AIAny
AI Infra2023
Icon for item

garak

Probes LLMs for failure modes — prompt injection, jailbreaks, data leakage, toxicity, hallucination — the way nmap scans a network. Ships 20+ attack probes that run against Hugging Face, OpenAI, Bedrock, Cohere, or any REST endpoint.

Introduction

Security teams have decades of tooling to scan networks for weaknesses, but an LLM long stayed a black box you simply hoped behaved. garak flips that by treating a model the way a pentester treats a server: throw thousands of adversarial inputs at it and log every place it breaks. The underlying insight is that LLM safety is empirical, not declarative — you can't read a model card and know it won't leak data or obey a jailbreak. You have to attack it and count the failures.

What Sets It Apart
  • Probe-and-detector architecture, not a fixed checklist. Each of its dozen-plus probe families — DAN-style jailbreaks, encoding-based injection, training-data leakage, malware generation, toxicity — pairs with detectors that score responses, so coverage grows as new attack classes land rather than freezing at release.
  • Model-agnostic by design. The same suite runs against Hugging Face, OpenAI, AWS Bedrock, Cohere, Groq, Replicate, or any REST endpoint, so you can benchmark a hosted API against a local model on identical attacks.
  • Quantified output, not vibes. Runs emit JSONL logs and per-probe hit rates, turning "is this model safer than last quarter's?" into a number you can diff in CI instead of a judgment call.
Who It's For

Great fit if you ship or fine-tune LLMs and need repeatable, attack-based evidence of robustness before release, or if you red-team models and want a standard probe library instead of hand-rolled prompts. Look elsewhere if you need guardrails that block attacks at inference time — garak finds weaknesses, it doesn't patch them — or if you expect a polished GUI; it is a CLI whose output is logs and reports, closer to nmap than to a dashboard.

Information

  • Websitegithub.com
  • OrganizationsNVIDIA
  • AuthorsLeon Derczynski, Erick Galinkin, Jeffrey Martin, Subho Majumdar, Nanna Inie, NVIDIA
  • Published date2023/05/10

Categories

More Items

GitHub
AI Infra2025

Defines a vendor-neutral JSON/YAML semantic model specification and tooling to exchange metrics, dimensions, lineage and other business semantics across analytics, AI and BI platforms; includes a core spec, validators, converters (dbt, GoodData, Salesforce) and example models.

GitHub
AI Train2025

An asynchronous, high-throughput framework for large-scale reinforcement learning and agentic training that scales to 1T+ MoE models and 1000+ GPUs, with native verifiers integration, end-to-end SFT/RL/evals, and Slurm/Kubernetes deployment; requires NVIDIA GPUs.

GitHub

Runs a self-hosted meeting bot and transcription API that joins Google Meet, Teams and Zoom and streams speaker-attributed transcripts in real time. Compiles meetings into a git-backed Markdown workspace and runs sandboxed agents on your infrastructure; Apache-2.0 and air-gap capable.