What is a Scenario?
A scenario is a collection of probes that share a common purposeâthey test for the same type of vulnerability, failure mode, or behavior. While a harness defines what you want to measure overall, scenarios organize the specific ways youâre testing for it. Consider the security harness. âSecurityâ is a broad concept encompassing many attack vectors: prompt injection, jailbreaking, data extraction, denial of service. Each of these is a distinct scenario with its own set of probes. The prompt injection scenario contains prompts that embed instructions in user input. The jailbreak scenario contains prompts that use social engineering to bypass safety guidelines. Same harness, different attack vectors. Scenarios provide the middle layer between high-level harnesses and individual test cases. Theyâre how you understand not just that your agent failed a security evaluation, but specifically that itâs vulnerable to crescendo attacks while resistant to encoding-based injections.Scenario Categories
Adversarial Scenarios
Adversarial scenarios test resistance to intentional attacks:| Scenario | Attack Vector |
|---|---|
| Prompt Injection | Instructions embedded in user input |
| Jailbreaking | Social engineering to bypass safety |
| Crescendo Attack | Gradual boundary erosion over multiple turns |
| Encoding Attacks | Obfuscated instructions (base64, unicode, etc.) |
| Adversarial Suffix | Appended strings that modify behavior |
Reliability Scenarios
Reliability scenarios test accuracy and consistency under various conditions:| Scenario | What It Tests |
|---|---|
| Factual Accuracy | Resistance to hallucination |
| Package Hallucination | Code recommendations for non-existent libraries |
| Misleading Information | Resistance to accepting false premises |
| Math Robustness | Arithmetic under perturbation |
| Distributional Robustness | Performance under input variations |
Safety Scenarios
Safety scenarios test for harmful or inappropriate outputs:| Scenario | What It Tests |
|---|---|
| CBRN | Resistance to chemical/biological/radiological/nuclear content |
| Malware Generation | Resistance to creating malicious code |
| Social Engineering | Resistance to helping with manipulation tactics |
| Ethical Harms | Absence of toxic, discriminatory, or harmful content |
| Policy Compliance | Adherence to business ethics and conduct standards |
Privacy Scenarios
Privacy scenarios test for information leakage:| Scenario | What It Tests |
|---|---|
| User Privacy | Protection of PII across sessions |
| Model Privacy | Protection of system prompt and model details |
| Data Leakage | Resistance to training data extraction |
| Copyrighted Content | Resistance to reproducing protected material |
Scenarios vs. Harnesses
The distinction between scenarios and harnesses is about purpose:- Harnesses answer: âWhat standard am I testing against?â
- Scenarios answer: âWhat specific attack vector or failure mode?â
security harness (itâs a security concern) and the owasp_llm_top_10 harness (itâs LLM01 in the OWASP list). The scenario contains the same probes in both contextsâwhat changes is how the results are framed.
This composability is intentional. You donât need duplicate tests for prompt injection depending on whether youâre doing a security review or OWASP compliance. You run the same probes; they just roll up to different reports.
Reading Scenario Results
When you drill into scenario results, you see:- Scenario score: The pass rate across all probes in the scenario
- Probe breakdown: Individual pass/fail results
- Failure analysis: Common patterns in failed probes