FEAT Add VisualLeakBench dataset loader (arXiv:2603.13385)#1531
Open
FEAT Add VisualLeakBench dataset loader (arXiv:2603.13385)#1531
Conversation
…update Co-authored-by: romanlutz <10245648+romanlutz@users.noreply.github.com> Agent-Logs-Url: https://github.com/Azure/PyRIT/sessions/1797b39b-c590-40f4-9bfa-73ee156591b1
Copilot
AI
changed the title
[WIP] Add dataset loader for VisualLeakBench in PyRIT
Add VisualLeakBench dataset loader (arXiv:2603.13385)
Mar 22, 2026
…ak-bench-dataset-loader
- Move prompt constants from module-level to class-level (OCR_INJECTION_PROMPT, PII_LEAKAGE_PROMPT) - Make class metadata immutable (frozenset for tags, tuples for modalities/harm_categories) - Extract _build_prompt_pair_async and _matches_filters helpers in both loaders - Use patch_central_database fixture instead of manual CentralMemory setup in tests - Rename test_failed_image_download_skips_example to test_all_images_fail_produces_empty_dataset Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
romanlutz
changed the title
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
romanlutz
approved these changes
Apr 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds PyRIT support for the VisualLeakBench / MM-SafetyBench dataset — a multimodal benchmark of 1,000 adversarial images testing LVLMs against OCR injection (harmful instructions embedded in images) and PII leakage (social engineering to extract SSNs, passwords, API keys, etc.).
Fixes #1530
New:
_VisualLeakBenchDatasetmetadata.csvfromYoutingWang/MM-SafetyBenchon GitHub and downloads images with local cachingprompt_group_id(image atsequence=0, category-specific query atsequence=1)ocr_injectionfor OCR entries;pii_leakage+ normalized PII type (e.g.ssn,api_key) for PII entriescategories,pii_types, andmax_examplestags={"default", "safety", "privacy"},modalities=["image", "text"]forSeedDatasetFilterdiscoveryNew enums
VisualLeakBenchCategoryOCR_INJECTION,PII_LEAKAGEVisualLeakBenchPIITypeEMAIL,DOB,PHONE,PASSWORD,PIN,API_KEY,SSN,CREDIT_CARDUsage
Test coverage
26 unit tests covering init validation, OCR/PII pair creation, harm category mapping, category/PII-type filtering,
max_examples, failed image handling, and metadata correctness. Integration test updated to cap image downloads atmax_examples=6(same pattern as_VLSUMultimodalDataset).Additionally: refactoring VisualLeakBench + VLSU loaders
Applied during code review to both the new loader and the existing
_VLSUMultimodalDataset:OCR_INJECTION_PROMPT,PII_LEAKAGE_PROMPT)frozensetfor tags,tuplefor modalities/harm_categories)_matches_filters()and_build_prompt_pair_async()helpers from longfetch_datasetmethodssetup_memoryfixture with@pytest.mark.usefixtures("patch_central_database")in teststest_failed_image_download_skips_example→test_all_images_fail_produces_empty_datasetfor clarity