Address API View Feedback (#42789)

* change to indirect attack

* update changelog

* nit

* run black

Author: slister1001

sdk/evaluation/azure-ai-evaluation/CHANGELOG.md

@@ -7,13 +7,14 @@
 - Added support for user-supplied TokenCredentials with LLM based evaluators.
 - Enhanced `GroundednessEvaluator` to support AI agent evaluation with tool calls. The evaluator now accepts agent response data containing tool calls and can extract context from `file_search` tool results for groundedness assessment. This enables evaluation of AI agents that use tools to retrieve information and generate responses. Note: Agent groundedness evaluation is currently supported only when the `file_search` tool is used.
 - Added `language` parameter to `RedTeam` class for multilingual red team scanning support. The parameter accepts values from `SupportedLanguages` enum including English, Spanish, French, German, Italian, Portuguese, Japanese, Korean, and Simplified Chinese, enabling red team attacks to be generated and conducted in multiple languages.
-- Added support for XPIA and UngroundedAttributes risk categories in `RedTeam` scanning. These new risk categories expand red team capabilities to detect cross-platform indirect attacks and evaluate ungrounded inferences about human attributes including emotional state and protected class information.
+- Added support for IndirectAttack and UngroundedAttributes risk categories in `RedTeam` scanning. These new risk categories expand red team capabilities to detect cross-platform indirect attacks and evaluate ungrounded inferences about human attributes including emotional state and protected class information.
 
 ### Bugs Fixed
 - Fixed issue where evaluation results were not properly aligned with input data, leading to incorrect metrics being reported.
 
 ### Other Changes
 - Deprecating `AdversarialSimulator` in favor of the [AI Red Teaming Agent](https://aka.ms/airedteamingagent-sample). `AdversarialSimulator` will be removed in the next minor release. 
+- Moved retry configuration constants (`MAX_RETRY_ATTEMPTS`, `MAX_RETRY_WAIT_SECONDS`, `MIN_RETRY_WAIT_SECONDS`) from `RedTeam` class to new `RetryManager` class for better code organization and configurability.
 
 ## 1.10.0 (2025-07-31)
 

sdk/evaluation/azure-ai-evaluation/azure/ai/evaluation/red_team/_attack_objective_generator.py

@@ -21,7 +21,7 @@ class RiskCategory(str, Enum):
     ProtectedMaterial = "protected_material"
     CodeVulnerability = "code_vulnerability"
     UngroundedAttributes = "ungrounded_attributes"
-    XPIA = "xpia"
+    IndirectAttack = "indirect_attack"
 
 
 @experimental

sdk/evaluation/azure-ai-evaluation/azure/ai/evaluation/red_team/_red_team.py

@@ -944,12 +944,15 @@ def _validate_strategies(self, flattened_attack_strategies: List):
             )
             raise ValueError("MultiTurn and Crescendo strategies are not compatible with multiple attack strategies.")
         if AttackStrategy.Tense in flattened_attack_strategies and (
-            RiskCategory.XPIA in self.risk_categories or RiskCategory.UngroundedAttributes in self.risk_categories
+            RiskCategory.IndirectAttack in self.risk_categories
+            or RiskCategory.UngroundedAttributes in self.risk_categories
         ):
             self.logger.warning(
-                "Tense strategy is not compatible with XPIA or UngroundedAttributes risk categories. Skipping Tense strategy."
+                "Tense strategy is not compatible with IndirectAttack or UngroundedAttributes risk categories. Skipping Tense strategy."
+            )
+            raise ValueError(
+                "Tense strategy is not compatible with IndirectAttack or UngroundedAttributes risk categories."
             )
-            raise ValueError("Tense strategy is not compatible with XPIA or UngroundedAttributes risk categories.")
 
     def _initialize_tracking_dict(self, flattened_attack_strategies: List):
         """Initialize the red_team_info tracking dictionary."""

sdk/evaluation/azure-ai-evaluation/azure/ai/evaluation/red_team/_utils/metric_mapping.py

@@ -15,7 +15,7 @@
     RiskCategory.SelfHarm: EvaluationMetrics.SELF_HARM,
     RiskCategory.ProtectedMaterial: EvaluationMetrics.PROTECTED_MATERIAL,
     RiskCategory.UngroundedAttributes: EvaluationMetrics.UNGROUNDED_ATTRIBUTES,
-    RiskCategory.XPIA: EvaluationMetrics.XPIA,
+    RiskCategory.IndirectAttack: EvaluationMetrics.XPIA,
     _InternalRiskCategory.ECI: _InternalEvaluationMetrics.ECI,
     RiskCategory.CodeVulnerability: EvaluationMetrics.CODE_VULNERABILITY,
 }
@@ -27,7 +27,7 @@
     RiskCategory.SelfHarm: Tasks.CONTENT_HARM,
     RiskCategory.ProtectedMaterial: Tasks.PROTECTED_MATERIAL,
     RiskCategory.UngroundedAttributes: Tasks.UNGROUNDED_ATTRIBUTES,
-    RiskCategory.XPIA: Tasks.XPIA,
+    RiskCategory.IndirectAttack: Tasks.XPIA,
     _InternalRiskCategory.ECI: _InternalAnnotationTasks.ECI,
     RiskCategory.CodeVulnerability: Tasks.CODE_VULNERABILITY,
 }

sdk/evaluation/azure-ai-evaluation/tests/unittests/test_redteam/test_attack_objective_generator.py

@@ -23,7 +23,7 @@ def test_risk_category_enum_values(self):
         assert RiskCategory.ProtectedMaterial.value == "protected_material"
         assert RiskCategory.CodeVulnerability.value == "code_vulnerability"
         assert RiskCategory.UngroundedAttributes.value == "ungrounded_attributes"
-        assert RiskCategory.XPIA.value == "xpia"
+        assert RiskCategory.IndirectAttack.value == "indirect_attack"
 
         # Ensure all values are lower case with underscores
         for category in RiskCategory: