hasamba----------------
๐ ๏ธ Tool
===================
Cryptex OSS is an open-source LLM red-team lab that runs entirely in the browser. Version 2.0.1 ships 159 text transforms, 25 tool surfaces, and 15 red-team lab modules covering the 2024-2026 jailbreak literature. The tool is MIT-licensed and available as a Docker multi-arch container via GHCR.
Key Features
The 159 transforms cover encodings, classical ciphers, Unicode manipulation tricks, steganography, and ancient scripts. Each transform exposes both encode and decode directions with configurable parameters visible in the per-transform options panel. The 25 tool surfaces are split into ten technique workbenches and fifteen red-team labs. The workbenches are Transform, Decode, Emoji stego, Gibberish, Tokenizer, Tokenade, Bijection, Fuzzer, PromptCraft, and Anti-Classifier.
PromptCraft provides multi-step prompt tree visualization, including TAP trees rendered directly in the interface. This lets red-teamers trace how multi-step jailbreak prompts branch and evolve across steps. Anti-Classifier attempts to fingerprint whether target models expose internal defense mechanisms, useful for mapping a model's guardrail surface before mounting targeted attacks. Tokenizer and Tokenade let researchers inspect tokenization behavior at the token level, relevant for glitch token research.
Red-Team Labs
The fifteen labs map directly to published jailbreak research from 2024 through 2026. HarmBench integrates heuristic scoring with per-category breakdown, giving quantitative feedback on jailbreak success rates across harm categories. StrongREJECT and JailbreakBench provide alternative evaluation frameworks with their own scoring methodologies. Additional labs cover indirect injection, glitch tokens, adversarial suffixes, defense fingerprinting, and watermark forensics. This coverage means practitioners can reproduce published attack methodologies from a single workbench rather than assembling scripts and dependencies from multiple repos.
Architecture
Everything runs client-side. No backend, no database, no telemetry. AI provider calls go directly from the browser to whichever endpoint the user configures, using their own API keys via the BYOK gateway. The frontend stack is Svelte 5 with SvelteKit 2, TypeScript 5, Tailwind 4, shadcn-svelte components, and Vite 7. Testing runs through Vitest 3. The container image uses nginx-alpine and supports multi-arch Docker deployments via GHCR.
Use Cases
Red-teamers can chain transforms into multi-step jailbreak attempts and score results against standardized benchmarks without switching tools. Comparing defense postures across models is possible within the same interface, useful for vendor evaluation scenarios. Researchers reproducing papers from the recent jailbreak literature get pre-built lab configurations instead of reimplementing pipelines from scratch. The browser-only design ensures prompts and API keys never leave the workstation, relevant for engagements where data locality and key management are compliance requirements.
Limitations
The tool has not been independently verified. BYOK means the user bears full responsibility for API costs and compliance with provider terms of service. Browser-only execution limits throughput for large-scale automated evaluation campaigns compared to server-side frameworks. The 159 transforms cover encoding-based and classical obfuscation but do not include gradient-based optimization. GCG-style adversarial suffix generation requires server-side GPU compute and falls outside the tool's scope. The design fits manual red-team workflows and benchmark reproduction well, but is less suited for high-volume automated testing where throughput matters.
Cryptex OSS consolidates LLM red-team tooling into a self-contained, key-local workbench that maps to the current published jailbreak landscape.
๐น tool #LLMRedTeam #jailbreak #prompt_injection #cryptex_oss
๐ Source: https://github.com/m4xx101/cryptex-oss
