Red-team your Azure OpenAI models in 10 minutes
Interactive notebook Β· One-command HTML report Β· Live attack dashboard
A hands-on demo of PyRIT (Python Risk Identification Tool) β Microsoft's open-source framework for finding safety vulnerabilities in LLMs before bad actors do.
This repo gives you three ways to red-team your AI:
| Tool | What it does | How to run |
|---|---|---|
| π Interactive Notebook | Walk through 5 attack demos step-by-step | PyRIT_Demo.ipynb |
| π Static HTML Report | Run 8 automated tests β beautiful HTML report | python run_red_team.py |
| β‘ Live Dashboard | Real-time web app to fire attacks interactively | python live_dashboard.py |
| # | Demo | Technique | What you'll see |
|---|---|---|---|
| 1 | π Nice Try! | Direct prompt | Model refuses a harmful request |
| 2 | π΅οΈ Speak in Code | Base64 encoding | Prompt disguised as encoded text |
| 3 | βοΈ The AI Judge | Auto-scoring | Second LLM grades the response |
| 4 | π Jailbreak Showdown | DAN template | Famous jailbreak vs. guardrails |
| 5 | π€βοΈπ€ AI vs AI | Multi-turn red teaming | Attacker LLM battles target LLM over 3 turns |
| Test | Technique |
|---|---|
| T1 | Direct harmful prompt |
| T2 | Base64-encoded prompt |
| T3 | Character swap obfuscation |
| T4 | AI-scored evaluation |
| T5-T6 | DAN jailbreak (2 prompts) |
| T7 | Refusal detection |
| T8 | AI vs AI (multi-turn red teaming) |
- 7 attack techniques: Direct, Base64, CharSwap, AI-Scored, DAN Jailbreak, AI vs AI (Multi-Turn), Image+Text
- 4 models: GPT-4o, GPT-5-mini, o4-mini, Phi-4 Multimodal
- Image upload: Test multimodal attacks with text + image
- Real-time results: Auto-updating cards with BLOCKED/BYPASSED status
- Stats bar: Live counters for total, blocked, bypassed, and running tests
- Keyboard shortcut: Ctrl+Enter to fire
- Python 3.10 β 3.13 (PyRIT does not support 3.14+)
- Azure subscription with:
- Azure OpenAI resource with model deployments
- (Optional) Azure AI Foundry project for Phi-4 models
- Azure CLI logged in:
az login - RBAC role:
Cognitive Services OpenAI Useron your Azure OpenAI resource
# Get your user object ID
USER_ID=$(az ad signed-in-user show --query id -o tsv)
# Assign the role (replace with your resource ID)
az role assignment create \
--assignee $USER_ID \
--role "Cognitive Services OpenAI User" \
--scope /subscriptions/<SUB_ID>/resourceGroups/<RG>/providers/Microsoft.CognitiveServices/accounts/<AOAI_NAME>git clone https://github.com/ritwickmicrosoft/pyrit-demo.git
cd pyrit-demopython -m venv .venv
# Windows
.venv\Scripts\activate
# macOS/Linux
source .venv/bin/activatepip install pyrit fastapi uvicorn python-multipartEdit the top of live_dashboard.py and run_red_team.py with your Azure OpenAI endpoint:
AOAI_ENDPOINT = "https://<your-resource>.openai.azure.com/openai/v1"For the notebook, update ENDPOINT in the setup cell.
jupyter notebook PyRIT_Demo.ipynbRun cells sequentially β each demo takes ~30 seconds.
python run_red_team.pyGenerates red_team_report.html and auto-opens it in your browser. 7 tests, ~2 minutes.
python live_dashboard.pyOpen http://localhost:8765 β type prompts, pick models, fire attacks, watch results live.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Your Prompts β
β (text, Base64, CharSwap, jailbreak) β
ββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PyRIT Framework β
β ββββββββββββ ββββββββββββββ ββββββββββββββββββββββββ β
β β Converter ββ β Attack ββ β Scorer β β
β β (Base64, β β (Sending, β β (TrueFalse, β β
β β CharSwap β β Jailbreak)β β SelfAsk) β β
β β ROT13) β β β β β β
β ββββββββββββ ββββββββββββββ ββββββββββββββββββββββββ β
ββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββ
β
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Azure AI Endpoints β
β βββββββββββ ββββββββββββ ββββββββββ ββββββββββββββββ β
β β GPT-4o β βGPT-5-miniβ βo4-mini β βPhi-4 Multimodβ β
β βββββββββββ ββββββββββββ ββββββββββ ββββββββββββββββ β
β Azure OpenAI Azure AI Foundry β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
pyrit-demo/
βββ PyRIT_Demo.ipynb # π Interactive notebook (4 demos)
βββ run_red_team.py # π Static HTML report generator (8 tests)
βββ live_dashboard.py # β‘ Live web dashboard (FastAPI + uvicorn)
βββ PRESENTER_NOTES.md # π€ 10-minute talk track
βββ uploads/ # π Temp storage for image uploads
βββ README.md # π You are here
| Concept | Description |
|---|---|
| Target | The LLM you're testing (GPT-4o, Phi-4, etc.) |
| Attack | Sends prompts to the target (PromptSendingAttack) |
| Converter | Transforms prompts before sending (Base64, CharSwap, ROT13) |
| Scorer | Evaluates if the attack succeeded (SelfAskTrueFalseScorer) |
| Jailbreak | System prompt that tries to bypass safety (TextJailBreak) |
Converters and scorers are composable β mix and match them like LEGO blocks:
attack = PromptSendingAttack(
objective_target=target,
attack_converter_config=AttackConverterConfig(
request_converters=PromptConverterConfiguration.from_converters(
converters=[Base64Converter(), CharSwapConverter()]
)
),
attack_scoring_config=AttackScoringConfig(
objective_scorer=SelfAskTrueFalseScorer(...)
),
)This demo uses Microsoft Entra ID (RBAC) β no API keys needed:
from azure.identity import DefaultAzureCredential
credential = DefaultAzureCredential()
token = credential.get_token("https://cognitiveservices.azure.com/.default").tokenJust run az login before starting, and make sure your account has the Cognitive Services OpenAI User role.
- PyRIT Documentation: azure.github.io/PyRIT
- PyRIT GitHub: github.com/Azure/PyRIT
- Azure OpenAI: learn.microsoft.com/azure/ai-services/openai
- Azure AI Foundry: learn.microsoft.com/azure/ai-studio
- Responsible AI: microsoft.com/ai/responsible-ai
This project is licensed under the MIT License. See LICENSE for details.
Built with β€οΈ by Ritwick Dutta using PyRIT