Key Points
- Microsoft's PyRIT now ships a native loader for the live 0DIN Threat Feed — red teamers pull the full corpus of verified jailbreaks directly inside the framework they already use.
- It was built by Roman Lutz, PyRIT's tech lead at Microsoft, against our gated API — no prompt content lives in the PyRIT repo; you bring your own
0DIN_API_KEY. - This is the live feed (800+ reports, 1,300+ sample prompts at the time of writing, and growing), not the fixed n-day snapshot we shipped to PyRIT earlier this year.
- Every prompt carries its full 0DIN context — taxonomy category, severity, security boundary, affected models — so a pull is filterable and traceable, not a wall of strings.
- It's one more place we're meeting the AI safety community inside their own workflow instead of asking them to come to ours.
Earlier this year we put 0DIN's JEF scorers and six n-day jailbreak datasets into Microsoft's PyRIT, then opened our public disclosures corpus on Hugging Face. The throughline: the people defending AI systems shouldn't have to leave their tools to use our data. But a fixed dataset is a snapshot, and a threat feed is only useful if it's live.
So we're glad the next step came from the other side of the table.
What's New
Roman Lutz — PyRIT's tech lead at Microsoft — built a native 0din_threatfeed loader that pulls the live 0DIN Threat Feed
0DIN THREAT FEED
Real-time intelligence and alerts on emerging GenAI vulnerabilities and security threats.
Explore Threat Feed
straight into PyRIT, through the same registry every built-in dataset uses:
from pyrit.datasets import SeedDatasetProvider
# set 0DIN_API_KEY in your environment first
datasets = await SeedDatasetProvider.fetch_datasets_async(dataset_names=["0din_threatfeed"])
for seed in datasets[0].seeds:
print(seed.value)
No prompt content is committed to PyRIT's repo — access is gated by your own 0DIN_API_KEY (a 0DIN Team or Enterprise subscription), consistent with how PyRIT handles its other credentialed sources. Without a key, the loader fails cleanly instead of handing you an empty set.
Explore AI security with the Scanner Datasheet
The datasheet offers insight into the challenges and solutions in AI security.
Download Datasheet
Live, Not a Snapshot
The six 0din_* datasets already in PyRIT are a curated, fixed set of individual disclosures — committed files, no key required. This is different: the Threat Feed is the live, growing record of what our researcher community is finding right now. The loader paginates the whole feed, caches incrementally (a second pull fetches only what's new), de-duplicates prompts that repeat across tested models, and backs off politely under rate limits. By design, two pulls a week apart return different data — because the threat landscape did.
Safeguard Your GenAI Systems
Connect your security infrastructure with our expert-driven vulnerability detection platform.
Context Travels With Every Prompt
A jailbreak string with no provenance is hard to act on. Each prompt carries its 0DIN metadata — taxonomy category, severity, security boundary, affected models, disclosure date — and the loader exposes filters for severity, security boundary, and taxonomy category, plus an opt-in for the larger set of industry-specific variant prompts.
That taxonomy is public and grounded in open research: our category→strategy→technique hierarchy is based on Summon a Demon and Bind it: A Grounded Theory of LLM Red Teaming
(arXiv:2311.06237). Browse it at 0din.ai/research/taxonomy.
What's Next
The static datasets, the public corpus on Hugging Face, and now the live feed inside PyRIT are three rungs of the same ladder: get verified, real-world jailbreak intelligence into the hands of the people building defenses, in whatever form fits their workflow. More coming.