aicoolies logo
garak logo

garak

NVIDIA's LLM vulnerability scanner and red-teaming tool

Share
open-sourceOpen Source
Visit Website →

garak is NVIDIA's open-source LLM vulnerability scanner for red-teaming AI models and applications. Probes for prompt injection, data leakage, hallucination, toxicity, encoding-based attacks, and dozens of other vulnerability categories. Runs automated attack sequences against any LLM endpoint and generates detailed vulnerability reports. Features a modular probe/detector architecture that is extensible with custom attack patterns. Named after the Star Trek character known for deception.

garak is NVIDIA's open-source tool for LLM red-teaming and vulnerability scanning. Named after the deceptive Star Trek character, it systematically probes AI models for security weaknesses, biases, and failure modes.

The tool runs automated attack sequences including prompt injection attempts, jailbreak patterns, data extraction probes, encoding-based bypasses, toxicity elicitation, hallucination triggers, and dozens of other vulnerability categories drawn from AI security research.

A modular architecture separates probes (attack generators), detectors (vulnerability identifiers), and generators (target model interfaces). This makes it extensible — researchers and security teams can add custom attack patterns specific to their applications.

garak works with any LLM endpoint including OpenAI, Anthropic, Hugging Face models, and local deployments. It generates detailed vulnerability reports scoring each model across attack categories, enabling systematic comparison of model security postures before deployment.

Pricing

Free and open-source

Platforms

Python, CLI, any LLM endpoint

Categories

Tags

Use Cases

Alternatives

MCP-Scan logo

MCP-Scan

Security scanner for MCP servers against tool poisoning attacks

MCP-Scan is a security tool that scans MCP servers for vulnerabilities including tool poisoning, prompt injection, cross-origin escalation, and rug pull attacks. Acquired by Snyk in 2026, it is the first dedicated security scanner for the MCP ecosystem. It analyzes tool descriptions, permissions, and behavior patterns to detect malicious or compromised MCP servers before they can exploit AI agents.

open-sourceOpen Source
DeepTeam logo

DeepTeam

Open-source LLM red-teaming framework with 40+ attack types

DeepTeam is an open-source red-teaming framework for systematically testing LLM applications against 40+ adversarial attack types. It covers OWASP Top 10 for LLMs including jailbreaks, prompt injection, PII leakage, and hallucination attacks. Built as the sister project of DeepEval for security testing alongside evaluation. Apache-2.0 licensed.

open-sourceOpen Source

Shannon

Autonomous AI pentester for web apps and APIs

Shannon is an autonomous white-box AI pentesting tool for web applications and APIs. It analyzes authorized source code, identifies attack vectors, attempts proof-by-exploitation, and produces remediation-ready reports. Shannon Lite is AGPL-3.0 for local use, while Shannon Pro is the commercial Keygraph platform for continuous security testing.

freemiumOpen Source
osv-scanner logo

osv-scanner

Google's vulnerability scanner using the OSV database

OSV-Scanner is Google's official open-source vulnerability scanner that checks your project's dependencies against the OSV.dev database — the largest open vulnerability database covering all major ecosystems. Written in Go, it supports lockfiles from npm, pip, Maven, Cargo, Go modules, and more, providing actionable remediation guidance and CI/CD integration for automated security scanning.

open-sourceOpen Source

Related Tools

Hermes Agent logo

Hermes Agent

Top Pick

Open-source AI agent framework with persistent memory, reusable skills, tools, and messaging gateways

Hermes Agent is an open-source AI agent framework with persistent memory, reusable skills, 40+ tools, cron jobs, and messaging gateways.

open-sourceOpen Source
BeeAI Framework logo

BeeAI Framework

Python and TypeScript framework for production multi-agent systems

BeeAI Framework is an Apache-2.0 toolkit for building production-ready AI agents and multi-agent systems in Python and TypeScript. Its docs cover agents, tools, RAG, memory, workflows, backend providers, serving, and A2A/MCP integration surfaces, making it a vendor-neutral option for teams comparing LangGraph, CrewAI, Mastra, and related agent runtimes.

open-sourceOpen SourceTelemetry
Superserve logo

Superserve

Open-source Firecracker sandboxes for long-running AI agents

Superserve is an open-source sandbox infrastructure layer for AI agents that need durable computers instead of short-lived shells. It runs isolated Firecracker microVMs, supports pause, resume, snapshot, fork, preview URLs, MCP connectivity, SDK/API control, Docker workloads, and self-hosting, while the hosted service adds pay-as-you-go agent sandboxes for teams.

open-sourceOpen Source

Anthropic Agent Skills

Official Claude Agent Skills examples, spec, and plugin marketplace for reusable agent capabilities

Anthropic Agent Skills is Anthropic's official reference repo and Claude Code plugin marketplace for reusable Skill folders. It packages example SKILL.md workflows, document skills, a Claude API skill, templates, and the Agent Skills spec so teams can turn repeatable instructions, scripts, and resources into on-demand Claude capabilities instead of copying prompts across sessions.

freeTelemetry
agmsg logo

agmsg

Cross-agent messaging for CLI coding agents

agmsg is an MIT-licensed Bash and SQLite messaging layer for CLI coding agents. It lets Claude Code, Codex, Gemini CLI, GitHub Copilot CLI, Antigravity, OpenCode, Hermes, and other terminal agents exchange messages through a shared local database instead of relying on a human copy-paste relay. It is intentionally not MCP, not a broker, and not a subagent framework.

open-sourceOpen Source
eve vercel

eve by Vercel

Filesystem-first framework for durable AI agents

Eve is Vercel's filesystem-first TypeScript framework for building durable AI agents as ordinary project files. It combines Markdown instructions and skills, typed tools, channels, connections, subagents, schedules, sandboxes, and evals with Vercel's agent runtime so teams can ship deployable agents without hand-rolling orchestration. The current beta fits Vercel-native backend agent projects.

open-sourceOpen Source

Used in Stacks

Comparisons

Shannon vs Garak — AI Penetration Tester vs LLM Vulnerability Scanner

Shannon and Garak both address AI security but from completely different angles. Shannon is an autonomous pentester that attacks web applications and APIs to find real vulnerabilities, while Garak probes LLM models themselves for prompt injection, jailbreaks, and alignment failures. They are complementary tools targeting different layers of the AI application stack.

Shannongarak

ps-fuzz vs Garak vs NeMo Guardrails — Prompt Injection Testing & LLM Security Tools Compared

As LLM-powered applications become production staples, prompt injection and jailbreak attacks represent some of the most dangerous threat vectors. Developers need tools that can systematically test their systems against these attacks before deployment. This comparison examines three distinct approaches to LLM security: ps-fuzz for targeted prompt fuzzing, Garak for comprehensive vulnerability scanning, and NeMo Guardrails for runtime protection and enforcement.

ps-fuzzgarakNeMo Guardrails

ModelScan vs LLM Guard vs Garak — AI Model Security Comparison

AI model security addresses threats at different layers of the ML lifecycle. ModelScan from Protect AI detects malicious code embedded in serialized model files before deployment, protecting against model supply chain attacks. LLM Guard acts as a real-time firewall for LLM applications, scanning prompts and responses to block injection attacks and data leakage. Garak is an LLM vulnerability scanner that probes models for weaknesses through automated red-teaming and adversarial testing.

ModelScanLLM Guardgarak

Lakera vs garak — LLM Security Tool Comparison

Two complementary approaches to LLM security. Lakera Guard provides real-time production protection against prompt injection and jailbreaks as an API proxy. garak is NVIDIA's open-source red-teaming scanner for proactively finding LLM vulnerabilities before deployment.

Lakeragarak