Loading...
Loading...
OmegaEngine · Evidence · Methodology
How we score OmegaEngine's deterministic input-safety engine against its own 5,023-vector attack corpus — and how you can re-run the exact same numbers without a paid dependency or an LLM key.
Every vector in lib/fuzzer/attacks is a known attack. Running them through the safety engine measures its recall: of 5,023 attacks we know are malicious, how many does the deterministic engine block? The misses are honest findings about our own product, not hidden failures.
| Metric | Value |
|---|---|
| Overall catch rate | 2,092 / 5,023 = 41.65% |
| Missed (require the LLM verdict layer or curation) | 2,931 |
| Deterministic latency p50 | 0.508 ms |
| Deterministic latency p95 | 1.639 ms |
| Deterministic latency p99 | 3.614 ms |
The full machine-readable artifact — including the per-category breakdown and the exact engine layer list — is published at /evidence/fuzzer-corpus-score.json.
| Category | Caught / total | Catch rate |
|---|---|---|
| MULTILINGUAL | 0 / 200 | 0% |
| SOCIAL_ENGINEERING | 0 / 200 | 0% |
| BIAS | 0 / 150 | 0% |
| MULTI_TURN | 0 / 90 | 0% |
| COMPLIANCE | 4 / 50 | 8% |
| MULTI_AGENT | 10 / 100 | 10% |
| SUMMARIZATION | 5 / 50 | 10% |
| COT_MANIPULATION | 44 / 200 | 22% |
| EMERGENCY_BYPASS | 42 / 150 | 28% |
| HARMFUL_CONTENT | 33 / 112 | 29.5% |
| HALLUCINATION | 46 / 150 | 30.7% |
| ADVERSARIAL | 13 / 40 | 32.5% |
| TOOL_ABUSE | 15 / 45 | 33.3% |
| COMPLETION | 51 / 150 | 34% |
| ENCODING | 123 / 350 | 35.1% |
| MEMORY_POISON | 36 / 100 | 36% |
| DEBUG_MODE | 54 / 150 | 36% |
| TRANSLATION | 74 / 200 | 37% |
| HYPOTHETICAL | 78 / 200 | 39% |
| REFLECTION | 40 / 100 | 40% |
| UNICODE | 90 / 200 | 45% |
| DATA_EXFIL | 142 / 296 | 48% |
| PRIVILEGE_ESCALATION | 73 / 150 | 48.7% |
| PROMPT_INJECTION | 142 / 250 | 56.8% |
| OUTPUT_FORMAT | 87 / 150 | 58% |
| RAG_POISON | 70 / 120 | 58.3% |
| JAILBREAK | 181 / 300 | 60.3% |
| SYSTEM_LEAK | 102 / 150 | 68% |
| DELIMITER_BYPASS | 102 / 150 | 68% |
| INSTRUCTION_HIERARCHY | 115 / 150 | 76.7% |
| ROLEPLAY | 300 / 300 | 100% |
| CONTEXT_OVERFLOW | 20 / 20 | 100% |
Categories at or near 0% (e.g. multilingual, social-engineering, bias) are the semantic-framing attacks the keyword engine is not designed to catch on its own — they are exactly what the LLM verdict layer exists to handle. We publish them rather than hide them.
The score is regenerated by a single deterministic script — no key, no spend:
# from a clone of the repo
npm ci
npm run eval:fuzzer-corpus
# → writes public/evidence/fuzzer-corpus-score.jsonTo verify the receipts a real decision produces — independently of our site — use the open verification packages:
# TypeScript verifier
npm install @omegaengine/verify
# Python auditor
pip install omega-audit