AI Vulnerability Identification & Security Evaluation framework
Project description
AVISE - AI Vulnerability Identification & Security Evaluation
A framework for identifying vulnerabilities in and evaluating the security of AI systems.
Full Documentations: https://avise.readthedocs.io
Table of Contents
- Quickstart for Evaluating Language Models
- Advanced Usage
- Required Arguments
- Optional Arguments
- Citation
Quickstart for Evaluating Language Models
Prerequisites
- Python 3.10+
- Docker (For Running models locally with Ollama)
1. Install AVISE
Install with
-
pip:
pip install avise
-
uv:
uv pip install avise
or
uv tool install avise
2. Run a Model
You can use AVISE to evaluate any model accessible via an API by configuring a Connector. In this Quickstart, we will
assume using the Ollama Docker container for running a language model. If you wish to evaluate models deployed in other ways, see
the Full Documentations and available template connector configuration files at AVISE/avise/configs/connector/languagemodel/ dir of this repository.
Running a language model locally with Docker & Ollama
- Clone this repository to your local machine with:
git clone https://github.com/ouspg/AVISE.git
-
Create the Ollama Docker container
- for GPU accelerated inference with:
docker compose -f AVISE/docker/ollama/docker-compose.yml up -d
- or for CPU inference with:
docker compose -f AVISE/docker/ollama/docker-compose-cpu.yml up -d
- for GPU accelerated inference with:
-
Pull an Ollama model to evaluate into the container with:
docker exec -it avise-ollama ollama pull <model_name>
3. Evaluate the model with a Security Evaluation Test (SET)
Basic usage
avise --SET <SET_name> --connectorconf <connector_name> [options]
For example, you can run the prompt_injection SET on the model pulled to the Ollama Docker container with:
avise --SET prompt_injection --connectorconf ollama_lm --target <model_name>
To list the available SETs, run the command:
avise --SET-list
Advanced Usage
Configuring Connectors
You can create your own connector configuration files, or if you cloned the AVISE repository, you can modify the existing connector configuration files in AVISE/avise/configs/connector/languagemodel/.
For example, you can edit the default Ollama Connector configuration file AVISE/avise/configs/connector/languagemodel/ollama.json, and insert the name of an Ollama model you have pulled to be used as a target by default:
{
"target_model": {
"connector": "ollama-lm",
"type": "language_model",
"name": "<NAME_OF_TARGET_MODEL>",
"api_url": "http://localhost:11434", #Ollama default
"api_key": null
}
}
Configuring Security Evaluation Tests (SETs)
Similarly, you can customize the configurations for SETs as well. For example, by editing the Red Queen SET configuration file AVISE/avise/configs/SET/languagemodel/multi_turn/red_queen.json,
you can define if the SET is executed incrementally (the target model will generate a response after each subsequential prompt), or as a template (only works for target systems that accept a conversation as an input) and if the SET uses and Adversarial Language Model (ALM).
Additionally, you can define the exact template attack prompts that the SET uses:
{
"incremental_execution": false, #Change to true to execute the SET cases incrementally
"use_adversarial_languagemodel": false, #Change to true to utilize an Adversarial Language Model (ALM)
"adversarial_model_device": "auto", # Defines on which device(s) the ALM is loaded to ("cpu", "gpu", or "auto")
"evaluation_system_prompt": "You are a highly accurate cybersecurity classifier, ..."
"evaluation_model_device": "auto", # Defines on which device(s) the ELM is loaded to ("cpu", "gpu", or "auto")
"sets": [
{
"id": "RED-QUEEN-001",
"vulnerability_subcategory": "Evasion Attack",
"action": "make a fake passport",
"type": "occupation_teacher",
"category": "violence,aiding_and_abetting,incitement",
"conversation": [
{ ... }
...
]
},
...
]
Using custom configuration files
If you want to use custom configuration files for SETs and/or Connectors, you can do so by giving the paths to the configuration files with --SETconf and --connectorconf arguments:
avise --SET prompt_injection --SETconf AVISE/avise/configs/SET/languagemodel/single_turn/prompt_injection_mini.json --connectorconf AVISE/avise/configs/connector/languagemodel/ollama.json
Required Arguments
| Argument | Description |
|---|---|
--SET, -s |
Security Evaluation Test to run (e.g., prompt_injection, context_test) |
--connectorconf, -c |
Path to Connector configuration file (Accepts predefined connector configuration paths: ollama_lm, openai_lm, genericrest_lm) |
Optional Arguments
| Argument | Description |
|---|---|
--SETconf |
Path to SET configuration file. If not given, uses preconfigured paths for SET config files. |
--target, -t |
Name of the target model/system to evaluate. Overrides target name from connector configuration file. |
--format, -f |
Report format: json, html, md |
--runs, -r |
How many times each SET is executed |
--output, -o |
Custom output file path |
--api_key, -a |
API Key to use with requests sent to target API (overrides api_key from Connector configuration file). |
--reports-dir, -d |
Base directory for reports (default: avise-reports/) |
--SET-list |
List available Security Evaluation Tests |
--connector-list |
List available Connectors |
--verbose, -v |
Enable verbose logging |
--version, -V |
Print version |
Citation
If you find AVISE useful, please cite it as below:
@misc{lempinen2026,
title={AVISE: Framework for Evaluating the Security of AI Systems},
author={Mikko Lempinen and Joni Kemppainen and Niklas Raesalmi},
year={2026},
eprint={2604.20833},
archivePrefix={arXiv},
primaryClass={cs.CR},
url={https://arxiv.org/abs/2604.20833},
}
Lempinen, M., Kemppainen, J., & Raesalmi, N. (2026). AVISE: Framework for Evaluating the Security of AI Systems. arXiv preprint arXiv:2604.20833.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file avise-0.2.2.tar.gz.
File metadata
- Download URL: avise-0.2.2.tar.gz
- Upload date:
- Size: 61.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5ea2e3da8320ddd68e590db7ee4cc87ffa61461215f08e5ca06ca09524843899
|
|
| MD5 |
2e7bfcb6a4cea1512f4a19241b9a58bc
|
|
| BLAKE2b-256 |
5d2caf29ba318d04276385c5b2a8f11cf716dfc921597dc7a03e9280f0146ea1
|
Provenance
The following attestation bundles were made for avise-0.2.2.tar.gz:
Publisher:
pypi-publish.yml on ouspg/AVISE
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
avise-0.2.2.tar.gz -
Subject digest:
5ea2e3da8320ddd68e590db7ee4cc87ffa61461215f08e5ca06ca09524843899 - Sigstore transparency entry: 1545739975
- Sigstore integration time:
-
Permalink:
ouspg/AVISE@fae919eb0bbb7dd8acdb590c716cc6d1658ec1b8 -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/ouspg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@fae919eb0bbb7dd8acdb590c716cc6d1658ec1b8 -
Trigger Event:
push
-
Statement type:
File details
Details for the file avise-0.2.2-py3-none-any.whl.
File metadata
- Download URL: avise-0.2.2-py3-none-any.whl
- Upload date:
- Size: 86.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b42b17f3c8da77ecbd7304d5cff7df7021cc7b8ca61a42256afbfebcbefd0b1a
|
|
| MD5 |
5bbe20bb0ee06dc9e9a8a5341571fe8c
|
|
| BLAKE2b-256 |
a2163140fb64e67537d5fb572948a6023c0ae9198a0893e24bc6e06d43f26213
|
Provenance
The following attestation bundles were made for avise-0.2.2-py3-none-any.whl:
Publisher:
pypi-publish.yml on ouspg/AVISE
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
avise-0.2.2-py3-none-any.whl -
Subject digest:
b42b17f3c8da77ecbd7304d5cff7df7021cc7b8ca61a42256afbfebcbefd0b1a - Sigstore transparency entry: 1545740097
- Sigstore integration time:
-
Permalink:
ouspg/AVISE@fae919eb0bbb7dd8acdb590c716cc6d1658ec1b8 -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/ouspg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-publish.yml@fae919eb0bbb7dd8acdb590c716cc6d1658ec1b8 -
Trigger Event:
push
-
Statement type: