ReleaseMicrosoftMicrosoftpublished Feb 6, 2026seen 5d

microsoft/PyRIT v0.11.0

microsoft/PyRIT

Open original ↗

Captured source

source ↗
GH
GitHub/github.com/microsoft/PyRIT
microsoft/PyRIT v0.11.0
Source ↗
published Feb 6, 2026seen 5dcaptured 13hhttp 200method plain

v0.11.0

Repository: microsoft/PyRIT

Tag: v0.11.0

Published: 2026-02-06T06:15:32Z

Prerelease: no

Release notes:

What's Changed

---

⚠️ Breaking Changes

  • Attacks and executors now operate on `Message` instead of SeedPromptGroup
  • Scorer evaluation and registry refactors introduce new protocols and identifiers
  • Scenario names and configuration APIs have been renamed for consistency
  • PrependedConversationConfig and attack parameter handling have been aligned
  • Message normalization and registry metadata were refactored

Please review the deprecation notes and migration guidance before upgrading.

---

🎯 Targets

  • Added `WebSocketCopilotTarget`, enabling WebSocket-based prompt execution against Microsoft Copilot
  • Refactored `ImageTarget`, including image download support
  • Added image edit/remix support to OpenAIImageTarget
  • Introduced target identifiers (including underlying model and version metadata) across all target classes
  • Added audio and tool support to chat completions

---

📚 Datasets

  • Added VLSU Multimodal Dataset
  • Added 30 jailbreak attack templates, spanning:
  • Authority & institutional framing (6)
  • Philosophical / decision-theory exploits (5)
  • Identity / persona attacks (4)
  • Context manipulation (4)
  • Few-shot priming (3)
  • Fictional / narrative framing (3)
  • Technical exploits (3)
  • Emotional / scenario-based attacks (2)
  • Restored the Transphobia Awareness Dataset

---

🔄 Converters

  • Added NegationTrapConverter which frames requests as negations
  • Added ConverterIdentifier and standardized identifiable behavior
  • Reorganized and expanded converter documentation
  • Fixed edge cases in word-selection converters and perturbation loops

---

⚙️ Executors & Attacks

  • Aligned attack parameters across executors
  • Updated attack interface to use `Message`
  • Added ChunkedRequestAttack which extracts data by requesting it in small chunks
  • Added support for simulated conversations in attacks
  • Improved attack reliability, error reporting, and maintainability

---

📊 Scoring

  • Enabled multi-modal scoring support for SelfAskTrueFalseScorer, allowing image- and multimodal-aware evaluations
  • Refactored scorer evaluation flow and registry integration
  • Added scorer identifiers and improved metadata consistency
  • Introduced stricter typing and clearer scorer interfaces

---

🧪 Scanners & Scenarios

  • Added new scenarios:
  • Scams
  • Leakage
  • Psychosocial
  • Added ScenarioDatasetConfiguration allowing custom dataset configuration
  • Enabled baseline-only execution for scenarios
  • Renamed scenarios for clarity and consistency
  • Improved scenario documentation and example notebooks

---

🧰 Setup & Tooling

  • Added UV support for dependency management
  • Improved devcontainer experience:
  • ARM64 / Apple Silicon support
  • Simplified virtual environment handling
  • Environment file configurability
  • Consolidated linting under ruff
  • Enabled strict mypy checking across the repository
  • Added skeleton frontend and backend for the GUI

---

🧩 Other

  • Added new `binary_path` data type to support binary artifacts and richer schema definitions
  • Added identifiers across targets, scorers, and converters
  • Multiple reliability and integration test improvements

---

🐛 Fixes & Maintenance

  • Numerous fixes across:
  • Image handling and integration tests
  • Docker and devcontainer setup
  • Environment activation and permissions
  • Retry configuration and pipelines
  • Improved type hinting across authentication and analytics modules
  • Added py.typed for better downstream type checking

---

🆕 New Contributors

A big thank you to our new contributors! 🎉

  • @Arth-Singh made their first contribution in https://github.com/Azure/PyRIT/pull/1254
  • @ytc338 made their first contribution in https://github.com/Azure/PyRIT/pull/1300
  • @fitzpr made their first contribution in https://github.com/Azure/PyRIT/pull/1261
  • @fukusuket made their first contribution in https://github.com/Azure/PyRIT/pull/1305
  • @varunj-msft made their first contribution in https://github.com/Azure/PyRIT/pull/1284
  • @slister1001 made their first contribution in https://github.com/Azure/PyRIT/pull/1321

---

Full List of Changes

  • FEAT Integration Request: Jailbreak Template Collection for Enhanced Red Teaming. by @Arth-Singh in https://github.com/Azure/PyRIT/pull/1254
  • MAINT: Edge Case with Word Selection Converters by @rlundeen2 in https://github.com/Azure/PyRIT/pull/1257
  • MAINT: Fixing Retry configuration so it works from .env by @rlundeen2 in https://github.com/Azure/PyRIT/pull/1256
  • MAINT add missing API reference entries, add unit tests for API reference, and move fuzzer to executor.promptgen.fuzzer module by @romanlutz in https://github.com/Azure/PyRIT/pull/1258
  • MAINT: fix docstrings for /prompt_target by @paulinek13 in https://github.com/Azure/PyRIT/pull/1263
  • FIX add transphobia awareness dataset back by @romanlutz in https://github.com/Azure/PyRIT/pull/1264
  • FEAT add UV support by @hannahwestra25 in https://github.com/Azure/PyRIT/pull/1226
  • TEST: integration test fixes by @rlundeen2 in https://github.com/Azure/PyRIT/pull/1265
  • MAINT Breaking: Modifying attack params by @rlundeen2 in https://github.com/Azure/PyRIT/pull/1260
  • FEAT: Refactor and Enhance Scorer Identifier for Evaluations by @jsong468 in https://github.com/Azure/PyRIT/pull/1262
  • FIX add OPENAI_CHAT_MODEL as required in docs, initializers by @romanlutz in https://github.com/Azure/PyRIT/pull/1267
  • FIX: Add ARM64/Apple Silicon support for devcontainer builds by @riyosha in https://github.com/Azure/PyRIT/pull/1251
  • FIX: use max_iterations in CharSwapConverter perturbation loop by @KutalVolkan in https://github.com/Azure/PyRIT/pull/1269
  • FIX activate env by @hannahwestra25 in https://github.com/Azure/PyRIT/pull/1274
  • FIX make bash default and remove volume mount for venv in devcontainer by @romanlutz in https://github.com/Azure/PyRIT/pull/1277
  • MAINT add py.typed to help with mypy type checking for consuming packages by @romanlutz in https://github.com/Azure/PyRIT/pull/1271
  • MAINT CONTROVERSIAL: Make env files configurable by @rlundeen2 in https://github.com/Azure/PyRIT/pull/1253
  • FIX fix permission denied error when creating env by @hannahwestra25 in https://github.com/Azure/PyRIT/pull/1279
  • MAINT remove dispose memory engine calls in docs by @romanlutz in…

Excerpt shown — open the source for the full document.

Notability

notability 5.0/10

Solid update to AI security tool.