site/docs/red-team/strategies/other-encodings.md
The other-encodings strategy collection provides multiple text transformation methods to test model resilience against evasion techniques that use alternative text representations. This collection automatically includes camelCase, Morse code, Pig Latin, and emoji-based encodings.
You can use the other-encodings collection in your configuration to automatically include all encoding strategies in this collection:
strategies:
- other-encodings # Includes camelCase, Morse code, Pig Latin, and emoji encoding
This is equivalent to specifying each strategy individually:
strategies:
- camelcase
- morse
- piglatin
The camelCase strategy converts text to camelCase by removing spaces and capitalizing the first letter of each subsequent word.
The transformation follows these rules:
For example, "Hello World" becomes:
helloWorld
Add the camelCase strategy individually to your red team configuration:
strategies:
- camelcase # Apply camelCase transformation
The Morse code strategy converts all characters in the test payload to dots and dashes, the universal encoding system developed for telegraph communications.
Standard ASCII characters are converted to their Morse code equivalents:
For example, "Hello World" becomes:
.... . .-.. .-.. --- / .-- --- .-. .-.. -..
Add the Morse code strategy individually to your red team configuration:
strategies:
- morse # Apply Morse code transformation
The Pig Latin strategy transforms text according to the playful language game rules of Pig Latin, which is a simple form of language encoding.
The transformation follows these rules:
For example, "Hello World" becomes:
elloHay orldWay
Add the Pig Latin strategy individually to your red team configuration:
strategies:
- piglatin # Apply Pig Latin transformation
The Emoji encoding strategy hides a UTF-8 payload inside invisible Unicode variation selectors appended to an emoji. This allows short strings to contain arbitrary data while remaining mostly unreadable.
Add the emoji strategy individually to your red team configuration:
strategies:
- emoji # Hide text inside an emoji
Here's a complete example that applies the encoding collection to test cases:
# yaml-language-server: $schema=https://promptfoo.dev/config-schema.json
prompts:
- 'Answer this question: {{prompt}}'
providers:
- openai:gpt-5
# Red team config
redteam:
plugins:
- owasp:llm
strategies:
- basic # Include original prompts
- other-encodings # Includes camelCase, Morse code, Pig Latin, and emoji encoding
These encoding transformations are static, deterministic processes that don't require additional API calls to implement. They provide a way to test how models handle content that has been transformed in ways that might bypass text-based content filters while remaining human-interpretable.
Alternative text encodings can be used to bypass content filters that rely on exact string matching. By replacing standard text with these encoded versions, attackers might be able to evade detection of prohibited content. These strategies help evaluate how well models handle these types of evasion techniques.
Some specific security benefits of testing with these encodings: