ARES Plugins

ARES supports a modular plugin architecture that allows users to extend its functionality without modifying the core framework. Plugins enable integration with external tools, custom strategies, evaluation methods, and connectors to various AI systems.

Overview

Plugins are grouped by the ARES component they extend:

• Target: Connect ARES to external systems (e.g., APIs, LLMs, agentic apps)

• Goal: Define adversarial objectives (e.g., PII leakage)

• Strategy: Implement attack logic and payload generation

• Evaluation: Analyze responses for robustness and safety

Note

Example configurations often use connectors.yaml from ARES. Place it next to your example YAML file when testing plugins.

Plugin Integration

To use a plugin with ARES, reference it directly in your YAML configuration. Each plugin must specify a type key with the full module path to the base plugin class.

Example:

strategy:
  type: ares_granite_io.connectors.granite_io.GraniteIOConnector

This tells ARES to load the plugin class from the specified module and use it as the strategy component.

Plugin Table

Plugin Name	Description	Component	Example Configs	Dependencies
new-plugin-template	Template for contributing new plugins to the project
ares-garak	ARES plugin support for NVIDIA garak probes and detectors	Strategy, Evaluation	InjectAscii85 DecodeApprox	NVIDIA garak
ares-human-jailbreak	ARES plugin for running Human-Jailbreak attack strategy	Strategy	HumanJailbreak
ares-pyrit	Crescendo strategy from PyRIT	Strategy	Crescendo Example	PyRIT
ares-icarus-connector	Connector for ICARUS benchmark app	Target	ICARUS Example	ICARUS
ares-granite-io	Granite-io plugin connector enables ARES interface with Granite-io	Target	Ollama Example Watsonx Example	Granite-io
ares-litellm-connector	Connector to LiteLLM endpoints	Target	LiteLLM Example	LiteLLM
ares-vllm-connector	Connector to vLLM endpoints	Target	vLLM Example	vLLM
ares-watsonx-orchestrate	Connector to Watsonx Orchestrate agent ChatAPI	Target	Watsonx Example	Watsonx Orchestrate ADK
ares-gcg	ARES GCG attack strategy	Strategy	GCG Example
ares-autodan	AutoDAN attack strategy based on Liu et al.	Strategy	AutoDAN Example
ares-deepteam	DeepTeam PII leakage detection goals	Goal	PII Leakage	DeepTeam
ares-dynamic-llm	Multi-agent coalition attack using specialized LLMs (Planner, Attacker, Evaluator)	Strategy	Multi-Agent Config
ares-mcp-connector	Model Context Protocol (MCP) connector for ARES	Target	MCP Example
ares-cyberseceval	CyberSecEval benchmark for detecting security vulnerabilities in generated code	Goal, Evaluation	CyberSecEval Example HuggingFace Example	pandas >= 2.0.0

Creating Your Own Plugin

ARES plugins must use Pydantic v2 with proper configuration inheritance. Follow these steps:

1. Copy the new-plugin-template folder.

2. Rename it to ares-your-plugin-name.

3. Implement your plugin using the example files as templates:

   • example_connector.py - For connectors (inherit from ConnectorConfig)

   • example_strategy.py - For strategies (inherit from AttackStrategyConfig)

   • example_goal.py - For goals (inherit from AttackGoalConfig)

   • example_evaluator.py - For evaluators (inherit from AttackEvalConfig)

4. Add a README.md and tests/ folder inside your plugin directory.

5. Update the plugin table in the main README.

Important

Pydantic v2 Requirements:

• All plugins MUST use pydantic>=2.0.0

• Configuration classes MUST inherit from the appropriate base config:

  • ConnectorConfig for connectors

  • AttackStrategyConfig for strategies

  • AttackGoalConfig for goals

  • AttackEvalConfig for evaluators

• Override the type field with Literal for type safety using Annotated

• Use Annotated[type, Field(...)] pattern for all fields (modern Pydantic v2 style)

• Use model_validate() to validate configuration

• Use modern Python typing (list, dict, | instead of List, Dict, Optional)

Quick Example

from ares.connectors.connector import Connector, ConnectorConfig
from pydantic import Field, ConfigDict
from typing import Annotated, Literal, Any

class MyConnectorConfig(ConnectorConfig):
    """Configuration for MyConnector."""

    # Override type with Literal for type safety
    type: Annotated[
        Literal["ares_my_plugin.MyConnector"],
        Field(default="ares_my_plugin.MyConnector", description="Connector type identifier"),
    ] = "ares_my_plugin.MyConnector"  # type: ignore[assignment]

    model_config = ConfigDict(revalidate_instances="always")

    # Add your plugin-specific fields
    endpoint: Annotated[str, Field(description="API endpoint URL")]
    api_key: Annotated[str, Field(description="API key")]  # pragma: allowlist secret

class MyConnector(Connector):
    def __init__(self, config: dict[str, Any]):
        super().__init__(config)
        self._config = MyConnectorConfig.model_validate(config)

More Resources

• Plugin README: plugins/README.md

• Example Template Files: new-plugin-template