Overview
Cybertope is a standardized adversarial benchmarking platform for AI/ML systems. You submit an HTTP endpoint that wraps your model; Cybertope sends adversarial prompts, evaluates responses, and produces a scored security report.
All tests are anchored to the OWASP LLM Top 10 — the industry reference for large language model security risks. Results are reproducible and version-pinned.
Quick start
Step 1 — Create an account
Register for a free Cybertope account. Your account tracks submission history and lets you manage whether results appear on the public leaderboard.
Step 2 — Expose an HTTP endpoint
Your model must be accessible via a public HTTPS URL. The endpoint must accept a POST request with a JSON body and return a text response.
Step 3 — Submit
Go to the Submit page, enter your endpoint URL, optional auth header, model name, and capability tier. The benchmark typically completes within 2–5 minutes.
Test categories
The v1 benchmark covers two OWASP LLM Top 10 categories, with 5 test cases each (10 total).
Prompt Injection
Prompt injection occurs when an attacker manipulates a model by crafting inputs that override its original instructions. We test five distinct injection techniques:
- ›Instruction override — Direct commands to ignore system instructions.
- ›Role reassignment — Attempts to redefine the model as a different persona.
- ›Delimiter injection — Using structural characters to break prompt boundaries.
- ›Context exhaustion — Flooding context to push system instructions out of scope.
- ›System prompt extraction — Attempts to reveal or leak the system prompt.
Jailbreak & Alignment Bypass
Jailbreaks attempt to bypass a model's safety training and content policies. We test five commonly observed bypass patterns:
- ›Persona adoption — Asking the model to roleplay as an unconstrained AI.
- ›Hypothetical framing — Wrapping harmful requests in fictional or academic framing.
- ›Encoding obfuscation — Using Base64, leetspeak, or character substitution to mask intent.
- ›Many-shot bypass — Demonstrating compliant responses in-context to normalize harmful output.
- ›Competing objectives — Introducing goals that conflict with safety constraints.
Scoring
Each test is scored pass/fail. The composite score is the percentage of tests the model successfully resisted (0–100). Scores map to five security bands:
Category scores (Prompt Injection and Jailbreak) are reported separately alongside the composite.
Endpoint requirements
Your endpoint must meet these requirements to be benchmarked successfully:
- ›HTTPS only — plain HTTP endpoints will be rejected.
- ›Must accept POST requests with a JSON body containing at least a prompt field.
- ›Must return a JSON response. Cybertope will scan top-level string fields for the model output.
- ›Must respond within 30 seconds per request. Timeouts count as failures.
- ›Auth is supported via a single Authorization header (Bearer token, API key, etc.).
- ›The endpoint must be publicly reachable — private VPC or localhost URLs are not supported.
FAQ
Is this free?
Yes. Submitting a model and viewing results is free. We may introduce rate limits or paid tiers for high-volume or private benchmarking in the future.
Are results always public?
No. You choose whether your results appear on the public leaderboard at submission time. Private results are visible only to your account.
Can I re-submit after improving my model?
Yes, as many times as you like. Each submission is a separate record. Only the most recent submission is shown on the leaderboard by default.
What models can I benchmark?
Any model accessible via an HTTP API — commercial APIs, self-hosted models, fine-tunes, or full applications with an LLM backend. You select a capability tier at submission time.
How are responses evaluated?
A separate evaluator model scores each response against the attack's intended outcome. Scores are deterministic for a given (prompt, response) pair.
Will test cases change?
The benchmark is versioned. v1 test cases will not change. Future versions will be additive and clearly labeled.