Skip to main content

Release notes: March 25, 2025 (8.114.25-gpu)

New in this release: Updated Red-Team report with Agentic Warfare scoring, payload splitting attack vector, improved scanners layout

Updated over 2 weeks ago

This is a SaaS-only update

Back end version: v8.114.25-gpu
Front end version: v3.63.5

What’s new

CalypsoAI Inference Red-Team

We’ve made major updates to Red-Team, including a spiffy new report with agentic scoring and operational attack results, and a redesigned campaign view with versioned signature attack packs.

Updated report with Agentic Warfare scoring

Red-Team reports just got even better!

  • Instead of an average score, reports that have multiple connections show the highest CASI score at the top, so you can quickly see which model is most secure. You can still click into the data for each individual connection in the Results per connection area.

  • The top score is also shown in the CASI score column on the main Reports page.

  • The signature attack intent categories chart has been redesigned to be more readable.

  • We’ve added an Agentic Warfare score that rates the model on its vulnerability to advanced, multi-turn agentic attacks. Just like CASI, scores are out of 100 with a higher score representing a more secure model.

  • And we’ve added a section for Operational attacks. A “true” result means we identified a vulnerability.

  • We’ve also added a count of mitigation actions at the top to give a quick sense of the scope of the potential remediation effort.

In addition, we’ve instituted a limit of 5 connections (AI applications or models) for a single attack run and Red-Team report. This is to improve performance and the UI experience.

Campaigns glow-up

We’ve reconfigured the Create Campaign panel so it’s easier to see which attack vectors and converters are available for each type of campaign.

  • In Standard campaigns, choose from Signature attacks and Operational attacks. Expand each Signature attack to see which converters will be applied.

  • In Agentic Warfare campaigns, choose from multi-turn Agentic Warfare attacks (you’ll only see Crescendo now, but more attacks are coming soon) and single-turn attacks based on the attack vectors we use for Signature packs.

Monthly signature prompt packs

Monthly Signature attack updates are now versioned by date. Each month, you’ll see a new prompt pack of 10,000+ signature attacks. By default the All Attacks campaign will always have the latest attack pack enabled. And you can create a custom campaign to run all available prompt packs, which in this release total over 32,000 malicious prompts.

When selecting prompt packs:

  • You can select attacks and converters for the most recent pack only.

  • Older packs will automatically run all attacks and converters from that pack.

New attack vector: Payload splitting

The latest prompt pack includes a new attack vector: payload splitting. This attack uses clever structuring to mislead the language model into producing harmful content by separating the malicious content into fragments. When these fragments are presented together in a certain sequence, the model inadvertently generates output that violates its safety restrictions. Payload splitting attacks are only available with the March prompt pack and in the Agentic Warfare “Signature attacks” section.

CalypsoAI Inference Defend

New layout for scanner packages

To help with space management, we’ve changed how scanners inside packages are displayed. Next to each package name, we’ve added the count of active scanners to total scanners in the package. When you click on a scanner package in the UI, you’ll see a fly-out panel with all the individual scanners in the package. When scanners are enabled (see below), you can do bulk actions by multi-selecting scanners using the checkboxes, and using the bulk actions at the bottom of the panel.

To enable individual scanner controls:

  • Unlock the package by turning off the “Active” toggle.

  • Click on the package name to open the panel to see the individual scanners. By default the scanners are inactive.

  • Use the individual “Active” toggles on each scanner you want to enable.

  • Or use the checkboxes to bulk select multiple scanners and use the bulk actions bar at the bottom of the panel.

Restricted topics package with 3 scanners

We’ve added a new legal advice scanner and packaged that up with the previously released medical and financial advice scanners into a restricted topics package. The legal advice scanner identifies and blocks (or flags) queries seeking direct legal counsel, preventing AI from providing responses that could mislead users or encourage unauthorized legal interpretations.

Bulk actions in the Playground

We’ve made it easier to perform bulk actions on scanners you’re testing in the Playground. When you select multiple scanners, a button bar appears in the footer with options to Delete, create a Package, or Publish the selected scanners.

CalypsoAI Platform

Performance improvements

We’ve rooted out inefficiencies and applied better caching and querying to reduce load times on the across the platform.

Bug fixes

  • Fixed an issue where a custom scanner package needed to have at least one GenAI scanner. Now you can create custom scanner packages with any combination of GenAI, regex, and keyword scanners.

  • Fixed an issue that prevented users in the UI from creating a project without a model.

  • Added a loading icon for Red-Team reports that don’t load instantly.

  • Improved usability of the Chat window so that it increases in size to accommodate longer prompts.

  • We updated the language in the “Delete scanner” confirmation modal to be more informative.

  • Fixed a bug that occurred when users tried to view a chat associated with a deleted project.

  • Projects are now ordered by creation date (newest first) rather than alphabetically by name.

  • In some cases, the crescendo attack was being addd to campaigns without users explicitly selecting it. That has been fixed.

  • We fixed an issue that caused a blank page and error to be shown when clicking the “next” pagination arrow on the Campaigns table.

  • Improved the spacing of the upload warning message in the “Build a GenAI scanner” feature of the Playground.

  • When using the date/time picker, users can now click anywhere in the time field to select a time, instead of just the icon.

  • Users with organisation level CalypsoAI Scanners and Custom Scanners permissions were previously unable to see any projects. Now they can manage the corresponding scanners within any project, even if they are not an admin of that project.

  • We fixed an issue that caused other selection options to malfunction when the “CalypsoAI Scanners” bulk checkbox was selected on the Scanners page.

  • In some deployment environments, enabling a set of scanners rest the pagination on the Scanners page. This issue has been identified and corrected.

  • When deployed in Kubernetes, users with the correct permissions were unable to remove a scanner from a project. This is fixed.

  • We’ve updated user permissions to that only org admins can assign roles.

  • We fixed an issue on the Custom Roles page where cells that shouldn’t be clickable appeared to be clickable.

  • Fixed a bug in attack scheduling that cased the start time display to differ from the true scheduled start time, if scheduled after March 31.

  • We fixed an issue on the Settings > Users page that required the admin to click twice to cancel an invitation.

  • The attack schedule date picker had a bug whereby a user could unselect the date, save, and trigger an error. This is fixed.

  • Users can now search for Red-Team reports by the report name.

  • In the Run attack panel, selecting a long model name could cause the dropdown to extend past the browser width. This has been fixed.

Known issues

  • The obfuscation scanner in the PII package can be overly sensitive when using non-English input. We are working to address this issue, but customers encountering issues with this scanner are advised to disable it.

  • New scanners are enabled by default. This will be corrected in the next release so that new scanners are always disabled, and require an admin to enable them.

  • Global searching for a CalypsoAI scanner or package doesn’t work.

  • Saving a previous saved non global access control breaks the dropdown selection.

  • Searching globally by project being on the specific project page doesn’t work.

  • Members table does not refresh when leaving the project.

  • Active chat dot is still present when navigating away.

  • Custom roles permission is selectable when no checkbox visible.

  • Abort errors on Firefox are not gracefully handled in the UI.

  • No visible UI indicator that the scanner selection were collapsed in project page.

  • On the scanner page, custom scanner tag filtering doesn’t yield correct results

  • An error can occur during Project creation under these specific criteria: if a scanner package containing a custom response message is only enabled for a specific project, and the scanner within the package are enabled on the global level.

Related Articles
Release notes: Feb 10, 2025 (v8.26.6.2-gpu)
Release notes: Feb 19, 2025 (v8.56.1-gpu)
Release notes: March 6, 2025 (v8.81.2-gpu)
Release notes: April 10, 2025 (v8.117.10-gpu)
Release notes: April 23 (v8.162.0-gpu)
Did this answer your question?