ReleaseMicrosoftMicrosoftpublished Mar 27, 2026seen 5d

microsoft/PyRIT v0.12.0

microsoft/PyRIT

Open original ↗

Captured source

source ↗
GH
GitHub/github.com/microsoft/PyRIT
microsoft/PyRIT v0.12.0
Source ↗
published Mar 27, 2026seen 5dcaptured 8hhttp 200method plain

v0.12.0

Repository: microsoft/PyRIT

Tag: v0.12.0

Published: 2026-03-27T20:18:52Z

Prerelease: no

Release notes: There are three ways users primarily interact with PyRIT: The GUI, CLI, and framework. Although we have been chipping away at these for a while, we are at a state where all three of these interactions are ready for use.

The framework is by far the most mature, but in the next few releases you'll see these coalescing.

pyrit_scan and pyrit_shell (CLI)

Scenarios are a way to point PyRIT at a target and run assessments via the command line.

They are still new, so there are not a ton of existing scenarios, but we expect this list to grow. This release adds the following:

| Scenario | Family | What it tests | |----------|--------|---------------| | Scam | AIRT | Generating phishing/fraud material via persuasion techniques (single/multi-turn) | | Leakage | AIRT | Susceptibility to leaking PII, IP, credentials, secrets (single/multi-turn, image-based, Crescendo) | | Psychosocial | AIRT | Harmful psychosocial behavior — mishandling crises, impersonating therapists | | Jailbreak | AIRT | Vulnerability to jailbreak attacks: PromptSending, ManyShot, SkeletonKey, RolePlay (simple vs complex) | | RedTeamAgent | Foundry | Preconfigured multi-difficulty red-teaming with 25+ attack strategies across easy/moderate/difficult |

We added a new YAML-based configuration system loaded from ~/.pyrit/.pyrit_conf which configures memory, targets, scorers and other default properties.

There were several improvements to the CLI tools themselves including more intuitive options and better error handling. Most importantly, we added an Animated ASCII raccoon banner on startup for pyrit_shell

CoPyRIT (GUI)

CoPyRIT brings the power of PyRIT into an easy interface. This should be considered pre-release at the moment, but it is already useful and being used by our Microsoft AI Red Team. This release is the first time the GUI is usable (at your own risk).

Framework

⚠️ Breaking Changes

  • Registry tags: RegistryEntry[T] wrapper type and tag support for instance registries, enabling categorization and tag-based retrieval of registered components (#1485)
  • TAP added to content harms scenario with restructured scenario configuration (#1378)
  • Dataset loading refactor: New SeedDatasetProvider and SeedDatasetFilter for flexible dataset discovery and filtering (#1451)
  • CLI parameter changes: Replaced openai_objective_target initializer with explicit --target CLI parameter (#1536)
  • Registry-based default objective scorer in scenarios (#1528)

Please review the deprecation notes and migration guidance before upgrading.

---

🎯 Targets

  • TargetRegistry and AIRT Targets Initializer, allowing central management of targets (#1320)
  • Added TargetCapabilities, paving the way for us to better make decisions depending on what a target is capable of (#1433, #1464)
  • Added reasoning_effort and reasoning_summary to OpenAIResponseTarget (#1385)
  • OpenAIVideoTarget: support remix, image-to-video (#1341)
  • Added image_path data type support in WebSocketCopilotTarget (#1345)

---

📚 Datasets

  • New SeedDatasetProvider and SeedDatasetFilter for flexible dataset loading (#1451)
  • Added 8 new dataset loaders: CBT-Bench (#1411), PromptIntel (#1400), SimpleSafetyTests (#1426), SALAD-Bench (#1425), OR-Bench (#1423), BeaverTails (#1424), ToxicChat (#1422), HarmfulQA (#1421)

---

🔄 Converters

  • Added WordDocConverter for Word document prompt injection (#1368)
  • Added JsonStringConverter for JSON-safe string conversion (#1347)
  • Added ScientificTranslationConverter (#1379)
  • Audio converters for speed, white noise, echo, and volume (#1375)
  • Generalized ColloquialWordswapConverter (#1348)

---

📊 Scoring

  • Added Scorer evaluations with metrics tracking, giving us data to improve scoring accuracy (#1455, #1406)
  • Registry-based scorers allowing for centralized scorer management (#1528)
  • Audio scoring support (#1337)
  • Flexible scale LikertScorer (#1444)
  • Improvements to SelfAskRefulsalScorer (#1366)
  • Improvements to SelfAskTrueFalseScorer (#1342)
  • Added scorer support for reasoning targets (#1403)

---

🐛Multiple bug Fixes and Improvements

---

New Contributors

  • @akashWhoCodes made their first contribution in #1347
  • @nmolivo made their first contribution in #1356
  • @mhadica made their first contribution in #1368
  • @anandansundar made their first contribution in #1400
  • @taherakolawala made their first contribution in #1348
  • @spencrr made their first contribution in #1409
  • @warisgill made their first contribution in #1411
  • @biefan made their first contribution in #1469
  • @behnam-o made their first contribution in #1538

---

Full list of changes

  • FEAT Use TASK_ACHIEVED as fallback for SelfAskTrueFalseScorer by @fdubut in #1342
  • FEAT: Jailbreak Scenario by @ValbuenaVC in #1329
  • FEAT: Add JsonStringConverter for JSON-safe string conversion (#454) by @akashWhoCodes in #1347
  • FIX MS Package Signing Key issue #1353 to enable DevContainers after Feb-01-2026 by @nmolivo in #1356
  • MAINT address code scanning alert on url sanitization by @romanlutz in #1361
  • MAINT bump package versions to address dependabot alerts by @romanlutz in #1360
  • MAINT mypy fixes by @romanlutz in #1359
  • MAINT upgrade vite in response to npm audit by @romanlutz in #1358
  • FEAT: Target Registry and AIRT Targets Initializer by @jsong468 in #1320
  • MAINT address remaining dependabout issues with uv.lock by @romanlutz in #1363
  • FEAT local Docker setup for running GUI or Jupyter by @romanlutz in #1357
  • FEAT: Adding audio scoring by @jbolor21 in #1337
  • MAINT: PEP 8: Uppercase class constants (VERSION, _DEFAULT_VALIDATOR) by @Copilot in #1355
  • FEAT: PyRIT Config by @ValbuenaVC in #1343
  • FEAT: Attack Identifier by @rlundeen2 in #1364
  • FEAT Add backend APIs by @romanlutz in #1354
  • Decoupled ScenarioMetadata and InitializerMetadata from Identity by introducing RegistryEntry by @bashirpartovi in #1370
  • FIX Support errors in MultiPromptSendingAttack, add safe completion support to SelfAskRefusalScorer by @fdubut in #1366
  • FIX: OPENAI_VIDEO environment variable fix by @jsong468 in #1376
  • MAINT: .pyrit_conf Docs by @ValbuenaVC in #1374
  • FEAT: Sora target: support remix, image-to-video by @varunj-msft in #1341
  • FEAT: Jailbreak Scenario Expansion by @ValbuenaVC in #1340
  • FEAT Add…

Excerpt shown — open the source for the full document.

Notability

notability 5.0/10

Routine version update, moderate interest