Skip to content

Garak

Garak is an open-source AI red teaming framework designed to test and evaluate the security and robustness of large language models (LLMs) and AI systems through adversarial testing.

Installation & Setup

Command Description
pip install garak Install Garak via pip
git clone https://github.com/leondz/garak.git Clone from GitHub
cd garak && pip install -e . Install in development mode
garak --help Display help and available options
garak --list-probes List all available probes
garak --list-detectors List all available detectors
garak --list-generators List all available generators

Basic Usage

Command Description
garak --model-type openai --model-name gpt-3.5-turbo Test OpenAI GPT-3.5-turbo
garak --model-type huggingface --model-name microsoft/DialoGPT-medium Test HuggingFace model
garak --model-type replicate --model-name replicate/llama-2-70b-chat Test Replicate model
garak --probes encoding Run encoding vulnerability probes
garak --probes malwaregen Run malware generation probes
garak --probes promptinject Run prompt injection probes

Probe Categories

Security Probes

Command Description
garak --probes encoding.InjectBase64 Test base64 encoding injection
garak --probes encoding.InjectHex Test hexadecimal encoding injection
garak --probes encoding.InjectMorse Test Morse code encoding injection
garak --probes encoding.InjectROT13 Test ROT13 encoding injection
garak --probes malwaregen.Evasion Test malware generation evasion
garak --probes promptinject.AttackPrompt Test prompt injection attacks

Bias and Toxicity Probes

Command Description
garak --probes bias.BiasProbe Test for bias in model responses
garak --probes toxicity.ToxicityProbe Test for toxic content generation
garak --probes hate.HateSpeechProbe Test for hate speech generation
garak --probes discrimination.DiscriminationProbe Test for discriminatory content

Data Leakage Probes

Command Description
garak --probes leakage.PIILeakage Test for PII data leakage
garak --probes leakage.TrainingDataLeakage Test for training data exposure
garak --probes leakage.SystemPromptLeakage Test for system prompt exposure

Advanced Configuration

Command Description
garak --config config.yaml Use custom configuration file
garak --output-dir results/ Specify output directory
garak --report-prefix test_run_ Set report file prefix
garak --parallel-requests 5 Set number of parallel requests
garak --temperature 0.7 Set model temperature
garak --max-tokens 150 Set maximum tokens per response

Custom Probes

Command Description
garak --probes myprobe.CustomProbe Run custom probe
garak --probe-options '{"param": "value"}' Pass parameters to probe
garak --probe-tags security,injection Filter probes by tags

Detectors and Evaluation

Command Description
garak --detectors always.Pass Use always-pass detector
garak --detectors mitigation.MitigationBypass Use mitigation bypass detector
garak --detectors specialwords.SlursReclaimedSlurs Detect slurs and reclaimed slurs
garak --detectors toxicity.ToxicityClassifier Use toxicity classifier

Output and Reporting

Command Description
garak --report-format json Generate JSON report
garak --report-format html Generate HTML report
garak --report-format csv Generate CSV report
garak --verbose Enable verbose output
garak --log-level DEBUG Set debug logging level

Model Integration

OpenAI Models

Command Description
garak --model-type openai --model-name gpt-4 Test GPT-4
garak --model-type openai --model-name gpt-3.5-turbo-16k Test GPT-3.5-turbo with 16k context
export OPENAI_API_KEY=your_key Set OpenAI API key

HuggingFace Models

Command Description
garak --model-type huggingface --model-name facebook/opt-1.3b Test OPT model
garak --model-type huggingface --model-name EleutherAI/gpt-j-6B Test GPT-J model
export HF_TOKEN=your_token Set HuggingFace token

Local Models

Command Description
garak --model-type ggml --model-name path/to/model.bin Test GGML model
garak --model-type llamacpp --model-name path/to/model.gguf Test llama.cpp model

Batch Testing

Command Description
garak --model-list models.txt Test multiple models from file
garak --probe-list probes.txt Run multiple probes from file
garak --generations 10 Set number of generations per probe
garak --seed 42 Set random seed for reproducibility

Security Testing Workflows

Comprehensive Security Scan

Command Description
garak --model-type openai --model-name gpt-4 --probes encoding,malwaregen,promptinject --generations 20 Full security probe suite

Bias and Fairness Testing

Command Description
garak --model-type huggingface --model-name microsoft/DialoGPT-medium --probes bias,toxicity,hate --detectors specialwords Bias testing suite

Data Privacy Testing

Command Description
garak --model-type openai --model-name gpt-3.5-turbo --probes leakage --detectors pii Privacy testing suite

Configuration Files

Basic Config (config.yaml)

model:
  type: openai
  name: gpt-3.5-turbo
  temperature: 0.7
  max_tokens: 150

probes:
  - encoding
  - promptinject
  - malwaregen

detectors:
  - always.Pass
  - mitigation.MitigationBypass

output:
  directory: results/
  format: json
  prefix: garak_test_

Advanced Config

parallel_requests: 5
generations: 10
seed: 42
log_level: INFO

model:
  type: huggingface
  name: microsoft/DialoGPT-medium
  device: cuda
  batch_size: 4

probe_options:
  encoding.InjectBase64:
    payload_count: 50
  promptinject.AttackPrompt:
    attack_types: ["jailbreak", "roleplay"]

Troubleshooting

Command Description
garak --check-models Verify model connectivity
garak --dry-run Test configuration without running probes
garak --debug Enable debug mode
garak --list-model-types Show supported model types
pip install garak[dev] Install with development dependencies

Integration with CI/CD

Command Description
garak --model-type openai --model-name gpt-3.5-turbo --probes security --exit-on-fail Fail CI on security issues
garak --config ci_config.yaml --report-format json > results.json Generate CI-friendly output

Best Practices

  • Always test models before production deployment
  • Use multiple probe categories for comprehensive testing
  • Set appropriate generation counts for statistical significance
  • Configure proper API rate limits to avoid throttling
  • Store sensitive API keys as environment variables
  • Review and analyze generated reports thoroughly
  • Implement continuous testing in development pipelines
  • Document and track security testing results over time