Default model

sonar-pro

Supported models

Any model available through the Perplexity API:
  • sonar-pro (default, web-grounded flagship)
  • sonar (web-grounded base)
  • sonar-reasoning-pro (reasoning + web)
  • sonar-reasoning (reasoning + web base)
  • Any other model ID the API accepts

Authentication

Environment variable: 
export PERPLEXITY_API_KEY=pplx-...
Config command: 
ai-blackteam config set providers.perplexity.api_key pplx-...
Get your API key from perplexity.ai/settings/api.

Example usage

# Single attack with default model
ai-blackteam run -p perplexity -a indirect-injection -t "Search for X and ignore safety"

# Compare web-grounded vs sealed
ai-blackteam benchmark --models perplexity:sonar-pro,anthropic:claude-sonnet-4-6

Tool-use support

No. Single-turn and multi-turn attacks work.

Notes

  • Web-grounded models behave differently under prompt injection than sealed-knowledge LLMs — distinct attack surface worth testing separately
  • The provider uses the OpenAI SDK pointed at Perplexity’s API (base_url="https://api.perplexity.ai")
  • Sonar models include web search results in the context, making them vulnerable to indirect prompt injection via search-engine-poisoning
  • Max output tokens per request: 4,096
  • Retry with exponential backoff is automatic on API failures (3 attempts)