Research
By IdonAI Safety Team7 min read
Safety

Red-Team Pack v1 — A Minimal Adversarial Suite for Release Gates

First standardized jailbreak and misuse suite used as a hard gate before Origin promotions.

Abstract

This paper presents IdonAI Research’s work on Red-Team Pack v1 release gates, situated in the company’s 2024 research arc from founding experiments through Origin, NextGen, and Quark. We describe motivation, methods, experimental setup, quantitative results, ablations, failure modes, deployment implications, limitations, and future work. Where applicable we cross-reference the flagship reports on Origin, NextGen, Quark, and Safety so readers can navigate from this focused study to the broader system story.

Red-Team Pack v1 release gates is not a side quest. It is a load-bearing piece of how IdonAI ships assistants that are fast enough to use, strong enough to trust on hard tasks, and constrained enough to deploy. We write in the register of an internal technical report released publicly: specific enough to be falsifiable, humble enough to admit residual risk.

1. Introduction

1.1 Historical context

IdonAI’s Research Charter (2022) insisted that every research thread answer a serving or safety question—not only a leaderboard question. By 2024, that insistence had shaped a two-model family (Origin for interactive workloads, NextGen for deep reasoning) and an assistant control plane (Quark) that routes between them. The present work on Red-Team Pack v1 release gates exists inside that architecture.

1.2 Problem statement

Without careful treatment of Red-Team Pack v1 release gates, we observed concrete failure modes in staging: regressions that academic smoke tests missed, cost blowups under realistic traffic, or safety gaps that preference updates accidentally reopened. The research question is therefore operational as well as scientific: what design, metrics, and gates make Red-Team Pack v1 release gates reliable enough for production promotion?

1.3 Contributions

  1. A clear problem formulation and threat/ops model for Red-Team Pack v1 release gates.
  2. Methods and evaluation protocol aligned with IdonAI harness hygiene.
  3. Quantitative results and ablations on Origin- and/or NextGen-class systems.
  4. Deployment guidance for Quark and enterprise serving.
  5. An explicit limitations section—what this paper does not claim.

Industry practice around Red-Team Pack v1 release gates spans academic literature and production postmortems. We draw on public results from large labs (scaling laws, RLHF, MoE, long-context, red-teaming) while refusing to cargo-cult settings that ignore IdonAI’s latency and safety constraints. Internally, this line of work builds on data filtering v1, tokenizer unification, GQA serving, preference optimization v1, and red-team pack gates.

Readers seeking model-level numbers should consult Origin and NextGen. Readers seeking assistant-level routing and honesty metrics should consult Quark. System safety metrics live in Safety Research.

3. Methods

3.1 Design principles

  • Measurable: every change ships with a metric owner and a threshold.
  • Comparable: harness commits and prompt templates are pinned.
  • Reversible: canaries and rollbacks are part of the method, not an afterthought.
  • Paired dashboards: capability and safety (including over-refusal) move together.

3.2 Experimental setup

Unless noted, language-model experiments use Origin-class or NextGen-class checkpoints with the shared tokenizer. Decoding for academic suites follows temperature 0. Product-like evaluations use Quark-shaped system prompts. Safety-sensitive items are scored with the blocked / partial / full-fail rubric from Red-Team Pack practice.

3.3 Data and annotation

Human labels (when used) follow written guidelines with spot audits. We do not train on private Quark conversations without explicit opt-in programs. Filtered pretraining mixtures follow provenance manifests from the data quality pipeline.

3.4 Training / systems details (as applicable)

Optimization uses AdamW-family trainers, mixed precision, gradient clipping, and KL or load-balancing auxiliaries when relevant (preference optimization, MoE). Serving experiments use continuous batching with paged KV caches; interactive SLOs follow the Origin canary framework.

4. Evaluation protocol

We separate academic, product, and operational metrics:

ClassExamplesCadence
AcademicMMLU, HumanEval, GSM8K, MATH, GPQAevery major checkpoint
Productcoherence, routing win rate, schema validityQuark candidates
Safetyjailbreak packs, over-refusal, injectionevery candidate
Opsp50/p95 TTFT, error budget, cache hit ratecanary ramps

No single class can veto the others alone—except disallowed-category full fails and safety filter bypasses, which are stop-the-line.

5. Results

5.1 Primary outcomes

On the evaluation cuts associated with this workstream, interventions targeting Red-Team Pack v1 release gates produced material improvements on the owned metrics without unacceptable regressions on held-out capability smokes. Representative patterns (detailed tables live in companion notes and flagship reports):

  • Quality metrics moved in the intended direction on the primary task family.
  • Latency / cost either held within budget or was explicitly traded against a documented quality gain.
  • Safety pack full fails did not increase; where safety training tightened, over-refusal was co-monitored.

5.2 Ablations

Removing individual components of the Red-Team Pack v1 release gates stack (e.g., a filter stage, a routing feature, a preference axis, a canary gate) reliably degraded the owned metric and sometimes created hidden couplings—e.g., verbosity rewards harming TTFT, or safety-only batches harming benign usefulness.

5.3 Qualitative failure analysis

Manual review clusters failures into: distribution shift, underspecified user intent, harness mismatch, and genuine model capability limits. We file recurring clusters as dataset or policy bugs, not as one-off prompt hacks.

6. Deployment implications

6.1 Quark

Quark consumes this research as: routing defaults, structured-output modes, safety filters, or serving configs. User-visible behavior should match the model IDs and decoding semantics we will expose via API when keys leave “under development” status.

6.2 Enterprise

Enterprise isolation patterns (dedicated capacity, VPC, audit logs) may amplify or constrain how Red-Team Pack v1 release gates is configured. Contact enterprise@idonai.com for deployment-specific controls.

6.3 Release gating

Changes related to Red-Team Pack v1 release gates require: harness smokes, safety pack subset, and canary ramp where serving-impacting.

7. Limitations

  1. Results are IdonAI-internal unless stated; third-party harnesses may differ.
  2. English-centric evaluation remains a gap.
  3. Adaptive adversaries and novel jailbreaks outpace static suites.
  4. Long-context and multimodal channels introduce injection paths not fully covered in early years.
  5. We do not claim solved alignment, calibrated confidence, or zero hallucination.
  6. API key issuance remains under development—interactive evaluation via Quark is the supported path today.

8. Broader impacts

Improving Red-Team Pack v1 release gates can reduce user frustration and operational cost, but can also concentrate capability. We pair capability work with refusal training, monitoring, and conservative defaults on dual-use domains. Transparency about limitations is part of the safety program, not a PR appendix.

9. Future work

  • Learned routers / richer policies where heuristics dominate today
  • Stronger multilingual and multimodal evals
  • Better calibrated abstention and citation grounding
  • Public reproducible suites as harnesses stabilize
  • Tighter energy accounting for training and serving

10. Conclusion

Red-Team Pack v1 release gates is a first-class research surface at IdonAI: specified, measured, gated, and connected to Origin, NextGen, and Quark. This paper records the state of that surface in 2024 and points to the flagship reports for system-level synthesis.

Related: Origin · NextGen · Quark · Safety

References (selected)

  1. IdonAI, “Research Charter,” 2022.
  2. IdonAI, “Origin Technical Report,” 2023.
  3. IdonAI, “NextGen Technical Report,” 2026.
  4. IdonAI, “Quark Technical Report,” 2026.
  5. IdonAI, “Safety Research,” 2025.
  6. Ouyang et al., InstructGPT / RLHF, 2022.
  7. OpenAI, GPT-4 Technical Report, 2023.
  8. Gemini Team, Gemini technical reports, 2023–2025.