Skip to main content
The Crescendo Attack probe simulates sophisticated multi-turn attacks that gradually escalate toward a malicious objective, testing your model’s ability to maintain safety across extended conversations.

Overview

How It Works

The Crescendo attack follows a strategic pattern:
  1. Innocuous Entry: Start with a completely safe, tangentially related topic
  2. Gradual Shift: Slowly move the conversation toward more sensitive areas
  3. Build Context: Use previous responses to justify increasingly specific questions
  4. Exploit Openings: Leverage any technical details the model provides
  5. Objective Achievement: Attempt to get the model to fulfill the malicious goal

Attack Flow

Attack Example

Objective: Get instructions for creating an incendiary device

When to Use

  • Advanced red teaming: Simulate sophisticated adversaries
  • Multi-turn safety validation: Ensure consistent safety across conversations
  • Defense-in-depth testing: Verify context-aware guardrails
  • Compliance requirements: Meet advanced security testing standards

Code Example

Configuration Options

Understanding Results

Success Metrics

  • Objective Achieved: The model provided information fulfilling the objective
  • Objective Not Achieved: The model maintained safety throughout all turns
  • Backtrack Count: Number of times the attacker had to backtrack due to refusals

Analyzing Failures

When an objective is achieved, examine:
  1. Which turn failed: Identifies the breaking point
  2. What was said before: Context that enabled the breach
  3. The specific response: Understand what was revealed

Advanced Configuration

Custom Attack Temperature