{"id":135081,"url":"https://github.com/devgreick/awesome-llm-security","name":"awesome-llm-security","description":"A curated list of tools, frameworks, and resources for securing LLM applications, agents, and AI infrastructure.","projects_count":68,"last_synced_at":"2026-07-11T15:00:25.974Z","repository":{"id":353834382,"uuid":"1187727434","full_name":"DevGreick/awesome-llm-security","owner":"DevGreick","description":"A curated list of tools, frameworks, and resources for securing LLM applications, agents, and AI infrastructure.","archived":false,"fork":false,"pushed_at":"2026-05-21T04:11:25.000Z","size":42,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-23T11:03:46.829Z","etag":null,"topics":["adversarial-ml","agent-security","ai-security","awesome","awesome-list","devsecops","generative-ai","guardrails","llm","llm-security","mcp-security","owasp","prompt-injection","red-teaming"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DevGreick.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-21T04:33:42.000Z","updated_at":"2026-05-21T04:11:30.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/DevGreick/awesome-llm-security","commit_stats":null,"previous_names":["devgreicklabs/awesome-llm-security","devgreick/awesome-llm-security"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/DevGreick/awesome-llm-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DevGreick%2Fawesome-llm-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DevGreick%2Fawesome-llm-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DevGreick%2Fawesome-llm-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DevGreick%2Fawesome-llm-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DevGreick","download_url":"https://codeload.github.com/DevGreick/awesome-llm-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DevGreick%2Fawesome-llm-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35365809,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-11T02:00:05.354Z","response_time":104,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"created_at":"2026-06-23T11:02:10.472Z","updated_at":"2026-07-11T15:00:25.974Z","primary_language":null,"list_of_lists":false,"displayable":true,"categories":["Commercial Platforms","Learning \u0026 CTF","Model Security","Frameworks \u0026 Standards","Agent \u0026 MCP Security","Red Teaming \u0026 Offensive","LLM-Powered Security Tools","Guardrails \u0026 Defense","RAG Security"],"sub_categories":["Pentesting Assistants","Watermarking \u0026 Detection","Sandboxing \u0026 Isolation","LLM Vulnerability Scanners","Reverse Engineering","Adversarial Robustness","Programmable Guardrails","Jailbreak Frameworks","Model Scanning","Input/Output Scanners","PII \u0026 Data Leakage Prevention","Prompt Injection Testing","Benchmarks \u0026 Datasets","Vulnerability Detection","Agent Scanners","MCP Security"],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"public/banner.svg\" alt=\"awesome-llm-security\" width=\"700\"\u003e\n\n\nA curated list of tools, frameworks, and resources for securing LLMs, AI agents, and GenAI applications.\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n\nCurated by [DevGreick](https://github.com/DevGreick)\n\n\u003c/div\u003e\n\n---\n\n## Why This List?\n\nLLM security is moving fast — new tools, attack vectors, and frameworks appear every week. This list is **practitioner-first**, organized by what you're trying to do, with pricing, maturity badges, opinionated stacks, and getting-started paths. Every entry is something you can install and run today.\n\n\n## Contents\n\n- [Red Teaming \u0026 Offensive](#red-teaming--offensive)\n  - [LLM Vulnerability Scanners](#llm-vulnerability-scanners)\n  - [Jailbreak Frameworks](#jailbreak-frameworks)\n  - [Prompt Injection Testing](#prompt-injection-testing)\n  - [Benchmarks \u0026 Datasets](#benchmarks--datasets)\n- [Guardrails \u0026 Defense](#guardrails--defense)\n  - [Input/Output Scanners](#inputoutput-scanners)\n  - [Programmable Guardrails](#programmable-guardrails)\n  - [PII \u0026 Data Leakage Prevention](#pii--data-leakage-prevention)\n- [Agent \u0026 MCP Security](#agent--mcp-security)\n  - [Agent Scanners](#agent-scanners)\n  - [MCP Security](#mcp-security)\n  - [Sandboxing \u0026 Isolation](#sandboxing--isolation)\n- [Model Security](#model-security)\n  - [Model Scanning](#model-scanning)\n  - [Adversarial Robustness](#adversarial-robustness)\n  - [Watermarking \u0026 Detection](#watermarking--detection)\n- [RAG Security](#rag-security)\n- [LLM-Powered Security Tools](#llm-powered-security-tools)\n  - [Reverse Engineering](#reverse-engineering)\n  - [Vulnerability Detection](#vulnerability-detection)\n  - [Pentesting Assistants](#pentesting-assistants)\n- [Commercial Platforms](#commercial-platforms)\n- [Frameworks \u0026 Standards](#frameworks--standards)\n- [Learning \u0026 CTF](#learning--ctf)\n- [Recommended Stacks](#recommended-stacks)\n- [Contributing](#contributing)\n\n---\n\n\u003e **Legend**\n\u003e\n\u003e | Badge | Meaning |\n\u003e |-------|---------|\n\u003e | 🟢 | Production-ready / Mature |\n\u003e | 🟡 | Beta / Active development |\n\u003e | 🔴 | Alpha / Experimental |\n\u003e | ⭐ | Tested by [DevGreick](https://github.com/DevGreick) |\n\u003e | 🆓 | Free / Open Source |\n\u003e | 💎 | Freemium (free tier + paid features) |\n\u003e | 💰 | Paid / Commercial |\n\n---\n\n## Red Teaming \u0026 Offensive\n\n### LLM Vulnerability Scanners\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [Augustus](https://github.com/a16z-infra/augustus) | LLM security testing with 190+ probes and 28 providers in Go | 🟡 | 🆓 | [GitHub](https://github.com/a16z-infra/augustus) |\n| [Garak](https://github.com/NVIDIA/garak) | NVIDIA's LLM vulnerability scanner with 50+ probe families | 🟢 | 🆓 | [GitHub](https://github.com/NVIDIA/garak) |\n| [Giskard](https://github.com/Giskard-AI/giskard) | Testing and evaluation framework for ML and LLM models | 🟢 | 💎 | [GitHub](https://github.com/Giskard-AI/giskard) |\n| [Promptfoo](https://www.promptfoo.dev/) | Red teaming, pentesting, and vuln scanning for LLMs. Now part of OpenAI | 🟢 | 💎 | [GitHub](https://github.com/promptfoo/promptfoo) |\n| [PyRIT](https://github.com/Azure/PyRIT) | Microsoft's Python Risk Identification Tool for generative AI | 🟢 | 🆓 | [GitHub](https://github.com/Azure/PyRIT) |\n\n### Jailbreak Frameworks\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [EasyJailbreak](https://github.com/EasyJailbreak/EasyJailbreak) | Python framework to generate adversarial jailbreak prompts | 🟢 | 🆓 | [GitHub](https://github.com/EasyJailbreak/EasyJailbreak) |\n| [FuzzyAI](https://github.com/cyberark/FuzzyAI) | CyberArk's automated LLM fuzzer with genetic algorithm mutations | 🟡 | 🆓 | [GitHub](https://github.com/cyberark/FuzzyAI) |\n| [GPTFuzzer](https://github.com/sherdencooper/GPTFuzz) | Auto-generated jailbreak prompts via fuzzing | 🟢 | 🆓 | [GitHub](https://github.com/sherdencooper/GPTFuzz) |\n| [JailbreakBench](https://github.com/JailbreakBench/jailbreakbench) | Open robustness benchmark for jailbreaking (NeurIPS 2024) | 🟢 | 🆓 | [GitHub](https://github.com/JailbreakBench/jailbreakbench) |\n| [Purple Llama](https://github.com/meta-llama/PurpleLlama) | Meta's tools for assessing and improving LLM safety | 🟢 | 🆓 | [GitHub](https://github.com/meta-llama/PurpleLlama) |\n\n### Prompt Injection Testing\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [HouYi](https://github.com/LLMSecurity/HouYi) | Automated prompt injection for LLM-integrated apps | 🟡 | 🆓 | [GitHub](https://github.com/LLMSecurity/HouYi) |\n| [LLMFuzzer](https://github.com/mnns/LLMFuzzer) | Fuzzing framework for LLM API integrations | 🟡 | 🆓 | [GitHub](https://github.com/mnns/LLMFuzzer) |\n| [Open-Prompt-Injection](https://github.com/liu00222/Open-Prompt-Injection) | Benchmark for prompt injection attacks and defenses | 🟢 | 🆓 | [GitHub](https://github.com/liu00222/Open-Prompt-Injection) |\n| [Promptmap](https://github.com/utkusen/promptmap) | Prompt injection scanner for custom LLM apps | 🟡 | 🆓 | [GitHub](https://github.com/utkusen/promptmap) |\n| [ps-fuzz](https://github.com/prompt-security/ps-fuzz) | System prompt hardening and testing tool | 🟡 | 🆓 | [GitHub](https://github.com/prompt-security/ps-fuzz) |\n\n### Benchmarks \u0026 Datasets\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [AgentDojo](https://github.com/ethz-spylab/agentdojo) | Dynamic environment to evaluate attacks/defenses for LLM agents | 🟢 | 🆓 | [GitHub](https://github.com/ethz-spylab/agentdojo) |\n| [CyberSecEval](https://github.com/meta-llama/PurpleLlama/tree/main/CyberSecEval) | Meta's benchmark for LLM cybersecurity risk assessment | 🟢 | 🆓 | [GitHub](https://github.com/meta-llama/PurpleLlama) |\n| [HarmBench](https://github.com/centerforaisafety/HarmBench) | Standardized evaluation for automated red teaming | 🟢 | 🆓 | [GitHub](https://github.com/centerforaisafety/HarmBench) |\n\n---\n\n## Guardrails \u0026 Defense\n\n### Input/Output Scanners\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [APort Agent Guardrails](https://aport.io) | Pre-action authorization guardrails for AI agents and MCP/tool-use workflows. | Runtime authorization guardrails | Runtime authorization guardrails | https://aport.io |\n| [LLM Guard](https://protectai.com/llm-guard) | 35 scanners for prompt injection, PII, toxicity, and secrets | 🟢 | 🆓 | [GitHub](https://github.com/protectai/llm-guard) |\n| [Rebuff](https://github.com/protectai/rebuff) | Self-hardening prompt injection detector with canary tokens | 🟡 | 🆓 | [GitHub](https://github.com/protectai/rebuff) |\n| [TrustGate](https://github.com/trustgate-ai/trustgate) | Generative Application Firewall (GAF) for GenAI apps | 🟡 | 🆓 | [GitHub](https://github.com/trustgate-ai/trustgate) |\n| [Vigil](https://github.com/deadbits/vigil-llm) | Detect prompt injections and jailbreaks via heuristics + YARA | 🟡 | 🆓 | [GitHub](https://github.com/deadbits/vigil-llm) |\n\n### Programmable Guardrails\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [Guardrails AI](https://www.guardrailsai.com/) | Validation framework for LLM outputs with custom validators | 🟢⭐ | 💎 | [GitHub](https://github.com/guardrails-ai/guardrails) |\n| [NeMo Guardrails](https://github.com/NVIDIA/NeMo-Guardrails) | NVIDIA's programmable rails for LLM conversational systems | 🟢 | 🆓 | [GitHub](https://github.com/NVIDIA/NeMo-Guardrails) |\n\n### PII \u0026 Data Leakage Prevention\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [Presidio](https://github.com/microsoft/presidio) | Microsoft's context-aware PII anonymization engine | 🟢 | 🆓 | [GitHub](https://github.com/microsoft/presidio) |\n| [Safe Zone](https://github.com/nicholasgcoles/safe-zone) | Open source PII detection and guardrails engine for LLMs | 🟡 | 🆓 | [GitHub](https://github.com/nicholasgcoles/safe-zone) |\n\n---\n\n## Agent \u0026 MCP Security\n\n### Agent Scanners\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [Aegis](https://github.com/sahil-sagwekar2652/aegis) | Open source EDR for AI agents: process, file, network monitoring | 🟡⭐ | 🆓 | [GitHub](https://github.com/sahil-sagwekar2652/aegis) |\n| [Agentic Radar](https://github.com/splx-ai/agentic-radar) | CLI security scanner for agentic AI workflows | 🟡 | 🆓 | [GitHub](https://github.com/splx-ai/agentic-radar) |\n\n### MCP Security\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [MCP Guardian](https://github.com/eqtylab/mcp-guardian) | Access control and activity monitoring for MCP servers | 🟡 | 🆓 | [GitHub](https://github.com/eqtylab/mcp-guardian) |\n| [MCP Security Checklist](https://github.com/nicholasgcoles/MCP-Security-Checklist) | SlowMist's comprehensive checklist for MCP ecosystem | 🟢 | 🆓 | [GitHub](https://github.com/nicholasgcoles/MCP-Security-Checklist) |\n| [Secure MCP Gateway](https://github.com/nicholasgcoles/secure-mcp-gateway) | Security wrapper with auth and guardrail enforcement for MCP | 🟡 | 🆓 | [GitHub](https://github.com/nicholasgcoles/secure-mcp-gateway) |\n\n### Sandboxing \u0026 Isolation\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [E2B](https://e2b.dev/) | Sandboxed cloud environments for AI agents and code execution | 🟢 | 💎 | [GitHub](https://github.com/e2b-dev/e2b) |\n| [KubeStellar Console](https://github.com/kubestellar/console) | Multi-cluster Kubernetes dashboard with Kyverno policy enforcement, RBAC visualization, supply chain security, and AI/LLM workload access controls. CNCF Sandbox project | 🟡 | 🆓 | [GitHub](https://github.com/kubestellar/console) |\n| [ShellWard](https://github.com/nicholasgcoles/shellward) | AI Agent Security Middleware with 8-layer defense, zero deps | 🟡 | 🆓 | [GitHub](https://github.com/nicholasgcoles/shellward) |\n\n---\n\n## Model Security\n\n### Model Scanning\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [ModelScan](https://github.com/protectai/modelscan) | Scan serialized ML model files for malicious code and backdoors | 🟢 | 🆓 | [GitHub](https://github.com/protectai/modelscan) |\n| [ai-bom](https://github.com/nicholasgcoles/ai-bom) | AI Bill of Materials: discover agents, models, and APIs in your infra | 🟡 | 🆓 | [GitHub](https://github.com/nicholasgcoles/ai-bom) |\n\n### Adversarial Robustness\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [ART](https://github.com/Trusted-AI/adversarial-robustness-toolbox) | IBM's toolbox for evasion, poisoning, extraction, and inference | 🟢 | 🆓 | [GitHub](https://github.com/Trusted-AI/adversarial-robustness-toolbox) |\n| [Counterfit](https://github.com/Azure/counterfit) | Microsoft's CLI for assessing ML model security | 🟡 | 🆓 | [GitHub](https://github.com/Azure/counterfit) |\n| [Foolbox](https://github.com/bethgelab/foolbox) | Adversarial attacks against neural networks in PyTorch/TF/JAX | 🟢 | 🆓 | [GitHub](https://github.com/bethgelab/foolbox) |\n| [TextAttack](https://github.com/QData/TextAttack) | Adversarial attacks and data augmentation for NLP | 🟢 | 🆓 | [GitHub](https://github.com/QData/TextAttack) |\n\n### Watermarking \u0026 Detection\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [GPTZero](https://gptzero.me/) | AI content detection platform | 🟢⭐ | 💎 | [Website](https://gptzero.me/) |\n| [MarkMyWords](https://github.com/julien-c/MarkMyWords) | Open source toolkit for LLM watermarking | 🟡 | 🆓 | [GitHub](https://github.com/julien-c/MarkMyWords) |\n\n---\n\n## RAG Security\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [LangKit](https://github.com/whylabs/langkit) | Open source toolkit for LLM/RAG observability and safety monitoring | 🟢⭐ | 💎 | [GitHub](https://github.com/whylabs/langkit) |\n| [Plexiglass](https://github.com/safellm-2024/plexiglass) | Security toolbox for testing and safeguarding LLMs and RAG | 🟡 | 🆓 | [GitHub](https://github.com/safellm-2024/plexiglass) |\n\n---\n\n## LLM-Powered Security Tools\n\n### Reverse Engineering\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [G-3PO](https://github.com/tenable/G-3PO) | Tenable's AI assistant for analyzing decompiled code in Ghidra | 🟢 | 💎 | [GitHub](https://github.com/tenable/G-3PO) |\n| [Gepetto](https://github.com/JusticeRage/Gepetto) | IDA Pro plugin that queries GPT for explanatory comments | 🟢 | 💎 | [GitHub](https://github.com/JusticeRage/Gepetto) |\n\n### Vulnerability Detection\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [ai for Pwndbg](https://github.com/tenable/pwndbg-ai) | AI debugging sidekick as a Pwndbg command | 🟡 | 🆓 | [GitHub](https://github.com/tenable/pwndbg-ai) |\n| [HackingBuddyGPT](https://github.com/ipa-lab/hackingBuddyGPT) | Automated pentester using LLMs with benchmark dataset | 🟡 | 💎 | [GitHub](https://github.com/ipa-lab/hackingBuddyGPT) |\n\n### Pentesting Assistants\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [PentestGPT](https://github.com/GreyDGL/PentestGPT) | GPT-powered automated penetration testing tool | 🟡⭐ | 💎 | [GitHub](https://github.com/GreyDGL/PentestGPT) |\n\n---\n\n## Commercial Platforms\n\nEnterprise-grade platforms for teams that need managed LLM security at scale.\n\n| Name | Description | Maturity | Pricing | Link |\n|------|-------------|----------|---------|------|\n| [Calypso AI](https://calypsoai.com/) | Real-time AI security platform with policy enforcement and monitoring | 🟢 | 💰 | [Website](https://calypsoai.com/) |\n| [HiddenLayer](https://hiddenlayer.com/) | AI security platform for model protection and threat detection | 🟢 | 💰 | [Website](https://hiddenlayer.com/) |\n| [Lakera](https://www.lakera.ai/) | Real-time AI security API with prompt injection firewall | 🟢 | 💰 | [Website](https://www.lakera.ai/) |\n| [Lasso Security](https://www.lasso.security/) | LLM security for enterprise with data leakage prevention | 🟢 | 💰 | [Website](https://www.lasso.security/) |\n| [Prompt Security](https://www.prompt.security/) | GenAI security platform protecting inputs, outputs, and model access | 🟢 | 💰 | [Website](https://www.prompt.security/) |\n| [Robust Intelligence](https://www.robustintelligence.com/) | AI firewall and continuous validation for production models | 🟢 | 💰 | [Website](https://www.robustintelligence.com/) |\n\n---\n\n## Frameworks \u0026 Standards\n\n| Name | Description | Link |\n|------|-------------|------|\n| [EU AI Act](https://artificialintelligenceact.eu/) | European Union AI regulation | [Website](https://artificialintelligenceact.eu/) |\n| [Google SAIF](https://safety.google/cybersecurity-advancements/saif/) | Secure AI Framework by Google | [Website](https://safety.google/cybersecurity-advancements/saif/) |\n| [MITRE ATLAS](https://atlas.mitre.org/) | Adversarial Threat Landscape for AI Systems | [Website](https://atlas.mitre.org/) |\n| [NIST AI RMF](https://www.nist.gov/artificial-intelligence) | AI Risk Management Framework | [Website](https://www.nist.gov/artificial-intelligence) |\n| [OWASP Top 10 for Agentic AI 2026](https://genai.owasp.org/) | First standard for autonomous AI agent risks (ASI01-ASI10) | [Website](https://genai.owasp.org/) |\n| [OWASP Top 10 for LLM 2025](https://genai.owasp.org/) | Industry standard for LLM application risks (v2.0) | [Website](https://genai.owasp.org/) |\n\n---\n\n## Learning \u0026 CTF\n\n| Name | Description | Pricing | Link |\n|------|-------------|---------|------|\n| [0din GenAI Bug Bounty](https://0din.ai/) | Mozilla's bug bounty program for GenAI model flaws | 🆓 | [Website](https://0din.ai/) |\n| [Damn Vulnerable LLM App](https://github.com/WithSecureLabs/damn-vulnerable-llm-app) | Intentionally vulnerable LLM app for training | 🆓 | [GitHub](https://github.com/WithSecureLabs/damn-vulnerable-llm-app) |\n| [Gandalf](https://gandalf.lakera.ai/) | Prompt injection CTF by Lakera | 🆓 | [Website](https://gandalf.lakera.ai/) |\n| [HackAPrompt](https://www.aicrowd.com/challenges/hackaprompt-2023) | Prompt hacking competition | 🆓 | [Website](https://www.aicrowd.com/challenges/hackaprompt-2023) |\n| [LLMSecurityGuide](https://github.com/requie/LLMSecurityGuide) | Comprehensive guide covering OWASP LLM 2025 + Agentic 2026 | 🆓 | [GitHub](https://github.com/requie/LLMSecurityGuide) |\n| [Prompt Airlines](https://promptairlines.com/) | Hands-on GenAI security challenges | 🆓 | [Website](https://promptairlines.com/) |\n\n---\n\n## Recommended Stacks\n\n### Secure Your LLM App (Minimum Viable Security)\n\n```\n1. LLM Guard       → Input/output scanning (prompt injection, PII, secrets)\n2. NeMo Guardrails → Programmable conversation rails\n3. Gitleaks        → Prevent API keys in prompts/code\n4. Promptfoo       → Red team before deploy\n```\n\n### Full Red Team Pipeline\n\n```\n1. Garak    → Broad vulnerability scan (50+ probes)\n2. PyRIT    → Multi-turn adversarial orchestration\n3. FuzzyAI  → Jailbreak fuzzing with mutations\n4. Promptfoo→ Regression testing in CI/CD\n5. AgentDojo→ Agent-specific attack evaluation\n```\n\n### Agent/MCP Hardening\n\n```\n1. Agentic Radar → Scan agentic workflows\n2. MCP Guardian  → Access control for MCP servers\n3. E2B           → Sandbox code execution\n4. LLM Guard     → Filter agent I/O\n5. ModelScan     → Scan model files before loading\n```\n\n---\n\n## Contributing\n\nContributions are welcome! Please read the [Contributing Guide](CONTRIBUTING.md) before submitting a PR.\n\n## License\n\n[MIT](LICENSE)\n","projects_url":"https://awesome.ecosyste.ms/api/v1/lists/devgreick%2Fawesome-llm-security/projects"}