Skip to main content
TrustTest includes a comprehensive catalog of red teaming attack probes designed to evaluate AI model safety, security, and robustness. This page provides a complete reference of all available attack categories, their purpose, and when to use them.

Probe Architecture

Each attack in TrustTest is implemented as a Probe. A probe generates test cases that are sent to your target model, collecting responses for evaluation. Probes can be:
  • Dataset-based: Use curated datasets of attack prompts
  • Prompt-based: Dynamically generate attacks using LLMs
  • Multi-turn: Conduct sophisticated attacks across multiple conversation turns

Attack Categories

Prompt Injections

Prompt injection attacks attempt to manipulate the model into ignoring its instructions or behaving in unintended ways. This is the most comprehensive category with attacks organized by technique:
  • Single Turn Attacks: Direct attacks in a single message (jailbreaking, encoding, structural attacks)
  • Multi-Turn Attacks: Sophisticated attacks across multiple conversation turns (Crescendo, Echo Chamber)
  • From Dataset: Attacks loaded from curated datasets
View all Prompt Injection attacks →

Content Bias

Content bias probes evaluate your model for cognitive and stereotypical biases. Learn more about Content Bias testing →

Sensitive Data Leak

Probes that attempt to extract confidential information from the model. Learn more about Sensitive Data Leak testing →

System Prompt Disclosure

Probes that attempt to extract the model’s system prompt or internal instructions. Learn more about System Prompt Disclosure testing →

Input Leakage

Probes that test whether the model reveals information from previous conversations. Learn more about Input Leakage testing →

Unsafe Outputs

Probes that test the model’s guardrails against generating harmful content. Learn more about Unsafe Outputs testing →

Off-Topic

Probes that test if the model stays within its intended scope. Learn more about Off-Topic testing →

Agentic Behavior

Probes that test AI agents for safety concerns specific to autonomous systems. Learn more about Agentic Behavior testing →

Choosing the Right Probes

By Risk Level

Critical Security (Must Test):
  • Prompt Injection attacks (especially DAN, System Override)
  • Unsafe Outputs (Hate, Violence, CSAM)
  • System Prompt Disclosure
High Priority:
  • Sensitive Data Leak probes
  • Input Leakage probes
  • Multi-turn attacks (Crescendo, Echo Chamber)
Standard Testing:
  • Content Bias probes
  • Off-Topic probes
  • Encoding/Obfuscation attacks
Agent-Specific (If Applicable):
  • Agentic Behavior probes
  • Tool-related data leak probes

By Use Case


Next Steps

Prompt Injections

Explore all prompt injection attack techniques

Creating Custom Probes

Learn how to build your own attack probes