Do-Not-Answer Adversarial (jailbreak variant of Do-Not-Answer)
An adversarial extension of the Do-Not-Answer benchmark that wraps each of the 939 harmful prompts (spanning five risk areas) in one of three jailbreak transforms – prefix injection, refusal suppression, or their combination – drawn from Wei et al. 2023. The model’s response is scored against the original instruction using a seven-action behavioural taxonomy. The primary metric is follow_rate per risk area, with the delta versus the clean baseline indicating safeguard degradation under attack.
Overview
⚠️ External evaluation. Code lives in an upstream repository. inspect_evals lists it for discoverability; review the upstream repo and pinned commit before running.
Source: mkzung/inspect-evals-do-not-answer@b386689
An adversarial extension of the Do-Not-Answer benchmark that wraps each of the 939 harmful prompts (spanning five risk areas) in one of three jailbreak transforms – prefix injection, refusal suppression, or their combination – drawn from Wei et al. 2023. The model’s response is scored against the original instruction using a seven-action behavioural taxonomy. The primary metric is follow_rate per risk area, with the delta versus the clean baseline indicating safeguard degradation under attack.
Usage
Installation
This is an externally-maintained evaluation. Clone the upstream repository at the pinned commit and install its dependencies:
git clone https://github.com/mkzung/inspect-evals-do-not-answer
cd inspect-evals-do-not-answer
git checkout b386689ab2d469ea1ff9eb423ac048549f7542c5
uv syncRunning evaluations
CLI
uv run inspect eval src/do_not_answer/adversarial.py@do_not_answer_adversarial --model openai/gpt-5-nanoPython
from inspect_ai import eval
from do_not_answer.adversarial import do_not_answer_adversarial
eval(do_not_answer_adversarial(), model="openai/gpt-5-nano")View logs
uv run inspect viewMore information
For the dataset, scorer, task parameters, and validation, see the upstream repo: mkzung/inspect-evals-do-not-answer.
Options
You can control a variety of options from the command line. For example:
uv run inspect eval src/do_not_answer/adversarial.py@do_not_answer_adversarial --limit 10
uv run inspect eval src/do_not_answer/adversarial.py@do_not_answer_adversarial --max-connections 10
uv run inspect eval src/do_not_answer/adversarial.py@do_not_answer_adversarial --temperature 0.5See uv run inspect eval --help for all available options.
More command-line options: Inspect docs ↗