## Bar Chart: Attack Success Rate vs. Attack Categories ### Overview The image is a bar chart comparing the attack success rate (ASR) for different attack categories with "Guard OFF" (baseline) and "Guard ON" (protected). The x-axis represents the attack categories, and the y-axis represents the attack success rate in percentage. The chart shows the baseline ASR for each category, while the protected ASR appears to be zero across all categories. ### Components/Axes * **Title:** Implicitly, Attack Success Rate vs. Attack Categories * **X-axis:** Attack Categories * Categories: Delegate, Role-play, Recon/Env, Directory, Exfiltration, Obfuscation, Formatting, Override, Context-leak, CTA/Nav * **Y-axis:** Attack Success Rate (%) * Scale: 0 to 110, with increments of 20 (0, 20, 40, 60, 80, 100, 110) * **Legend:** Located at the top of the chart. * Guard OFF (Baseline ASR %): Represented by a red-brown bar. * Guard ON (Protected ASR %): Represented by a green bar. ### Detailed Analysis The chart displays the attack success rate for each attack category when the "Guard" is OFF (baseline). The "Guard ON" (protected) ASR is not visible, implying it is zero or very close to zero for all categories. Here are the approximate ASR values for each category with "Guard OFF": * **Delegate:** 100% * **Role-play:** 67% * **Recon/Env:** 60% * **Directory:** 50% * **Exfiltration:** 50% * **Obfuscation:** 33% * **Formatting:** 20% * **Override:** 0% * **Context-leak:** 0% * **CTA/Nav:** 0% ### Key Observations * The "Delegate" category has the highest attack success rate (100%) when the guard is off. * The attack success rate generally decreases from left to right across the categories. * The "Override", "Context-leak", and "CTA/Nav" categories have the lowest attack success rate (0%) when the guard is off. * The "Guard ON" ASR is not visible, suggesting it is zero or very close to zero for all categories. ### Interpretation The data suggests that the "Guard" mechanism effectively reduces the attack success rate to near zero across all tested categories. The baseline ASR varies significantly depending on the attack category, with "Delegate" being the most vulnerable and "Override", "Context-leak", and "CTA/Nav" being the least vulnerable in the baseline scenario. The effectiveness of the "Guard" is demonstrated by the absence of visible bars for the "Guard ON" condition, indicating a significant reduction in ASR. This implies that the "Guard" provides a robust defense against the tested attack categories.

\n ## Bar Chart: Attack Success Rate with and without Guard ### Overview This bar chart compares the Attack Success Rate (ASR) for various attack categories with the "Guard" feature turned OFF (baseline) and turned ON (protected). The chart uses paired bars for each category, allowing for a direct visual comparison of the ASR reduction provided by the Guard feature. ### Components/Axes * **X-axis:** "Attack Categories" with the following categories: Delegate, Role-play, Recon/Env, Directory, Exfiltration, Obfuscation, Formatting, Override, Context-leak, CTA/Nav. * **Y-axis:** "Attack Success Rate (%)" ranging from 0 to 110, with increments of 20. * **Legend:** Located in the top-left corner. * Red bars: "Guard OFF (Baseline ASR %)" * Green bars: "Guard ON (Protected ASR %)" ### Detailed Analysis The chart presents paired bars for each attack category. The red bars represent the baseline ASR without the Guard feature, and the green bars represent the ASR with the Guard feature enabled. * **Delegate:** Baseline ASR is approximately 100%. Protected ASR is approximately 0%. * **Role-play:** Baseline ASR is approximately 65%. Protected ASR is approximately 30%. * **Recon/Env:** Baseline ASR is approximately 60%. Protected ASR is approximately 20%. * **Directory:** Baseline ASR is approximately 40%. Protected ASR is approximately 10%. * **Exfiltration:** Baseline ASR is approximately 30%. Protected ASR is approximately 5%. * **Obfuscation:** Baseline ASR is approximately 30%. Protected ASR is approximately 10%. * **Formatting:** Baseline ASR is approximately 30%. Protected ASR is approximately 25%. * **Override:** Baseline ASR is approximately 20%. Protected ASR is approximately 0%. * **Context-leak:** Baseline ASR is approximately 10%. Protected ASR is approximately 0%. * **CTA/Nav:** Baseline ASR is approximately 10%. Protected ASR is approximately 0%. The red bars generally decrease in height from left to right, indicating a decreasing baseline ASR across the attack categories. The green bars are consistently lower than the red bars, demonstrating the effectiveness of the Guard feature in reducing ASR. ### Key Observations * The Guard feature significantly reduces the ASR for most attack categories. * The largest reduction in ASR is observed for "Delegate", "Override", and "Context-leak" attacks, where the ASR is reduced to approximately 0% with the Guard feature enabled. * The smallest reduction in ASR is observed for "Formatting" attacks, where the ASR decreases from approximately 30% to 25% with the Guard feature enabled. * The baseline ASR is highest for "Delegate" attacks, indicating that this is the most successful attack category without the Guard feature. ### Interpretation The data strongly suggests that the Guard feature is highly effective in mitigating the success rate of various attack categories. The substantial reduction in ASR across most categories indicates that the Guard feature provides a significant layer of security. The near-zero ASR for "Delegate", "Override", and "Context-leak" attacks with the Guard enabled suggests that these attacks are effectively blocked by the feature. The relatively smaller reduction in ASR for "Formatting" attacks may indicate that this attack category is more resilient to the Guard feature, or that the Guard feature is less effective against this specific type of attack. The decreasing baseline ASR from left to right could indicate that the attack categories are ordered by their inherent difficulty or prevalence. The Guard feature consistently improves security across all categories, but its impact varies depending on the specific attack type. This information can be used to prioritize security efforts and focus on strengthening defenses against the most prevalent or dangerous attack categories.

## Bar Chart: Attack Success Rate (ASR) by Category with Guard ON/OFF ### Overview This is a vertical bar chart comparing the Attack Success Rate (ASR) percentage for ten different attack categories under two conditions: "Guard OFF" (baseline) and "Guard ON" (protected). The chart visually demonstrates the effectiveness of a security "Guard" mechanism in reducing the success rate of various attack types to zero. ### Components/Axes * **Chart Type:** Vertical Bar Chart (Grouped, though only one series has visible bars). * **Legend:** Located at the top center of the chart. * **Red Bar:** `Guard OFF (Baseline ASR %)` * **Green Bar:** `Guard ON (Protected ASR %)` * **X-Axis (Horizontal):** * **Label:** `Attack Categories` * **Categories (from left to right):** `Delegate`, `Role-play`, `Recon/Env`, `Directory`, `Exfiltration`, `Obfuscation`, `Formatting`, `Override`, `Context-leak`, `CTA/Nav`. * **Y-Axis (Vertical):** * **Label:** `Attack Success Rate (%)` * **Scale:** Linear scale from 0 to 110, with major gridlines at intervals of 20 (0, 20, 40, 60, 80, 100, 110). ### Detailed Analysis **Data Series 1: Guard OFF (Baseline ASR %) - Red Bars** The red bars show a descending trend from left to right. The approximate values, read against the y-axis gridlines, are: 1. **Delegate:** ~100% (Bar reaches the 100 gridline). 2. **Role-play:** ~67% (Bar is between 60 and 80, closer to 60). 3. **Recon/Env:** ~60% (Bar aligns with the 60 gridline). 4. **Directory:** ~50% (Bar is midway between 40 and 60). 5. **Exfiltration:** ~50% (Bar is identical in height to Directory). 6. **Obfuscation:** ~33% (Bar is between 20 and 40, closer to 40). 7. **Formatting:** ~20% (Bar aligns with the 20 gridline). 8. **Override:** 0% (No visible red bar). 9. **Context-leak:** 0% (No visible red bar). 10. **CTA/Nav:** 0% (No visible red bar). **Data Series 2: Guard ON (Protected ASR %) - Green Bars** For all ten attack categories, the green bar has a height of 0%. No green bars are visible above the x-axis baseline. ### Key Observations 1. **Complete Mitigation:** The "Guard ON" condition results in a 0% Attack Success Rate for every single category tested, indicating perfect protection in this dataset. 2. **Baseline Vulnerability Hierarchy:** Without the guard (`Guard OFF`), the system is most vulnerable to the `Delegate` attack (100% success). `Role-play` and `Recon/Env` are also highly successful (~67% and ~60%). The `Override`, `Context-leak`, and `CTA/Nav` categories show no baseline success (0%), suggesting they may be ineffective or not applicable in the baseline test scenario. 3. **Trend:** The baseline success rates follow a generally descending order from left to right as presented on the x-axis, with a plateau at 50% for `Directory` and `Exfiltration`. ### Interpretation This chart presents a clear and compelling case for the efficacy of the implemented "Guard" mechanism. The data suggests that the guard is not merely reducing risk but is completely neutralizing the tested attack vectors, bringing their success rate from significant levels (up to 100%) down to zero. The ordering of categories on the x-axis appears to be by descending baseline vulnerability, which helps prioritize understanding which attacks are most dangerous without protection. The fact that three categories (`Override`, `Context-leak`, `CTA/Nav`) have a 0% baseline success rate is notable. This could mean these attack types were not successfully executed in the baseline test, were mis-categorized, or represent theoretical threats that did not materialize in the specific testing environment. Their inclusion with 0% values provides a complete picture of the tested attack landscape. From a security analysis perspective, the primary takeaway is the guard's flawless performance. The secondary insight is the profile of baseline weaknesses, which could inform further hardening efforts even with the guard active, following a defense-in-depth principle. The chart effectively communicates that enabling the guard changes the security posture from one with multiple high-risk vulnerabilities to one with no measurable success for these specific attacks.

# Technical Document Extraction: Attack Success Rate Chart ## Chart Title **Guard OFF (Baseline ASR %)** ## Axes - **X-axis**: Attack Categories Categories: `Delegate`, `Role-play`, `Recon/Env`, `Directory`, `Exfiltration`, `Obfuscation`, `Formatting`, `Override`, `Context-leak`, `CTA/Nav` - **Y-axis**: Attack Success Rate (%) Range: 0% to 110% (in 20% increments) ## Legend - **Position**: Top of chart - **Colors**: - Red: `Guard OFF (Baseline ASR %)` - Green: `Guard ON (Protected ASR %)` *Note: Green bars are not visually present in the chart.* ## Data Points (Red Bars - Guard OFF) | Attack Category | Attack Success Rate (%) | |-------------------|-------------------------| | Delegate | 100 | | Role-play | 65 | | Recon/Env | 60 | | Directory | 50 | | Exfiltration | 50 | | Obfuscation | 35 | | Formatting | 20 | | Override | 0 | | Context-leak | 0 | | CTA/Nav | 0 | ## Observations 1. **Trend**: Attack success rates decrease monotonically from `Delegate` (100%) to `Formatting` (20%), then drop to 0% for remaining categories. 2. **Missing Data**: No bars are visible for `Override`, `Context-leak`, and `CTA/Nav`, indicating 0% success rates. 3. **Legend Discrepancy**: The legend includes `Guard ON (Protected ASR %)` (green), but no green bars are present in the chart. ## Spatial Grounding - **Legend Position**: Top-center of the chart. - **Bar Alignment**: Red bars (Guard OFF) are left-aligned under their respective x-axis labels. ## Component Isolation 1. **Header**: Chart title and legend. 2. **Main Chart**: Bar plot with x-axis categories and y-axis percentages. 3. **Footer**: No additional text or elements. ## Notes - The chart focuses exclusively on `Guard OFF` attack success rates. - The absence of green bars suggests either no data for `Guard ON` or a visualization error. - Y-axis maximum (110%) exceeds typical percentage ranges, potentially indicating a scaling artifact.