96,"env_deps":97,"category_tags":101,"github_topics":102,"view_count":23,"oss_zip_url":77,"oss_zip_packed_at":77,"status":16,"created_at":109,"updated_at":110,"faqs":111,"releases":141},3716,"EasyJailbreak\u002FEasyJailbreak","EasyJailbreak","An easy-to-use Python framework to generate adversarial jailbreak prompts.","EasyJailbreak 是一款专为大语言模型(LLM)安全研究打造的开源 Python 框架,旨在帮助用户高效生成对抗性“越狱”提示词。当前,评估大模型在面对恶意诱导时的安全性至关重要,但手动构造高质量的攻击提示词既耗时又难以覆盖多样场景。EasyJailbreak 通过将复杂的越狱攻击流程拆解为初始化种子、选择、添加约束、变异、攻击和评估等可迭代步骤,提供了一套模块化的解决方案,让安全测试变得系统化且易于扩展。\n\n该工具特别适合 AI 安全领域的研究人员和开发者使用。无论是希望快速复现主流攻击算法的学者,还是想要自定义变异策略或评估机制的技术人员,都能在其中找到灵活的支持。其核心亮点在于独特的“变异 - 推理”循环架构:系统能自动筛选优质提示词种子,通过变异器生成新变体,并利用评估器反馈结果以优化下一轮攻击,从而实现智能化的自动化红队测试。此外,项目内置了多种成熟的攻击配方(recipes),并支持用户轻松集成新方法,极大地降低了大模型安全性研究的门槛,是探索模型鲁棒性与防御机制的理想实验场。","\u003Ch1 align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_readme_98489ebcc509.png\" alt=\"EasyJailbreak Logo\" height=\"60\">\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\u003Cfont face=\"Lucida Sans\">\u003Cem>—— An easy-to-use Python framework to generate adversarial jailbreak prompts by assembling different methods\u003C\u002Fem>\u003C\u002Ffont>\u003Cbr>\u003Cbr> \n\u003Ca href=\"http:\u002F\u002Feasyjailbreak.org\u002F\">\n \t\u003Cimg alt=\"Website\" src=\"https:\u002F\u002Fimg.shields.io\u002Fwebsite?up_message=online&url=http%3A%2F%2Feasyjailbreak.org%2F\" height=\"18\">\n \u003C\u002Fa>\n\u003Ca>\n \t\u003Cimg alt=\"License\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-GPL%20v3-brightgreen\" height=\"18\">\n \u003C\u002Fa>\n\n \u003Ca href=\"https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\">\n \u003Cimg alt=\"Read Docs\" src=\"https:\u002F\u002Fimg.shields.io\u002Fstatic\u002Fv1?label=Read%20Docs&message=guide&color=blue\" height=\"18\">\n \u003C\u002Fa>\n\n\u003Ca href=\"https:\u002F\u002Fbadge.fury.io\u002Fpy\u002FEasyJailbreak\">\n \u003Cimg alt=\"GitHub release (latest by date)\" \tsrc=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FEasyJailbreak\u002FEasyJailbreak?label=release\" height=\"18\">\n\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_readme_fad1e67c454a.gif\" alt=\"EasyJailbreak GIF\" style=\"display: block; margin: 0 auto;\" \u002F>\n\n\n## Table of Contents\n\n- [About](#about)\n- [Setup](#setup)\n- [Project Structure](#project-structure)\n- [Usage](#usage)\n- [Citing EasyJailbreak](#citing-easyjailbreak)\n\n## About\n\n### ✨ Introduction\n\n**What is EasyJailbreak?**\n\nEasyJailbreak is an *easy-to-use* Python framework designed for researchers and developers focusing on LLM security. Specifically, EasyJailbreak decomposes the mainstream jailbreaking process into several iterable steps: initialize **mutation seeds**, **select suitable seeds**, **add constraint**, **mutate**, **attack**, and **evaluate**. On this basis, EasyJailbreak provides a component for each step, constructing a playground for further research and attempts. More details can be found in our paper. \n\n### 📚 Resources\n- **[Paper](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2403.12171.pdf):** Details the framework's design and key experimental results.\n\n- **[EasyJailbreak Website](http:\u002F\u002Feasyjailbreak.org\u002F):** Explore different LLMs' jailbreak results and view examples of jailbreaks. \n\n- **[Documentation](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io):** Detailed API documentation and parameter explanations.\n\n### 🏆 Experimental results\n\nThe jailbreak attack results of 11 attack recipes on 10 large language models can be downloaded at **[Link](https:\u002F\u002Fdrive.google.com\u002Ffile\u002Fd\u002F1Im3q9n6ThL4xiaUEBmD7M8rkOIjw8oWU\u002Fview?usp=sharing)**.\n\n\n## 🛠️ Setup\n\nThere are two methods to install EasyJailbreak. All those methods need `python>=3.9` installed.\n\n1. For users who only require the approaches (or [recipes](#using-recipe)) collected in EasyJailbreak, execute the following command:\n\n```shell\npip install easyjailbreak\n```\n\n2. For users interested in [adding new components](#diy-your-attacker) (e.g., new mutate or evaluate methods), follow these steps:\n\n```shell\ngit clone https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak.git\ncd EasyJailbreak\npip install -e .\n```\n\n## 🔍 Project Structure\n\nThis project is mainly divided into three parts.\n\n1. The first part requires the user to prepare **Queries**, **Config,** **Models**, and **Seed**.\n2. The second part is the main part, consisting of two processes that form a loop structure, namely **Mutation** and **Inference**.\n\n 1) In the **Mutation** process, the program will first select the optimal jailbreak prompts through **Selector**, then transform the prompts through **Mutator**, and then filter out the expected prompts through **Constraint.**\n 2) In the **Inference** process, the prompts are used to attack the **Target (model)** and obtain the target model's responses. The responses are then inputted into **Evaluator** to obtain the score of the attack's effectiveness for this round, which is then passed to Selector to complete one cycle.\n3. The third part you will get a **Report**. Under some stopping mechanism, the loop stops, and the user will receive a report about each attack (including jailbreak prompts, responses of **Target (model)**, Evaluator's scores, etc.).\n\n\u003Cp align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_readme_9dd0264c7faf.png\" alt=\"Project Structure\" height=\"300\">\u003C\u002Fp>\n\nThe following table shows the 4 essential components (i.e. **Selectors**, **Mutators**, **Constraints**, **Evaluators**) used by each recipe implemented in our project:\n\n| \u003Cfont face=\"Arial Black\" size=\"4\">Attack\u003Cbr>Recipes\u003C\u002Ffont> | \u003Cfont face=\"Arial Black\" size=\"4\">Selector\u003C\u002Ffont> | \u003Cfont face=\"Arial Black\" size=\"4\">Mutator\u003C\u002Ffont> | \u003Cfont face=\"Arial Black\" size=\"4\">Constraint\u003C\u002Ffont>| \u003Cfont face=\"Arial Black\" size=\"4\">Evaluator\u003C\u002Ffont>|\n| :---------------: | :---------------: |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:| :--------------: |:-------------: |\n| \u003Cfont face=\"Arial Black\">\u003Cb>ReNeLLM\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub> N\u002FA \u003C\u002Fsub>| \u003Csub>ChangeStyle\u003Cbr>InsertMeaninglessCharacters\u003Cbr>MisspellSensitiveWords\u003Cbr>Rephrase\u003Cbr>GenerateSimilar\u003Cbr>AlterSentenceStructure | \u003Csub>DeleteHarmLess | \u003Csub>Evaluator_GenerativeJudge |\n| \u003Cfont face=\"Arial Black\">\u003Cb>GPTFuzz\u003C\u002Fb>\u003C\u002Ffont>| \u003Csub>MCTSExploreSelectPolicy\u003Cbr>RandomSelector\u003Cbr>EXP3SelectPolicy\u003Cbr>RoundRobinSelectPolicy\u003Cbr>UCBSelectPolicy | \u003Csub> ChangeStyle\u003Cbr>Expand\u003Cbr>Rephrase\u003Cbr>Crossover\u003Cbr>Translation\u003Cbr>Shorten |\u003Csub> N\u002FA| \u003Csub>Evaluator_ClassificationJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>ICA\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub> N\u002FA| \u003Csub>N\u002FA | \u003Csub>N\u002FA|\u003Csub> Evaluator_PatternJudge\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>AutoDAN\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub> N\u002FA| \u003Csub>Rephrase\u003Cbr>CrossOver\u003Cbr>ReplaceWordsWithSynonyms |\u003Csub> N\u002FA| \u003Csub>Evaluator_PatternJudge\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>PAIR\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub> N\u002FA| \u003Csub>HistoricalInsight |\u003Csub> N\u002FA| \u003Csub>Evaluator_GenerativeGetScore\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>JailBroken\u003C\u002Fb>\u003C\u002Ffont> | \u003Csub>N\u002FA| \u003Csub>Artificial\u003Cbr>Auto_obfuscation\u003Cbr>Auto_payload_splitting\u003Cbr>Base64_input_only\u003Cbr>Base64_raw\u003Cbr>Base64\u003Cbr>Combination_1\u003Cbr>Combination_2\u003Cbr>Combination_3\u003Cbr>Disemovowel\u003Cbr>Leetspeak\u003Cbr>Rot13 | \u003Csub>N\u002FA|\u003Csub> Evaluator_GenerativeJudge\u003C\u002Fsub> |\n| \u003Cfont face=\"Arial Black\">\u003Cb>Cipher\u003C\u002Fb>\u003C\u002Ffont> | \u003Csub>N\u002FA| \u003Csub> AsciiExpert\u003Cbr>CaserExpert\u003Cbr>MorseExpert\u003Cbr>SelfDefineCipher |\u003Csub> N\u002FA| \u003Csub>Evaluator_GenerativeJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>DeepInception\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub> N\u002FA| \u003Csub>Inception |\u003Csub> N\u002FA|\u003Csub> Evaluator_GenerativeJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>MultiLingual\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub>N\u002FA| \u003Csub> Translate |\u003Csub> N\u002FA| \u003Csub>Evaluator_GenerativeJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>GCG\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub> ReferenceLossSelector| \u003Csub> MutationTokenGradient | \u003Csub>N\u002FA|\u003Csub> Evaluator_PrefixExactMatch\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>TAP\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub>SelectBasedOnScores| \u003Csub> IntrospectGeneration \u003C\u002Fsub> |\u003Csub> DeleteOffTopic \u003C\u002Fsub>| \u003Csub>Evaluator_GenerativeGetScore\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>CodeChameleon\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub>N\u002FA| \u003Csub> BinaryTree\u003Cbr>Length \u003Cbr> Reverse \u003Cbr> OddEven \u003C\u002Fsub> |\u003Csub> N\u002FA \u003C\u002Fsub>| \u003Csub>Evaluator_GenerativeGetScore\u003C\u002Fsub>|\n\n\n## 💻 Usage\n\n### Using Recipe\n\nWe have got many **implemented methods** ready for use! Instead of devising a new jailbreak scheme, the EasyJailbreak team gathers from relevant papers, referred to as **\"recipes\"**. Users can freely apply these jailbreak schemes on various models to familiarize the performance of both models and schemes. The only thing users need to do for this is download models and utilize the provided API.\n\nHere is a usage example:\n\n```python\nfrom easyjailbreak.attacker.PAIR_chao_2023 import PAIR\nfrom easyjailbreak.datasets import JailbreakDataset\nfrom easyjailbreak.models.huggingface_model import from_pretrained\nfrom easyjailbreak.models.openai_model import OpenaiModel\n\n# First, prepare models and datasets.\nattack_model = from_pretrained(model_name_or_path='lmsys\u002Fvicuna-13b-v1.5',\n model_name='vicuna_v1.1')\ntarget_model = OpenaiModel(model_name='gpt-4',\n api_keys='INPUT YOUR KEY HERE!!!')\neval_model = OpenaiModel(model_name='gpt-4',\n api_keys='INPUT YOUR KEY HERE!!!')\ndataset = JailbreakDataset('AdvBench')\n\n# Then instantiate the recipe.\nattacker = PAIR(attack_model=attack_model,\n target_model=target_model,\n eval_model=eval_model,\n jailbreak_datasets=dataset)\n\n# Finally, start jailbreaking.\nattacker.attack(save_path='vicuna-13b-v1.5_gpt4_gpt4_AdvBench_result.jsonl')\n```\n\nAll available recipes and their relevant information can be found in the [documentation](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\u002F).\n\n### DIY Your Attacker\n\n#### 1. Load Models\n\nYou can load a model in one line of python code.\n\n```python\n# import model prototype\nfrom easyjailbreak.models.huggingface_model import HuggingfaceModel\n\n# load the target model (but you may use up to 3 models in a attacker, i.e. attack_model, eval_model, target_model)\ntarget_model = HuggingfaceModel(model_name_or_path='meta-llama\u002FLlama-2-7b-chat-hf',\n model_name='llama-2')\n\n# use the target_model to generate response based on any input. Here is an example.\ntarget_response = target_model.generate(messages=['how to make a bomb?'])\n```\n\nEasyJailbreak also supports cloud-hosted models. For example, to use [MiniMax](https:\u002F\u002Fwww.minimaxi.com) models:\n\n```python\nfrom easyjailbreak.models.minimax_model import MiniMaxModel\n\n# MiniMax-M2.7 (204K context) via OpenAI-compatible API\ntarget_model = MiniMaxModel(api_keys='YOUR_MINIMAX_API_KEY')\n\n# Or specify a different model variant\ntarget_model = MiniMaxModel(\n api_keys='YOUR_MINIMAX_API_KEY',\n model_name='MiniMax-M2.7-highspeed',\n)\n```\n\n#### 2. Load Dataset and initialize Seed\n\n**Dataset**: We prepare a class named \"JailbreakDataset\" to wrap the the instance list. And every instance contains query, jailbreak prompts, etc. You can either load Dataset from our online repo or your local file.\n\n**Seed**: You can simply ramdomly generate initial seed.\n\n```python\nfrom easyjailbreak.datasets import JailbreakDataset\nfrom easyjailbreak.seed.seed_random import SeedRandom\n\n# Option 1: load dataset from our online repo. Available datasets and their details can be found at https:\u002F\u002Fhuggingface.co\u002Fdatasets\u002FLemhf14\u002FEasyJailbreak_Datasets\ndataset = JailbreakDataset(dataset='AdvBench')\n\n# Option 2: load dataset from a local file\ndataset = JailbreakDataset(local_file_type='csv', dataset='AdvBench.csv')\n\n# Randomly generate initial seed\nseeder = SeedRandom()\nseeder.new_seeds()\n```\n\n#### 3. Instantiate Components\n\n As mentioned in [Project Structure](#project-structure), the second part consists of 4 major components (modules, i.e. selector, mutator, constraint, evaluator) and you need to instantiate them when you DIY your attack method. All available **Selectors**, **Mutators**, **Constraint**, **Evaluators** and their details can be found in the [documentation](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\u002F).\n\nYou can `import` the module you want by using `from easyjailbreak.module_name.method_name import method_name`, here is a brief instruction for you to start (the `method_name` is what you choose as the method in the corresponding module):\n\n1. **Selector**: `from easyjailbreak.selector.method_name import method_name`\n2. **Mutator**: `from easyjailbreak.mutation.rule.method_name import method_name`\n3. **Constraint**: `from easyjailbreak.constraint.method_name import method_name`\n4. **Evaluator**: `from easyjailbreak.metrics.Evaluator.method_name import method_name`\n\nHere is an example.\n\n```python\nfrom easyjailbreak.selector.RandomSelector import RandomSelectPolicy\nfrom easyjailbreak.datasets import JailbreakDataset, Instance\nfrom easyjailbreak.seed import SeedTemplate\nfrom easyjailbreak.mutation.rule import Translate\nfrom easyjailbreak.models import from_pretrained\nimport torch\n\n# Initializes malicious questions used to attack language models\ninstance = Instance(query='How to make a bomb?')\ndataset = JailbreakDataset([instance])\n\n# Define the target model of the attack\nmodel = from_pretrained('meta-llama\u002FLlama-2-7b-chat-hf', 'llama-2', dtype=torch.bfloat16, max_new_tokens=200)\n\n# Initializes a Jailbreak prompt\ninital_prompt_seed = SeedTemplate().new_seeds(seeds_num= 10, method_list=['Gptfuzzer'])\ninital_prompt_seed = JailbreakDataset([Instance(jailbreak_prompt=prompt) for prompt in inital_prompt_seed])\n\n# Initializes a Selector\nselector = RandomSelectPolicy(inital_prompt_seed)\n\n# Apply selection to provide a prompt\ncandidate_prompt_set = selector.select()\nfor instance in dataset:\n instance.jailbreak_prompt = candidate_prompt_set[0].jailbreak_prompt\n\n# Mutate the raw query to fool the language model\nMutation = Translate(attr_name='query',language = 'jv')\nmutated_instance = Mutation(dataset)[0]\n\n# get target model's response\nattack_query = mutated_instance.jailbreak_prompt.format(query = mutated_instance.query)\nresponse = model.generate(attack_query)\n```\n\n## 🖊️ Citing EasyJailbreak\n\n```bibtex\n@misc{zhou2024easyjailbreak,\n title={EasyJailbreak: A Unified Framework for Jailbreaking Large Language Models}, \n author={Weikang Zhou and Xiao Wang and Limao Xiong and Han Xia and Yingshuang Gu and Mingxu Chai and Fukang Zhu and Caishuang Huang and Shihan Dou and Zhiheng Xi and Rui Zheng and Songyang Gao and Yicheng Zou and Hang Yan and Yifan Le and Ruohui Wang and Lijun Li and Jing Shao and Tao Gui and Qi Zhang and Xuanjing Huang},\n year={2024},\n eprint={2403.12171},\n archivePrefix={arXiv},\n primaryClass={cs.CL}\n}\n\n```\n","\u003Ch1 align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_readme_98489ebcc509.png\" alt=\"EasyJailbreak Logo\" height=\"60\">\u003C\u002Fh1>\n\n\u003Cp align=\"center\">\u003Cfont face=\"Lucida Sans\">\u003Cem>—— 一个易于使用的 Python 框架,通过组合不同的方法生成对抗性越狱提示\u003C\u002Fem>\u003C\u002Ffont>\u003Cbr>\u003Cbr> \n\u003Ca href=\"http:\u002F\u002Feasyjailbreak.org\u002F\">\n \t\u003Cimg alt=\"网站\" src=\"https:\u002F\u002Fimg.shields.io\u002Fwebsite?up_message=online&url=http%3A%2F%2Feasyjailbreak.org%2F\" height=\"18\">\n \u003C\u002Fa>\n\u003Ca>\n \t\u003Cimg alt=\"许可证\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-GPL%20v3-brightgreen\" height=\"18\">\n \u003C\u002Fa>\n\n \u003Ca href=\"https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\">\n \u003Cimg alt=\"阅读文档\" src=\"https:\u002F\u002Fimg.shields.io\u002Fstatic\u002Fv1?label=Read%20Docs&message=guide&color=blue\" height=\"18\">\n \u003C\u002Fa>\n\n\u003Ca href=\"https:\u002F\u002Fbadge.fury.io\u002Fpy\u002FEasyJailbreak\">\n \u003Cimg alt=\"GitHub 发布(按日期最新)\" \tsrc=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FEasyJailbreak\u002FEasyJailbreak?label=release\" height=\"18\">\n\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_readme_fad1e67c454a.gif\" alt=\"EasyJailbreak GIF\" style=\"display: block; margin: 0 auto;\" \u002F>\n\n\n## 目录\n\n- [简介](#about)\n- [安装](#setup)\n- [项目结构](#project-structure)\n- [使用](#usage)\n- [引用 EasyJailbreak](#citing-easyjailbreak)\n\n## 简介\n\n### ✨ 引言\n\n**什么是 EasyJailbreak?**\n\nEasyJailbreak 是一个*易于使用*的 Python 框架,专为关注 LLM 安全性的研究人员和开发者设计。具体而言,EasyJailbreak 将主流的越狱过程分解为若干可迭代的步骤:初始化**变异种子**、**选择合适种子**、**添加约束条件**、**变异**、**攻击**和**评估**。在此基础上,EasyJailbreak 为每一步都提供了相应的组件,从而构建了一个供进一步研究和尝试的实验平台。更多细节请参阅我们的论文。\n\n### 📚 资源\n- **[论文](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2403.12171.pdf):** 详细介绍了框架的设计及关键实验结果。\n\n- **[EasyJailbreak 官网](http:\u002F\u002Feasyjailbreak.org\u002F):** 探索不同 LLM 的越狱效果,并查看越狱示例。\n\n- **[文档](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io):** 详细的 API 文档和参数说明。\n\n### 🏆 实验结果\n\n11 种攻击配方在 10 个大型语言模型上的越狱攻击结果,可通过以下链接下载:**[链接](https:\u002F\u002Fdrive.google.com\u002Ffile\u002Fd\u002F1Im3q9n6ThL4xiaUEBmD7M8rkOIjw8oWU\u002Fview?usp=sharing)**。\n\n\n## 🛠️ 安装\n\n安装 EasyJailbreak 有两种方法。无论哪种方法,都需要先安装 `python>=3.9`。\n\n1. 对于仅需使用 EasyJailbreak 中收集的方法(或【配方】)的用户,请执行以下命令:\n\n```shell\npip install easyjailbreak\n```\n\n2. 对于希望【自定义攻击者】(例如,添加新的变异或评估方法)的用户,请按照以下步骤操作:\n\n```shell\ngit clone https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak.git\ncd EasyJailbreak\npip install -e .\n```\n\n## 🔍 项目结构\n\n该项目主要分为三个部分。\n\n1. 第一部分要求用户准备 **Queries**、**Config**、**Models** 和 **Seed**。\n2. 第二部分是主体部分,由两个形成循环结构的流程组成,即 **Mutation** 和 **Inference**。\n\n 1) 在 **Mutation** 流程中,程序首先通过 **Selector** 选择最优的越狱提示,然后通过 **Mutator** 对提示进行变换,最后通过 **Constraint** 过滤出符合预期的提示。\n \n 2) 在 **Inference** 流程中,这些提示被用来攻击 **Target (模型)**,并获取目标模型的响应。随后,这些响应会被输入到 **Evaluator** 中,以获得本轮攻击效果的评分,该评分会传递给 Selector,从而完成一个循环。\n3. 第三部分是生成 **Report**。在某种停止机制下,循环结束,用户将收到关于每次攻击的报告(包括越狱提示、**Target (模型)** 的响应、评估者的评分等)。\n\n\u003Cp align=\"center\">\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_readme_9dd0264c7faf.png\" alt=\"Project Structure\" height=\"300\">\u003C\u002Fp>\n\n下表展示了我们项目中实现的每种配方所使用的四个核心组件(即 **Selectors**、**Mutators**、**Constraints**、**Evaluators**):\n\n| \u003Cfont face=\"Arial Black\" size=\"4\">攻击\u003Cbr>配方\u003C\u002Ffont> | \u003Cfont face=\"Arial Black\" size=\"4\">Selector\u003C\u002Ffont> | \u003Cfont face=\"Arial Black\" size=\"4\">Mutator\u003C\u002Ffont> | \u003Cfont face=\"Arial Black\" size=\"4\">Constraint\u003C\u002Ffont>| \u003Cfont face=\"Arial Black\" size=\"4\">Evaluator\u003C\u002Ffont>|\n| :---------------: | :---------------: |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:| :--------------: |:-------------: |\n| \u003Cfont face=\"Arial Black\">\u003Cb>ReNeLLM\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub> N\u002FA \u003C\u002Fsub>| \u003Csub>ChangeStyle\u003Cbr>InsertMeaninglessCharacters\u003Cbr>MisspellSensitiveWords\u003Cbr>Rephrase\u003Cbr>GenerateSimilar\u003Cbr>AlterSentenceStructure | \u003Csub>DeleteHarmLess | \u003Csub>Evaluator_GenerativeJudge |\n| \u003Cfont face=\"Arial Black\">\u003Cb>GPTFuzz\u003C\u002Fb>\u003C\u002Ffont>| \u003Csub>MCTSExploreSelectPolicy\u003Cbr>RandomSelector\u003Cbr>EXP3SelectPolicy\u003Cbr>RoundRobinSelectPolicy\u003Cbr>UCBSelectPolicy | \u003Csub> ChangeStyle\u003Cbr>Expand\u003Cbr>Rephrase\u003Cbr>Crossover\u003Cbr>Translation\u003Cbr>Shorten |\u003Csub> N\u002FA| \u003Csub>Evaluator_ClassificationJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>ICA\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub> N\u002FA| \u003Csub>N\u002FA | \u003Csub>N\u002FA|\u003Csub> Evaluator_PatternJudge\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>AutoDAN\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub> N\u002FA| \u003Csub>Rephrase\u003Cbr>CrossOver\u003Cbr>ReplaceWordsWithSynonyms |\u003Csub> N\u002FA| \u003Csub>Evaluator_PatternJudge\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>PAIR\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub> N\u002FA| \u003Csub>HistoricalInsight |\u003Csub> N\u002FA| \u003Csub>Evaluator_GenerativeGetScore\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>JailBroken\u003C\u002Fb>\u003C\u002Ffont> | \u003Csub>N\u002FA| \u003Csub>Artificial\u003Cbr>Auto_obfuscation\u003Cbr>Auto_payload_splitting\u003Cbr>Base64_input_only\u003Cbr>Base64_raw\u003Cbr>Base64\u003Cbr>Combination_1\u003Cbr>Combination_2\u003Cbr>Combination_3\u003Cbr>Disemovowel\u003Cbr>Leetspeak\u003Cbr>Rot13 | \u003Csub>N\u002FA|\u003Csub> Evaluator_GenerativeJudge\u003C\u002Fsub> |\n| \u003Cfont face=\"Arial Black\">\u003Cb>Cipher\u003C\u002Fb>\u003C\u002Ffont> | \u003Csub>N\u002FA| \u003Csub> AsciiExpert\u003Cbr>CaserExpert\u003Cbr>MorseExpert\u003Cbr>SelfDefineCipher |\u003Csub> N\u002FA| \u003Csub>Evaluator_GenerativeJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>DeepInception\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub> N\u002FA| \u003Csub>Inception |\u003Csub> N\u002FA|\u003Csub> Evaluator_GenerativeJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>MultiLingual\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub>N\u002FA| \u003Csub> Translate |\u003Csub> N\u002FA| \u003Csub>Evaluator_GenerativeJudge \u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>GCG\u003C\u002Fb>\u003C\u002Ffont> |\u003Csub> ReferenceLossSelector| \u003Csub> MutationTokenGradient | \u003Csub>N\u002FA|\u003Csub> Evaluator_PrefixExactMatch\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>TAP\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub>SelectBasedOnScores| \u003Csub> IntrospectGeneration \u003C\u002Fsub> |\u003Csub> DeleteOffTopic \u003C\u002Fsub>| \u003Csub>Evaluator_GenerativeGetScore\u003C\u002Fsub>|\n| \u003Cfont face=\"Arial Black\">\u003Cb>CodeChameleon\u003C\u002Fb>\u003C\u002Ffont>|\u003Csub>N\u002FA| \u003Csub> BinaryTree\u003Cbr>Length \u003Cbr> Reverse \u003Cbr> OddEven \u003C\u002Fsub> |\u003Csub> N\u002FA \u003C\u002Fsub>| \u003Csub>Evaluator_GenerativeGetScore\u003C\u002Fsub>|\n\n\n## 💻 使用方法\n\n### 使用配方\n\n我们已经准备了许多可以直接使用的 **实现方法**!EasyJailbreak 团队并没有从头设计新的越狱方案,而是从相关论文中整理出了被称为 **“配方”** 的方法。用户可以自由地将这些越狱方案应用到不同的模型上,以熟悉模型和方案的表现。为此,用户只需下载模型并使用提供的 API 即可。\n\n以下是一个使用示例:\n\n```python\nfrom easyjailbreak.attacker.PAIR_chao_2023 import PAIR\nfrom easyjailbreak.datasets import JailbreakDataset\nfrom easyjailbreak.models.huggingface_model import from_pretrained\nfrom easyjailbreak.models.openai_model import OpenaiModel\n\n# 首先,准备模型和数据集。\nattack_model = from_pretrained(model_name_or_path='lmsys\u002Fvicuna-13b-v1.5',\n model_name='vicuna_v1.1')\ntarget_model = OpenaiModel(model_name='gpt-4',\n api_keys='在此输入您的密钥!!!')\neval_model = OpenaiModel(model_name='gpt-4',\n api_keys='在此输入您的密钥!!!')\ndataset = JailbreakDataset('AdvBench')\n\n# 然后实例化配方。\nattacker = PAIR(attack_model=attack_model,\n target_model=target_model,\n eval_model=eval_model,\n jailbreak_datasets=dataset)\n\n# 最后,开始越狱攻击。\nattacker.attack(save_path='vicuna-13b-v1.5_gpt4_gpt4_AdvBench_result.jsonl')\n```\n\n所有可用的配方及其相关信息都可以在[文档](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\u002F)中找到。\n\n### 自定义您的攻击者\n\n#### 1. 加载模型\n\n您可以用一行 Python 代码加载模型。\n\n```python\n# 导入模型原型\nfrom easyjailbreak.models.huggingface_model import HuggingfaceModel\n\n# 加载目标模型(但您可以在一个攻击者中使用最多 3 个模型,即攻击模型、评估模型和目标模型)\ntarget_model = HuggingfaceModel(model_name_or_path='meta-llama\u002FLlama-2-7b-chat-hf',\n model_name='llama-2')\n\n# 使用目标模型根据任何输入生成响应。以下是一个示例。\ntarget_response = target_model.generate(messages=['如何制造炸弹?'])\n```\n\nEasyJailbreak 还支持云端托管的模型。例如,要使用 [MiniMax](https:\u002F\u002Fwww.minimaxi.com) 模型:\n\n```python\nfrom easyjailbreak.models.minimax_model import MiniMaxModel\n\n# MiniMax-M2.7(204K 上下文)通过与 OpenAI 兼容的 API\ntarget_model = MiniMaxModel(api_keys='YOUR_MINIMAX_API_KEY')\n\n# 或者指定不同的模型变体\ntarget_model = MiniMaxModel(\n api_keys='YOUR_MINIMAX_API_KEY',\n model_name='MiniMax-M2.7-highspeed',\n)\n```\n\n#### 2. 加载数据集并初始化种子\n\n**数据集**:我们准备了一个名为“JailbreakDataset”的类来封装实例列表。每个实例包含查询、越狱提示等。您可以从我们的在线仓库或本地文件中加载数据集。\n\n**种子**:您可以简单地随机生成初始种子。\n\n```python\nfrom easyjailbreak.datasets import JailbreakDataset\nfrom easyjailbreak.seed.seed_random import SeedRandom\n\n# 选项 1:从我们的在线仓库加载数据集。可用的数据集及其详细信息可在 https:\u002F\u002Fhuggingface.co\u002Fdatasets\u002FLemhf14\u002FEasyJailbreak_Datasets 上找到\ndataset = JailbreakDataset(dataset='AdvBench')\n\n# 选项 2:从本地文件加载数据集\ndataset = JailbreakDataset(local_file_type='csv', dataset='AdvBench.csv')\n\n# 随机生成初始种子\nseeder = SeedRandom()\nseeder.new_seeds()\n```\n\n#### 3. 实例化组件\n\n如[项目结构](#project-structure)所述,第二部分由 4 个主要组件(模块,即选择器、变异器、约束器、评估器)组成,您在自定义攻击方法时需要实例化它们。所有可用的**选择器**、**变异器**、**约束器**、**评估器**及其详细信息都可以在[文档](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\u002F)中找到。\n\n您可以使用 `from easyjailbreak.module_name.method_name import method_name` 来导入所需的模块,以下是供您入门的简要说明(`method_name` 是您在相应模块中选择的方法):\n\n1. **选择器**:`from easyjailbreak.selector.method_name import method_name`\n2. **变异器**:`from easyjailbreak.mutation.rule.method_name import method_name`\n3. **约束器**:`from easyjailbreak.constraint.method_name import method_name`\n4. **评估器**:`from easyjailbreak.metrics.Evaluator.method_name import method_name`\n\n以下是一个示例。\n\n```python\nfrom easyjailbreak.selector.RandomSelector import RandomSelectPolicy\nfrom easyjailbreak.datasets import JailbreakDataset, Instance\nfrom easyjailbreak.seed import SeedTemplate\nfrom easyjailbreak.mutation.rule import Translate\nfrom easyjailbreak.models import from_pretrained\nimport torch\n\n# 初始化用于攻击语言模型的恶意问题\ninstance = Instance(query='如何制造炸弹?')\ndataset = JailbreakDataset([instance])\n\n# 定义攻击的目标模型\nmodel = from_pretrained('meta-llama\u002FLlama-2-7b-chat-hf', 'llama-2', dtype=torch.bfloat16, max_new_tokens=200)\n\n# 初始化越狱提示\ninital_prompt_seed = SeedTemplate().new_seeds(seeds_num= 10, method_list=['Gptfuzzer'])\ninital_prompt_seed = JailbreakDataset([Instance(jailbreak_prompt=prompt) for prompt in inital_prompt_seed])\n\n# 初始化选择器\nselector = RandomSelectPolicy(inital_prompt_seed)\n\n# 应用选择以提供提示\ncandidate_prompt_set = selector.select()\nfor instance in dataset:\n instance.jailbreak_prompt = candidate_prompt_set[0].jailbreak_prompt\n\n# 变异原始查询以欺骗语言模型\nMutation = Translate(attr_name='query',language = 'jv')\nmutated_instance = Mutation(dataset)[0]\n\n# 获取目标模型的响应\nattack_query = mutated_instance.jailbreak_prompt.format(query = mutated_instance.query)\nresponse = model.generate(attack_query)\n```\n\n## 🖊️ 引用 EasyJailbreak\n\n```bibtex\n@misc{zhou2024easyjailbreak,\n title={EasyJailbreak: 大型语言模型越狱的统一框架}, \n author={Weikang Zhou 和 Xiao Wang 和 Limao Xiong 和 Han Xia 和 Yingshuang Gu 和 Mingxu Chai 和 Fukang Zhu 和 Caishuang Huang 和 Shihan Dou 和 Zhiheng Xi 和 Rui Zheng 和 Songyang Gao 和 Yicheng Zou 和 Hang Yan 和 Yifan Le 和 Ruohui Wang 和 Lijun Li 和 Jing Shao 和 Tao Gui 和 Qi Zhang 和 Xuanjing Huang},\n year={2024},\n eprint={2403.12171},\n archivePrefix={arXiv},\n primaryClass={cs.CL}\n}\n\n```","# EasyJailbreak 快速上手指南\n\nEasyJailbreak 是一个易于使用的 Python 框架,专为大语言模型(LLM)安全研究人员和开发者设计。它通过将越狱攻击流程分解为初始化种子、选择、添加约束、变异、攻击和评估等可迭代步骤,帮助用户快速生成对抗性越狱提示词。\n\n## 环境准备\n\n在开始之前,请确保您的开发环境满足以下要求:\n\n* **操作系统**:Linux, macOS 或 Windows\n* **Python 版本**:`Python >= 3.9`\n* **依赖项**:安装过程中会自动处理所需的 Python 库(如 `torch`, `transformers` 等)。\n\n> **提示**:建议在使用前配置好国内镜像源(如清华源或阿里源)以加速依赖包下载。\n\n## 安装步骤\n\n根据您的使用需求,可以选择以下两种安装方式之一:\n\n### 方式一:直接使用现有攻击方法(推荐)\n如果您仅需使用框架中已集成的攻击算法(Recipes),无需修改底层代码,可直接通过 pip 安装:\n\n```shell\npip install easyjailbreak\n```\n\n### 方式二:源码安装(用于二次开发)\n如果您计划添加新的组件(例如自定义变异策略 Mutator 或评估器 Evaluator),建议克隆源码并进行可编辑安装:\n\n```shell\ngit clone https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak.git\ncd EasyJailbreak\npip install -e .\n```\n\n## 基本使用\n\nEasyJailbreak 的核心用法是调用预置的“攻击配方(Recipe)”。以下示例展示了如何使用 **PAIR** 算法对目标模型发起越狱攻击。\n\n### 最小化使用示例\n\n该示例演示了加载攻击模型、目标模型、评估模型及数据集,并启动攻击流程的全过程。\n\n```python\nfrom easyjailbreak.attacker.PAIR_chao_2023 import PAIR\nfrom easyjailbreak.datasets import JailbreakDataset\nfrom easyjailbreak.models.huggingface_model import from_pretrained\nfrom easyjailbreak.models.openai_model import OpenaiModel\n\n# 1. 准备模型和数据集\n# 加载本地 HuggingFace 模型作为攻击模型\nattack_model = from_pretrained(model_name_or_path='lmsys\u002Fvicuna-13b-v1.5',\n model_name='vicuna_v1.1')\n\n# 加载 OpenAI 模型作为目标模型和评估模型 (需替换为您的 API Key)\ntarget_model = OpenaiModel(model_name='gpt-4',\n api_keys='INPUT YOUR KEY HERE!!!')\neval_model = OpenaiModel(model_name='gpt-4',\n api_keys='INPUT YOUR KEY HERE!!!')\n\n# 加载预设数据集 (例如 AdvBench)\ndataset = JailbreakDataset('AdvBench')\n\n# 2. 实例化攻击配方 (Attacker)\nattacker = PAIR(attack_model=attack_model,\n target_model=target_model,\n eval_model=eval_model,\n jailbreak_datasets=dataset)\n\n# 3. 开始执行越狱攻击并保存结果\nattacker.attack(save_path='vicuna-13b-v1.5_gpt4_gpt4_AdvBench_result.jsonl')\n```\n\n### 关键组件说明\n* **Models**: 支持加载本地 HuggingFace 模型或云端 API 模型(如 OpenAI, MiniMax 等)。\n* **Datasets**: 使用 `JailbreakDataset` 类加载包含查询语句和初始提示词的数据集。\n* **Recipes**: 框架内置了 ReNeLLM, GPTFuzz, AutoDAN, PAIR 等多种主流攻击算法,只需导入对应的类即可使用。\n\n更多可用的攻击配方及详细参数说明,请参阅 [官方文档](https:\u002F\u002Feasyjailbreak.github.io\u002FEasyJailbreakDoc.github.io\u002F)。","某大模型安全团队正在对即将上线的客服聊天机器人进行红队测试,旨在发现并修复其可能被诱导输出有害内容的漏洞。\n\n### 没有 EasyJailbreak 时\n- **攻击脚本开发耗时**:研究人员需手动编写大量变体提示词或从零构建复杂的自动化攻击脚本,重复劳动多且效率低下。\n- **方法复现困难**:想要对比不同前沿越狱算法(如 GCG、AutoDAN)的效果时,需分别寻找分散的代码库并解决依赖冲突,环境配置极其繁琐。\n- **评估标准不一**:缺乏统一的自动化评估模块,只能依靠人工逐条检查模型回复来判断是否越狱成功,主观性强且难以量化。\n- **迭代闭环缺失**:无法自动根据上一轮攻击结果优化下一轮提示词,难以形成“生成 - 攻击 - 评估 - 优化”的高效闭环。\n\n### 使用 EasyJailbreak 后\n- **框架化快速搭建**:直接调用 EasyJailbreak 预置的组件,通过简单配置即可组装出完整的攻击流程,将实验准备时间从数天缩短至几小时。\n- **一站式算法集成**:内置 11 种主流越狱算法模板,团队可一键切换不同策略对同一模型进行批量测试,轻松实现横向对比。\n- **自动化定量评估**:利用内置的 Evaluator 模块自动打分,客观量化模型在不同攻击下的脆弱程度,输出包含具体越狱提示词和回复的详细报告。\n- **智能迭代优化**:依托其突变(Mutation)与选择(Selector)机制,系统能自动筛选高成功率种子并持续演化攻击提示词,显著提升挖掘深度漏洞的概率。\n\nEasyJailbreak 通过将复杂的越狱攻击流程标准化和模块化,让安全团队能以最低成本构建高效的自动化红队测试体系,全面筑牢大模型安全防线。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002FEasyJailbreak_EasyJailbreak_47c48c13.png","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002FEasyJailbreak_b0cd2513.png","",null,"https:\u002F\u002Fgithub.com\u002FEasyJailbreak",[80,84,88],{"name":81,"color":82,"percentage":83},"Python","#3572A5",85.7,{"name":85,"color":86,"percentage":87},"Jupyter Notebook","#DA5B0B",14.3,{"name":89,"color":90,"percentage":91},"Shell","#89e051",0,830,83,"2026-04-01T06:44:04","GPL-3.0","未说明",{"notes":98,"python":99,"dependencies":100},"README 中未详细列出具体的依赖库列表(如 torch, transformers 等),仅提供了安装命令(pip install easyjailbreak 或 pip install -e .)。该工具支持加载本地 HuggingFace 模型(如 Vicuna, Llama-2)以及云端 API 模型(如 OpenAI, MiniMax)。若使用本地大模型进行攻击或评估,实际 GPU 和内存需求将取决于所选具体模型的规模。",">=3.9",[],[26,54,13],[103,104,105,106,107,108],"large-language-model","llm-security","llm-safety-benchmark","jailbreak","discrete-optimization","jailbreak-framework","2026-03-27T02:49:30.150509","2026-04-06T05:36:41.684872",[112,117,122,127,132,137],{"id":113,"question_zh":114,"answer_zh":115,"source_url":116},17031,"EasyJailbreak 支持多模态模型吗?如果想在多模态场景中使用,需要修改哪些代码?","目前主要适用于大语言模型(LLM),多模态安全评测计划在后续大版本中更新。若需自行修改代码以支持多模态数据,建议按以下步骤操作:\n1. 修改 datasets 目录下的 instance 和 jailbreak_datasets:添加变量存储其他模态信息,并新增对应的 load_xxx 函数。\n2. 修改 models 中的 generate 方法:增加对非文本模态的处理逻辑。\n3. 如果输出包含非文本模态且需要使用 constraint、Evaluator 或 mutation 组件,也需在对应类中加入对非文本模态的处理。","https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fissues\u002F9",{"id":118,"question_zh":119,"answer_zh":120,"source_url":121},17032,"运行 PAIR 攻击时出现 \"ERROR:root:Error parsing extracted structure\" 错误,这是正常现象吗?","这是正常现象。该错误通常发生在攻击模型输出的 JSON 格式有问题时(例如出现了多余的引号导致解析失败)。正因为如此,PAIR 算法在设计上会尝试多次生成越狱提示词,直到获得格式正确且有效的输出为止。只要程序没有崩溃并最终产生了结果,可以忽略中间的此类报错。","https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fissues\u002F27",{"id":123,"question_zh":124,"answer_zh":125,"source_url":126},17033,"服务器无法连接外网(无 VPN),如何加载本地的 Hugging Face Parquet 格式数据集?","可以直接使用 `easyjailbreak.datasets.JailbreakDataset` 类加载本地文件。调用时传入本地文件路径,并指定 `local_file_type` 参数。底层实现调用了 Hugging Face `datasets` 库的 `load_dataset` 函数。示例用法参考:`JailbreakDataset(dataset_file_path, local_file_type=...)`。","https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fissues\u002F4",{"id":128,"question_zh":129,"answer_zh":130,"source_url":131},17034,"运行 GPTFuzzer 示例时遇到 \"Conversation has no attribute template\" 错误,或者程序运行几次迭代后卡住不动,如何解决?","关于 \"Conversation has no attribute template\" 错误,可能需要检查模型对话模板的配置。关于程序在两次迭代后卡住的问题,这通常不是死锁,而是因为:\n1. 超参数设置导致在两次迭代后自动停止;\n2. 越狱攻击任务已经完成。\n请检查输出结果日志以及具体的超参数配置(如最大迭代次数)来确认原因。","https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fissues\u002F22",{"id":133,"question_zh":134,"answer_zh":135,"source_url":136},17035,"使用 Python 3.8 运行时出现 \"module 'functools' has no attribute 'cache'\" 错误,该怎么办?","这是因为 `functools.cache` 装饰器是在 Python 3.9 版本中才引入的。解决方法是将 Python 环境升级到 3.9 或更高版本(项目 README 已更新要求 python>=3.9)。如果必须使用旧版本,可以将代码中的 `@functools.cache` 替换为 `@functools.lru_cache(maxsize=None)` 以达到类似效果。","https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fissues\u002F16",{"id":138,"question_zh":139,"answer_zh":140,"source_url":116},17036,"如何自定义或修改越狱攻击的流程和内容?","是可以人为修改的。核心思路是参考项目中现有的 `attacker` 类和 `examples` 目录下的写法。主要涉及数据的加载、模型的初始化以及各个组件(如变异、选择器、约束等)的拼接组合。通过调整这些模块的组合方式,可以实现对攻击流程的定制和优化。",[142,147,152],{"id":143,"version":144,"summary_zh":145,"released_at":146},99291,"0.1.3","# 发布说明\n\n合并了以下拉取请求:\n\n- [#17](https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fpull\u002F17)\n- [#20](https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fpull\u002F20)\n- [#29](https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fpull\u002F29)\n\n感谢开源社区的宝贵贡献。","2024-08-30T03:25:51",{"id":148,"version":149,"summary_zh":150,"released_at":151},99292,"0.1.2","修复了多个文件之间命名不一致的问题,该问题曾导致部分脚本执行失败。此问题已根据 [#2](https:\u002F\u002Fgithub.com\u002FEasyJailbreak\u002FEasyJailbreak\u002Fissues\u002F2) 中的讨论得到识别和解决。\n\n我们感谢您一直以来的支持与反馈,它们对 EasyJailbreak 的持续改进起到了至关重要的作用😊","2024-03-12T14:24:42",{"id":153,"version":154,"summary_zh":155,"released_at":156},99293,"0.1.1","我们非常高兴地宣布 EasyJailbreak v0.1.1 的首次发布!EasyJailbreak 是一个易于使用的 Python 框架,用于生成对抗性越狱提示。这是我们的首个正式版本,我们很高兴与社区分享!","2024-02-01T05:16:20"]