\n
## Bar Chart: Attack Success Rate with and without Guard
### Overview
This bar chart compares the Attack Success Rate (ASR) for various attack categories with the "Guard" feature turned OFF (baseline) and turned ON (protected). The chart uses paired bars for each category, allowing for a direct visual comparison of the ASR reduction provided by the Guard feature.
### Components/Axes
* **X-axis:** "Attack Categories" with the following categories: Delegate, Role-play, Recon/Env, Directory, Exfiltration, Obfuscation, Formatting, Override, Context-leak, CTA/Nav.
* **Y-axis:** "Attack Success Rate (%)" ranging from 0 to 110, with increments of 20.
* **Legend:** Located in the top-left corner.
* Red bars: "Guard OFF (Baseline ASR %)"
* Green bars: "Guard ON (Protected ASR %)"
### Detailed Analysis
The chart presents paired bars for each attack category. The red bars represent the baseline ASR without the Guard feature, and the green bars represent the ASR with the Guard feature enabled.
* **Delegate:** Baseline ASR is approximately 100%. Protected ASR is approximately 0%.
* **Role-play:** Baseline ASR is approximately 65%. Protected ASR is approximately 30%.
* **Recon/Env:** Baseline ASR is approximately 60%. Protected ASR is approximately 20%.
* **Directory:** Baseline ASR is approximately 40%. Protected ASR is approximately 10%.
* **Exfiltration:** Baseline ASR is approximately 30%. Protected ASR is approximately 5%.
* **Obfuscation:** Baseline ASR is approximately 30%. Protected ASR is approximately 10%.
* **Formatting:** Baseline ASR is approximately 30%. Protected ASR is approximately 25%.
* **Override:** Baseline ASR is approximately 20%. Protected ASR is approximately 0%.
* **Context-leak:** Baseline ASR is approximately 10%. Protected ASR is approximately 0%.
* **CTA/Nav:** Baseline ASR is approximately 10%. Protected ASR is approximately 0%.
The red bars generally decrease in height from left to right, indicating a decreasing baseline ASR across the attack categories. The green bars are consistently lower than the red bars, demonstrating the effectiveness of the Guard feature in reducing ASR.
### Key Observations
* The Guard feature significantly reduces the ASR for most attack categories.
* The largest reduction in ASR is observed for "Delegate", "Override", and "Context-leak" attacks, where the ASR is reduced to approximately 0% with the Guard feature enabled.
* The smallest reduction in ASR is observed for "Formatting" attacks, where the ASR decreases from approximately 30% to 25% with the Guard feature enabled.
* The baseline ASR is highest for "Delegate" attacks, indicating that this is the most successful attack category without the Guard feature.
### Interpretation
The data strongly suggests that the Guard feature is highly effective in mitigating the success rate of various attack categories. The substantial reduction in ASR across most categories indicates that the Guard feature provides a significant layer of security. The near-zero ASR for "Delegate", "Override", and "Context-leak" attacks with the Guard enabled suggests that these attacks are effectively blocked by the feature. The relatively smaller reduction in ASR for "Formatting" attacks may indicate that this attack category is more resilient to the Guard feature, or that the Guard feature is less effective against this specific type of attack.
The decreasing baseline ASR from left to right could indicate that the attack categories are ordered by their inherent difficulty or prevalence. The Guard feature consistently improves security across all categories, but its impact varies depending on the specific attack type. This information can be used to prioritize security efforts and focus on strengthening defenses against the most prevalent or dangerous attack categories.
