FEAT Add VisualLeakBench dataset loader (arXiv:2603.13385)#1531
Open
FEAT Add VisualLeakBench dataset loader (arXiv:2603.13385)#1531
Conversation
…update Co-authored-by: romanlutz <10245648+romanlutz@users.noreply.github.com> Agent-Logs-Url: https://github.com/Azure/PyRIT/sessions/1797b39b-c590-40f4-9bfa-73ee156591b1
Copilot
AI
changed the title
[WIP] Add dataset loader for VisualLeakBench in PyRIT
Add VisualLeakBench dataset loader (arXiv:2603.13385)
Mar 22, 2026
…ak-bench-dataset-loader
- Move prompt constants from module-level to class-level (OCR_INJECTION_PROMPT, PII_LEAKAGE_PROMPT) - Make class metadata immutable (frozenset for tags, tuples for modalities/harm_categories) - Extract _build_prompt_pair_async and _matches_filters helpers in both loaders - Use patch_central_database fixture instead of manual CentralMemory setup in tests - Rename test_failed_image_download_skips_example to test_all_images_fail_produces_empty_dataset Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
romanlutz
changed the title
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
romanlutz
approved these changes
Apr 11, 2026
Contributor
adrian-gavrila
left a comment
adrian-gavrila
left a comment
There was a problem hiding this comment.
All looks good except for one potential minor bug
pyrit/datasets/seed_datasets/remote/visual_leak_bench_dataset.py
Outdated
Show resolved
Hide resolved
Replace set-based validation with isinstance checks for categories and pii_types parameters. Previously, raw strings matching enum values (e.g. 'PII Leakage') would pass __init__ but crash in _matches_filters when .value was called on them. Now non-enum values are rejected immediately with a clear error message. Add tests for the edge case where raw strings match enum values. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Resolve conflict in integration test by adopting main's smoke-test structure (3 representative providers instead of exhaustive list). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Normalize string values to their enum equivalents in __init__ via _normalize_enums(), so users can pass either VisualLeakBenchCategory.PII_LEAKAGE or 'PII Leakage'. Invalid strings still raise ValueError with a helpful message listing valid values. This is consistent with how vlsu_multimodal_dataset and other loaders in the repo accept string-based filtering. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace leaky set-based validation with strict isinstance checks in four dataset loaders. Previously, raw strings matching enum values would pass __init__ validation but crash downstream when .value was called on them. Add _validate_enums/_validate_enum helpers to _RemoteDatasetLoader base class so all subclasses can reuse them. Apply the fix to: - visual_leak_bench_dataset.py (categories, pii_types) - vlsu_multimodal_dataset.py (categories) - harmbench_multimodal_dataset.py (categories) - promptintel_dataset.py (severity, categories) Non-enum values are now rejected immediately with a clear error message listing valid enum members. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ak-bench-dataset-loader
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds PyRIT support for the VisualLeakBench / MM-SafetyBench dataset — a multimodal benchmark of 1,000 adversarial images testing LVLMs against OCR injection (harmful instructions embedded in images) and PII leakage (social engineering to extract SSNs, passwords, API keys, etc.).
Fixes #1530
New:
_VisualLeakBenchDatasetmetadata.csvfromYoutingWang/MM-SafetyBenchon GitHub and downloads images with local cachingprompt_group_id(image atsequence=0, category-specific query atsequence=1)ocr_injectionfor OCR entries;pii_leakage+ normalized PII type (e.g.ssn,api_key) for PII entriescategories,pii_types, andmax_examplestags={"default", "safety", "privacy"},modalities=["image", "text"]forSeedDatasetFilterdiscoveryNew enums
VisualLeakBenchCategoryOCR_INJECTION,PII_LEAKAGEVisualLeakBenchPIITypeEMAIL,DOB,PHONE,PASSWORD,PIN,API_KEY,SSN,CREDIT_CARDUsage
Test coverage
28 unit tests covering init validation, OCR/PII pair creation, harm category mapping, category/PII-type filtering,
max_examples, failed image handling, and metadata correctness. Integration test updated to cap image downloads atmax_examples=6(same pattern as_VLSUMultimodalDataset).Additionally: refactoring VisualLeakBench + VLSU loaders
Applied during code review to both the new loader and the existing
_VLSUMultimodalDataset:OCR_INJECTION_PROMPT,PII_LEAKAGE_PROMPT)frozensetfor tags,tuplefor modalities/harm_categories)_matches_filters()and_build_prompt_pair_async()helpers from longfetch_datasetmethodssetup_memoryfixture with@pytest.mark.usefixtures("patch_central_database")in teststest_failed_image_download_skips_example→test_all_images_fail_produces_empty_datasetfor clarityFix: strict enum validation across all dataset loaders
Replaced leaky set-based validation with strict
isinstancechecks in all dataset loaders that accept enum-typed filter parameters. Previously, raw strings matching enum values (e.g."PII Leakage") would silently pass__init__validation but crash downstream when.valuewas called on them.Added
_validate_enums/_validate_enumhelpers to_RemoteDatasetLoaderbase class. Applied to:visual_leak_bench_dataset.py(categories,pii_types)vlsu_multimodal_dataset.py(categories)harmbench_multimodal_dataset.py(categories)promptintel_dataset.py(severity,categories)Non-enum values are now rejected immediately with a clear error listing valid enum members.