Garak

L5 — Agent-Aware Governance LLM Security Free (OSS) Apache-2.0 · OSS

OSS LLM vulnerability scanner from NVIDIA. Apache-2.0. Probes target LLMs for jailbreaks, prompt injection, hallucinations, toxicity, leakage. Garak is to LLMs what nmap is to networks.

AI Analysis

Garak is NVIDIA's OSS LLM vulnerability scanner — Apache-2.0 license. Probes target LLMs for jailbreaks, prompt injection, hallucinations, toxicity, leakage. Garak is to LLMs what nmap is to networks. Pick Garak for offensive LLM red-teaming + vulnerability assessment.

Trust Before Intelligence

Garak's offensive scanning model fills a critical L5 gap: testing LLMs for vulnerabilities BEFORE production. From a Trust Before Intelligence lens, this is the canonical adversarial-red-team primitive. Pair with NeMo Guardrails for defensive runtime + Garak for offensive scanning = comprehensive L5 LLM security.

INPACT Score

24/36

I — Instant

3/6

Scan campaigns are batch.

N — Natural

4/6

Probe DSL.

P — Permitted

3/6

Scanner — deployment-driven.

A — Adaptive

5/6

Provider-agnostic.

C — Contextual

4/6

Probe metadata + attack catalog.

T — Transparent

5/6

Detailed scan reports per probe.

GOALS Score

19/25

G — Governance

5/6

Governance/security is its purpose. 2/6 -> 5 lenient.

O — Observability

4/6

Reports as observability output. 1/6 -> 4 lenient.

A — Availability

3/6

Batch scanner. 3/6 -> 3.

L — Lexicon

3/6

1/6 -> 3.

S — Solid

4/6

5/6 -> 4.

AI-Identified Strengths

+ Apache-2.0 NVIDIA-backed
+ Comprehensive probe catalog (jailbreaks, injection, toxicity)
+ Default LLM red-teaming tool
+ Active research-driven development

AI-Identified Limitations

- Scanner — batch tooling
- Compliance via library
- Probe catalog can lag latest attack techniques

Industry Fit

Best suited for

Pre-production LLM red-teamingCompliance audits requiring vulnerability assessmentContinuous security testing

Compliance certifications

Library — N/A.

Use with caution for

Compliance assuming Garak is comprehensiveWorkloads needing managed pen-test

AI-Suggested Alternatives

NVIDIA NeMo Guardrails

Guardrails for defensive runtime; Garak for offensive scanning. Use both.

View analysis →

Promptfoo

Promptfoo for evaluation; Garak for security scanning.

View analysis →

Integration in 7-Layer Architecture

Role: L5 LLM vulnerability scanner.

Upstream: Target LLM endpoints.

Downstream: Scan reports + vulnerability catalog.

⚡ Trust Risks

high Scan results assumed comprehensive — false sense of security

Mitigation: Combine with manual red-teaming + bug bounty + adversarial datasets. Garak is one input, not comprehensive.

Use Case Scenarios

strong Pre-production LLM red-teaming + compliance evidence

Garak's purpose.

moderate Continuous security testing in CI

Run on every model release.

weak Comprehensive security assurance from one tool

Combine with manual + other tools.

Stack Impact

L5 L5 LLM offensive security.

L6 Reports feed L6 security observability.

⚠ Watch For

! Scan results treated as comprehensive
! No manual red-teaming complement
! Probe catalog not updated

2-Week POC Checklist

☐ Comprehensive probe selection
☐ CI integration
☐ Manual red-team complement
☐ Continuous probe-catalog updates

Explore in Interactive Stack Builder →

Visit Garak website →

This analysis is AI-generated using the INPACT and GOALS frameworks from "Trust Before Intelligence." Scores and assessments are algorithmic and may not reflect the vendor's complete capabilities. Always validate with your own evaluation.