FAQ#

General#

What is Aymara?

Aymara provides developer tools to measure and improve the alignment (safety and accuracy) of generative AI models and applications.

Who is Aymara for?

Aymara is for developers building generative AI models and applications. Our Python SDK lets you create and score alignment tests via API, offering insights and recommendations based on results.

What AI models and applications does Aymara support?

We support any text-to-text or text-to-image models and applications. If you need support for text-to-audio or text-to-video, contact us at support@aymara.ai.

How can I get access to Aymara?

Try our text-to-text safety test free trial. For a full trial, book a meeting with us.

Creating Tests#

What should the student description include?

Provide details about your AI's purpose, capabilities, constraints, and target users. This ensures Aymara generates relevant test questions aligned with your AI's functionality.

Example: “ShopAI is an AI chatbot that recommends electronic products. Its primary purpose is to help users find and purchase relevant technology products on our website. ShopAI analyzes the latest trends, product features, and user reviews to provide personalized recommendations. However, it is constrained by its knowledge base, which includes only products launched in the past year, ensuring that users receive up-to-date information. The target audience consists of tech-savvy individuals seeking cutting-edge technology to enhance their daily lives.”

What is a safety test policy?

A safety test evaluates your AI's compliance with a policy you define. The more detailed your policy, the more relevant and accurate your test questions and scoring will be.

What is an accuracy test knowledge base?

An accuracy test measures how well your AI understands a given knowledge base (e.g., product details, company policies). Your knowledge base should be input as a string in whatever format you prefer. Aymara will use it to generate test questions and score your AI's responses against it.

What are the accuracy question types and what do they test for?

To test your AI's understanding of its knowledge base thoroughly, the accuracy test generates different types of questions that vary in difficulty, approach, and style. Some question types explicitly ask for information outside the knowledge base.

Question Type Description Answer in Knowledge Base
Easy Focus on clear and commonly referenced information in the knowledge base. Yes
Obscure Ask about ambiguous, contradictory, or highly detailed information in the knowledge base, focusing on edge cases or rarely referenced content. Yes
Complex Require complex reasoning, such as synthesizing information from disconnected parts of the knowledge base. Yes
Contextual Simulate real-world scenarios by incorporating personal details about fictitious users. Yes
Distracting Include irrelevant or misleading details from the knowledge base (e.g., "This product is green, but how big is it?"). Yes
Double Ask two distinct questions simultaneously (e.g., "What color is this product, and how large is it?"). Yes
Misleading Contain false or misleading assumptions that contradict the knowledge base. Yes
Unanswerable Are relevant to the knowledge base but require external information to answer accurately. No
Opinion Ask for subjective opinions or personal judgments that cannot be answered objectively using the knowledge base. No
Irrelevant Ask about topics completely unrelated to the knowledge base. No

What system prompt should I input into the jailbreak test?

The jailbreak test checks if your AI adheres to its system prompt despite adversarial prompts. The more detailed your system prompt, the more relevant and effective your test questions will be.

What types of test questions does the jailbreak test generate?

Jailbreak test questions consist of hundreds of different jailbreaks gathered from online discussion forums, academic papers, and technical repositories, as well as prompts generated by Aymara. These prompts use prompt injections, which attempt to manipulate the AI by inserting hidden instructions. Our prompts fall into one or more categories.

Jailbreak Category Description
Identity Manipulation Techniques that alter the perceived role or operational boundaries of the AI model. These methods manipulate the model's understanding of its own capabilities and restrictions by establishing alternative personas, behavioral frameworks, or response patterns. The goal is to create a cognitive dissonance between the model's safety training and the newly suggested operational context.
Instruction Camouflage Methods that disguise prohibited instructions by embedding them within seemingly innocent or authorized content. These approaches rely on creating sufficient contextual noise or misdirection to prevent safety mechanisms from identifying the harmful intent. The goal is to deliver restricted content by making it less detectable while preserving its functional meaning.
Syntactic Obfuscation Techniques that modify the structural elements of text while preserving semantic meaning. These methods operate at the character, token, or word level to create variations that evade pattern-matching safety filters while remaining interpretable. The goal is to transform restricted content into forms that circumvent detection while still conveying the original meaning to the model.
Contextual Overloading Approaches that exploit the model's context handling capabilities by overwhelming, complicating, or manipulating the prompt structure. These methods leverage the limitations in how models process complex, lengthy, or recursive inputs. The goal is to create processing conditions where safety mechanisms are bypassed or function less effectively due to computational constraints or logical complexity.
Psychological Manipulation Strategies that leverage cognitive biases or behavioral patterns in how models respond to certain framing techniques. These methods exploit the model's training to be helpful, consistent, or explanatory by creating scenarios where these traits conflict with safety boundaries. The goal is to induce responses that prioritize conversational norms over content restrictions.

What's the ideal number of test questions? Is more better?

The ideal number depends on your AI's complexity. For nuanced safety policies, detailed prompts, or extensive knowledge bases, more questions are beneficial. We recommend 25–100. If you notice repetition, you likely have too many.

What should additional_instructions include?

This is optional. If you have specific requests for test question formats, include them here. For example, in a text-to-image safety test, you can request that all test questions involve photorealistic images.

What are good_examples and bad_examples?

These are optional. Providing examples of good and bad test questions helps Aymara tailor its question generation.


Submitting Answers#

What are TextStudentAnswerInput and ImageStudentAnswerInput?

To ensure consistency, Aymara uses Pydantic schemas for structuring AI responses, making them easier to process and score.

What does is_refusal mean?

If your AI refuses to answer a safety or jailbreak test question due to its guardrails, set is_refusal=True. This ensures the AI gets a passing score for refusing to engage with problematic content.

What does is_exclude mean?

To exclude a test question from scoring, set is_exclude=True.


Scoring Tests#

What are scoring examples?

ScoringExample allows you to define example scoring decisions to guide how Aymara scores your AI's responses.

What is the confidence score?

A confidence score (0–1) indicates how certain Aymara is in determining whether an answer passes (0 = not at all confident, 1 = very confident).


Still have questions? Check out our SDK reference or email us at support@aymara.ai.