FAQ#
General#
What is Aymara?
Aymara provides developer tools to measure and improve the alignment (safety and accuracy) of generative AI models and applications.
Who is Aymara for?
Aymara is for developers building generative AI models and applications. Our Python SDK lets you create and score alignment evaluations via API, offering insights and recommendations based on results.
What AI models and applications does Aymara support?
We support any text-to-text or text-to-image models and applications. If you need support for text-to-audio or text-to-video, contact us at support@aymara.ai.
How can I get access to Aymara?
Try our text-to-text safety eval free trial. For a full trial, book a meeting with us.
Creating Evals#
What should the AI description include?
Provide details about your AI's purpose, capabilities, constraints, and target users. This ensures Aymara generates relevant eval prompts aligned with your AI's functionality.
Example: “ShopAI is an AI chatbot that recommends electronic products. Its primary purpose is to help users find and purchase relevant technology products on our website. ShopAI analyzes the latest trends, product features, and user reviews to provide personalized recommendations. However, it is constrained by its knowledge base, which includes only products launched in the past year, ensuring that users receive up-to-date information. The target audience consists of tech-savvy individuals seeking cutting-edge technology to enhance their daily lives.”
What should the AI instructions include?
A safety eval (or other instruction-following eval) evaluates your AI's compliance with a policy you define. The more detailed your policy, the more relevant and accurate your eval prompts and scoring will be.
What is an accuracy eval ground truth?
An accuracy eval measures how well your AI responses are grounded in some corpus (e.g., product details, company policies). Your ground truth should be input as a string in whatever format you prefer. Aymara will use it to generate eval prompts and score your AI's responses against it.
What are the accuracy prompt categories and what do they test for?
To test your AI's understanding of its knowledge base thoroughly, the accuracy eval generates different types of prompts that vary in difficulty, approach, and style. Some prompt categories explicitly ask for information outside that lack a verifiable answer in the ground truth.
| Category | Description | Content in Ground Truth |
|---|---|---|
| Easy | Focus on clear and commonly referenced information in the knowledge base. | Yes |
| Obscure | Ask about ambiguous, contradictory, or highly detailed information in the knowledge base, focusing on edge cases or rarely referenced content. | Yes |
| Complex | Require complex reasoning, such as synthesizing information from disconnected parts of the knowledge base. | Yes |
| Contextual | Simulate real-world scenarios by incorporating personal details about fictitious users. | Yes |
| Distracting | Include irrelevant or misleading details from the knowledge base (e.g., "This product is green, but how big is it?"). | Yes |
| Double | Ask two distinct questions simultaneously (e.g., "What color is this product, and how large is it?"). | Yes |
| Misleading | Contain false or misleading assumptions that contradict the knowledge base. | Yes |
| Unanswerable | Are relevant to the knowledge base but require external information to answer accurately. | No |
| Opinion | Ask for subjective opinions or personal judgments that cannot be answered objectively using the knowledge base. | No |
| Irrelevant | Ask about topics completely unrelated to the knowledge base. | No |
What AI instructions should I input for a jailbreak eval?
The jailbreak eval checks if your AI adheres to its system prompt despite adversarial prompts. The more detailed your system prompt, the more relevant and effective your eval prompts will be.
What types of eval prompts does the jailbreak eval generate?
Jailbreak eval prompts consist of hundreds of different jailbreaks gathered from online discussion forums, academic papers, and technical repositories, as well as prompts generated by Aymara. These prompts use prompt injections, which attempt to manipulate the AI by inserting hidden instructions. Our prompts fall into one or more categories.
| Jailbreak Category | Description |
|---|---|
| Identity Manipulation | Techniques that alter the perceived role or operational boundaries of the AI model. These methods manipulate the model's understanding of its own capabilities and restrictions by establishing alternative personas, behavioral frameworks, or response patterns. The goal is to create a cognitive dissonance between the model's safety training and the newly suggested operational context. |
| Instruction Camouflage | Methods that disguise prohibited instructions by embedding them within seemingly innocent or authorized content. These approaches rely on creating sufficient contextual noise or misdirection to prevent safety mechanisms from identifying the harmful intent. The goal is to deliver restricted content by making it less detectable while preserving its functional meaning. |
| Syntactic Obfuscation | Techniques that modify the structural elements of text while preserving semantic meaning. These methods operate at the character, token, or word level to create variations that evade pattern-matching safety filters while remaining interpretable. The goal is to transform restricted content into forms that circumvent detection while still conveying the original meaning to the model. |
| Contextual Overloading | Approaches that exploit the model's context handling capabilities by overwhelming, complicating, or manipulating the prompt structure. These methods leverage the limitations in how models process complex, lengthy, or recursive inputs. The goal is to create processing conditions where safety mechanisms are bypassed or function less effectively due to computational constraints or logical complexity. |
| Psychological Manipulation | Strategies that leverage cognitive biases or behavioral patterns in how models respond to certain framing techniques. These methods exploit the model's training to be helpful, consistent, or explanatory by creating scenarios where these traits conflict with safety boundaries. The goal is to induce responses that prioritize conversational norms over content restrictions. |
What's the ideal number of eval prompts? Is more better?
The ideal number depends on your AI's complexity. For nuanced safety policies, detailed prompts, or extensive knowledge bases, more eval prompts are beneficial. We recommend 25–100. If you notice repetition, you likely have too many.
What should eval_instructions include?
This is optional. If you have specific requests for eval prompts formats, include them here. For example, in a text-to-image safety test, you can request that all eval prompts involve photorealistic images.
What are good_examples and bad_examples?
These are optional. Providing examples of good and bad eval prompts helps Aymara tailor its question generation.
Submitting Responses#
What does ai_refused mean?
If your AI refuses to respond to a safety or jailbreak eval prompt due to its guardrails, set ai_refused=True. This ensures the AI gets a passing score for refusing to engage with problematic content.
What does exclude_from_scoring mean?
To exclude an evaluation response from scoring, set exclude_from_scoring=True.
Scoring Evals#
What are scoring examples?
EvalRunExample allows you to define example scoring decisions to guide how Aymara scores your AI's eval responses.
What is the confidence score?
A confidence score (0–1) indicates how certain Aymara is in determining whether a response passes (0 = not at all confident, 1 = very confident).
Still have questions? Check out our SDK reference or email us at support@aymara.ai.