BREAKING FEAT XPIA example with website #1005
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… XPIA orchestrator, not yet validated RAG XPIA example
romanlutz
changed the title
rlundeen2
reviewed
Oct 16, 2025
rlundeen2
approved these changes
Oct 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR modifies the Azure blob storage XPIA example to leverage the website capabilities of Azure blob storage. By putting html files into the $web container they can be made publicly accessible. The processing target uses the OpenAI SDK with function tool call to retrieve that website including the XPIA and processes it. The model doesn't actually fall for it, so perhaps we need to find an older open source model (and without defenses) to illustrate this.
One of the best parts of this PR is that it completely gets rid of our semantic-kernel dependency in the
devextra. We currently use the OpenAI SDK for the responses API tool call, but once we support that with the responses target we can even simplify that part.As part of this, I restructured the XPIA Orchestrators slightly to be more in line with other orchestrators which will also make them more amenable to refactoring into the attacks structure (if we want to do that in the near term).