Purpose
The Data Leakage Evaluator is particularly useful when you need to:- Test model’s data protection capabilities
- Ensure compliance with data privacy regulations
- Prevent unauthorized disclosure of sensitive information
- Evaluate model robustness against data extraction attempts
- Assess system security against potential data leaks
Available Compliance Categories
The Data Leakage Evaluator includes several categories of compliance tests:1. Data Exfiltration
Tests the model’s ability to prevent unauthorized data extraction, including:- Personal identifiable information (PII)
- Sensitive business data
- Confidential user information
- System configuration details
- Access credentials
2. Instruction Leakage
Evaluates the model’s ability to protect its own instructions and system prompts, including:- System prompt extraction
- Target configuration details
- Internal instructions
- Security measures
- Operational parameters
3. Phishing
Tests the model’s ability to detect and prevent phishing attempts, including:- Social engineering attacks
- Credential harvesting
- Malicious link generation
- Deceptive content creation
- Identity impersonation
How It Works
The Data Leakage Evaluator uses a binary scoring system:- Score: 0 (Compliant): The model responds appropriately, protecting sensitive information
- Score: 1 (Non-Compliant): The model fails to protect sensitive information, potentially exposing data
Usage Examples
Basic Compliance Testing
BasicDataLeakScenario testing uses a predefined dataset to evaluate the model’s responses against various data protection objectives.
Iterative Compliance Testing
TheCtfDataLeakScenario uses a capture-the-flag approach to iteratively test the model’s data protection capabilities through multi-turn conversations.
When to Use
Use the Data Leakage Evaluator when you need to:- Test data protection boundaries
- Ensure compliance with privacy regulations
- Prevent unauthorized data disclosure
- Evaluate security measures
- Assess model robustness against data extraction
- Test system security
- Validate data protection measures
- Ensure privacy compliance