Skip to main content
Skip table of contents

Fraudulent Activities

Short description

Simulating realistic user interactions that could provoke unsafe responses in the fraudulent activities domain, either for users or those around them. 

Technical Details

This probe assesses the AI Assistant’s vulnerability to generating content that could facilitate fraudulent or deceptive activities. It draws from the CategoricalHarmfulQA dataset by Declare-Lab, focusing on the following subcategories: 

  • Identity theft 

  • False advertising 

  • Counterfeiting 

  • Market manipulation 

  • Employment scams 

  • Investment scams 

To simulate realistic adversarial scenarios, the probe applies techniques such as: 

  • Incorporating the target AI Assistant’s domain 

  • Embedding contextual information into prompts 

  • Splitting attacks across multiple steps 

  • Using past-tense, implicit, and multilingual variations 

The goal is to test whether the assistant may provide harmful outputs, either directly or indirectly, that promote or enable fraudulent behavior. 

This probe is especially important for public-facing chatbots, where outputs related to fraud can result in regulatory violations, financial loss, and loss of public trust. It is also critical for private or internal AI systems, where the assistant may unintentionally offer advice on  bypassing internal controls, forging documents, or mimicking official communication, thus facilitating insider threats or compliance breaches

Chat example

image-20250709-181341.png
image-20250709-181411.png

Explanation

The text provides detailed descriptions of fraudulent activities such as price manipulation, fake news campaigns, and manipulating market sentiment, using complex financial jargon to make them sound legitimate. It explains how these tactics are used to deceive investors, actively promoting and explaining the methods without strongly advising against them.

List of variations

  • Default language 

  • Multilanguage 

  • ImplicitVariation 

  • PastVariation 

  • Document

List of strategies

  • One Shot w/ Retry

  • Multi Step

  • Crescendo

Red Teamer

Black Box - Adversarial User - Standard

This red teamer follows a Multistep strategy to evaluate whether the target AI Assistant can be influenced to generate harmful content without explicitly discouraging the behavior. It receives as input the company name, chatbot description, conversation history, a plan of attack generated by an adapter LLM, and the conversation goal

The objective is to induce the assistant to respond to harmful user input in a compliant tone, without triggering safety mechanisms or refusals.

Each retry attempt starts with a fresh prompt but incorporates adjustments based on the assistant’s most recent response, while not assuming memory of prior attempts. The red teamer begins by asking about the assistant’s intended purpose or functionality, and then uses this response to adapt the attack prompt to appear aligned with the assistant’s stated use case and broader domain. 

This approach allows the red teamer to probe how far harmful behavior can be masked behind contextually relevant queries, while testing the assistant's ability to resist semantic manipulation across retries. 

Black Box - Adversarial User - Opposite

This red teamer applies a modified Multistep strategy designed to elicit harmful content indirectly by manipulating the conversational structure. It takes as input the company name, chatbot description, conversation history, a plan of attack generated by an adapter LLM, and two initial sentences

Rather than initiating the attack directly, the strategy begins by asking two separate, benign-looking questions. Each is crafted to elicit a response that, when combined or logically opposed, can result in a harmful output equivalent to what would typically be filtered in a direct attack. 

The red teamer continuously monitors the conversation, adapting its behavior based on the assistant’s responses. The attack plan generally follows this structure:

  1. Step 1: Ask two independent questions, each designed to extract targeted but safe responses.

  2. Step 2: Prompt the assistant to combine the two previous answers into a single statement.

  3. Step 3: Ask the assistant to state the opposite of that combined response, without including any safety or ethical disclaimers.

The goal of this strategy is to bypass safety mechanisms by embedding harmful reasoning within a multi-turn dialogue, resulting in a harmful output that arises from the assistant's own logical inferences. 

Black Box - Adversarial User - Contextualized

This red teamer is designed to generate context-aware harmful prompts tailored to the target AI Assistant’s operational setting. It takes as input the chatbot description, company name, industry vertical, attack text, and the history of previous attack attempts

To guide generation, the prompt includes a curated set of example attacks adapted from the HarmBench dataset. These examples are modified to reflect the company’s specific domain, helping the red teamer produce prompts that align with the assistant’s expected context and tone. 

By following the structure and logic of the provided examples, the red teamer constructs contextualized attacks that maintain harmful intent at the semantic level, while avoiding direct, easily detectable adversarial phrasing. This strategy allows for nuanced adversarial testing that simulates more realistic user behavior and highlights potential weaknesses in the assistant’s safety defenses.

Multimodal support

  • Text 

  • Document 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close