Skip to main content

Garak red-teaming evaluation adapter for eval-hub

Project description

TrustyAI Garak: LLM Red Teaming for Eval-Hub

Automated vulnerability scanning and red teaming for Large Language Models using Garak. This package provides a FrameworkAdapter for the eval-hub evaluation platform, enabling garak scans to run as Kubernetes Jobs or via Kubeflow Pipelines.

What It Does

  • 🔍 Vulnerability Assessment: Red-team LLMs for prompt injection, jailbreaks, toxicity, bias and other vulnerabilities
  • 📋 Compliance: OWASP LLM Top 10, AVID taxonomy benchmarks
  • 🎯 Intents-based Testing: Policy taxonomy + SDG + TAPIntent for targeted risk assessment (KFP mode)
  • ☁️ Cloud-Native: Runs on OpenShift AI / Kubernetes as eval-hub jobs
  • 📊 Detailed Reports: JSONL, HTML, and AVID-format reports with MLflow integration

Execution Modes

Mode How Garak Runs Intents Support Use Case
Simple Directly in the eval-hub K8s Job pod No Standard scans
KFP K8s Job submits to Kubeflow Pipelines, polls status Yes Intents/SDG workflows

Installation

# Core (eval-hub adapter with KFP support)
pip install llama-stack-provider-trustyai-garak

# With SDG support (for intents workflows)
pip install "llama-stack-provider-trustyai-garak[sdg]"

# Development
pip install "llama-stack-provider-trustyai-garak[dev]"

Container Image

# Build the eval-hub adapter image
docker build -f Containerfile -t trustyai-garak:dev .

The container runs as:

# Simple mode (garak in same pod)
CMD ["python", "-m", "llama_stack_provider_trustyai_garak.evalhub"]

# KFP mode (garak in a separate KFP pod)
CMD ["python", "-m", "llama_stack_provider_trustyai_garak.evalhub.kfp_adapter"]

Benchmark Profiles

Predefined scan profiles available via benchmark_id:

Profile Description
quick Single DAN probe for fast testing
owasp_llm_top10 OWASP Top 10 for LLM Applications
avid AVID taxonomy — all vulnerabilities
avid_security AVID — security vulnerabilities
avid_ethics AVID — ethical concerns
avid_performance AVID — performance issues
quality Violence, profanity, toxicity, hate speech
cwe Common Weakness Enumeration
intents Intents-based risk assessment (KFP mode only)

Job Spec Configuration

The adapter reads a JobSpec from a mounted ConfigMap:

{
  "id": "scan-001",
  "provider_id": "garak",
  "benchmark_id": "quick",
  "model": {
    "url": "https://my-model-endpoint.example.com/v1",
    "name": "my-model"
  },
  "parameters": {
    "probes": "dan.Dan_11_0",
    "execution_mode": "simple"
  }
}

Parameters

Key parameters in the job spec:

Parameter Description Default
probes Comma-separated probe names Profile default
probe_tags Tag-based probe filtering
execution_mode simple or kfp simple
timeout_seconds Scan timeout Profile default
eval_threshold Vulnerability threshold (0.0–1.0) 0.5
model_type Garak generator type openai.OpenAICompatible
garak_config Full garak config dict (deep-merged onto profile)

Results

The adapter reports EvaluationResult per probe with:

  • attack_success_rate: Percentage of successful attacks
  • vulnerable_responses: Count of vulnerable responses
  • total_attempts: Total probe attempts

Overall metrics include TBSA (Tier-Based Security Aggregate) when available.

Development

make test        # Run all tests
make coverage    # With coverage report
make lint        # ruff check
make format      # ruff format

Support & Documentation

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

llama_stack_provider_trustyai_garak-0.5.0.tar.gz (111.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file llama_stack_provider_trustyai_garak-0.5.0.tar.gz.

File metadata

File hashes

Hashes for llama_stack_provider_trustyai_garak-0.5.0.tar.gz
Algorithm Hash digest
SHA256 28aaad31d25a5e4076a89c0c5e8594f03d8c9b8a6833ceb53982e9c12e57b45f
MD5 6c84c554350ac03a994be07bda2d76d0
BLAKE2b-256 24dd128fb73fde203e116941f2c1dc58735217e5a10634fabb547da204d9dc9e

See more details on using hashes here.

Provenance

The following attestation bundles were made for llama_stack_provider_trustyai_garak-0.5.0.tar.gz:

Publisher: build-and-publish.yaml on trustyai-explainability/llama-stack-provider-trustyai-garak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file llama_stack_provider_trustyai_garak-0.5.0-py3-none-any.whl.

File metadata

File hashes

Hashes for llama_stack_provider_trustyai_garak-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a20924d2dab25350238eedd6592b7bbd057010672d0fe690677a0fb78c0fe3b0
MD5 33806d31dd10191187f3f8cc3b5289bf
BLAKE2b-256 11063bb041127455ae73b55b050fcce1a7db8bfd51df5cb0fc2813167b53e41f

See more details on using hashes here.

Provenance

The following attestation bundles were made for llama_stack_provider_trustyai_garak-0.5.0-py3-none-any.whl:

Publisher: build-and-publish.yaml on trustyai-explainability/llama-stack-provider-trustyai-garak

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page