~ / directory / garak
GA
Mixed · AI Red Teaming · reviewed 2026-04

Garak

Leading open-source LLM vulnerability scanner.

Visit garak.ai
01

What it does

The leading open-source LLM vulnerability scanner. Systematically probes language models for prompt injection, data leakage, hallucination, and other vulnerabilities using a library of configurable attack probes and detectors.

02

Security relevance

Garak is the closest thing to an automated vulnerability scanner for LLMs. It maps directly to the OWASP LLM Top 10, testing for prompt injection (LLM01), insecure output handling (LLM02), information disclosure (LLM06), and overreliance (LLM09). Results are structured and reportable.

03

When to use it

Use as a baseline security scan for any LLM deployment. Run it during development to catch obvious vulnerabilities, and periodically in production as models are updated. Requires Python and API access to target models, but the scan configuration is straightforward.

04

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 4 in LLM, 2 in Agentic.

LLM Top 10 · 2025 · 4/10 covered
01
02
03
04
05
06
07
08
09
10
LLM01 · Prompt Injection LLM02 · Sensitive Information Disclosure LLM06 · Excessive Agency LLM09 · Misinformation
Agentic Top 10 · 2026 · 2/10 covered
01
02
03
04
05
06
07
08
09
10
ASI01 · Agent Goal Hijack ASI06 · Memory & Context Poisoning
05

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: Garak
slug: garak
type: Mixed
category: AI Red Teaming
url: https://garak.ai

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM01, LLM02, LLM06, LLM09]
  asi:  [ASI01, ASI06]

complexity:    Guided Setup
pricing:       —
audience:      Red Team
lifecycle:     [test]

tags: [CLI, Open Source, Vuln Scanner]