StackMap
Subscribe

deepteam vs garak

Open-source red-teaming framework for LLM systems: 50+ vulnerabilities, jailbreak/injection/multi-turn attacks against agents, RAG pipelines and chatbots — plus guardrails. Runs locally. — versus — NVIDIA's LLM vulnerability scanner: nmap-style probing for jailbreaks, prompt injection, data leakage, toxicity and hallucination across dozens of model endpoints.

The curated verdict

Same job — adversarial testing of LLM systems. garak is the nmap-style scanner you point at a model endpoint; DeepTeam is the framework you embed in your eval suite, with attack simulation and guardrails in one loop.

deepteamgarak
Stars2.2k8.5k
Forks3631.1k
LanguagePythonPython
LicenseApache-2.0Apache-2.0
Last activity9 days ago3 days ago
Topicssecurity, evalssecurity
Curated connections24

deepteam — the curator's take

Penetration testing for LLM apps with a framework's ergonomics: pick from 50+ documented vulnerabilities (bias, PII leakage, SQL injection via prompt) and simulated attacks including multi-turn exploitation, run locally, then wire the matching guardrails. Built on DeepEval, so red-team results plug into an eval workflow rather than dying in a report. NOT neutral infrastructure — it funnels toward the Confident AI platform for storing results (self-host your own reporting if that matters), and like every attack library it tests known patterns: a clean run is a floor, not a clearance.

garak — the curator's take

Run it before anything LLM-shaped ships: static, dynamic and adaptive probes for jailbreaks, injection, leakage and toxicity, with reports that name the failing probe and prompt — nmap for language models. Speaks to HF, OpenAI-compatible, Ollama and REST endpoints, so it tests what you actually deploy. NOT a guardrail — it finds holes, it doesn't plug them (pair with a runtime defense); a full probe run takes hours, and a clean scan tests the MODEL, not your product logic around it. Authorized targets only.