🐢 Open-Source Evaluation & Testing for AI & LLM systems

a security scanner for custom LLM applications

A security scanner for your LLM agentic workflows

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

RuLES: a benchmark for evaluating rule-following in language models

All-in-one offensive security toolbox with AI agent and MCP architecture. Integrates tools like Nmap, Metasploit, FFUF, SQLMap. Enables pentesting, bug bounty hunting, threat hunting, and reporting. RAG-based responses with local knowledge base support.

Build Secure and Compliant AI agents and MCP Servers. YC W23

Framework for testing vulnerabilities of large language models (LLM).

[CCS'24] SafeGen: Mitigating Unsafe Content Generation in Text-to-Image Models

Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and folks who want to know what's going on inside the LLM-based app they use daily

The official implementation of the CCS'23 paper, Narcissus clean-label backdoor attack -- only takes THREE images to poison a face recognition dataset in a clean-label way and achieves a 99.89% attack success rate.

PyInstaCrack: Ultimate Instagram hacking suite. Python-driven, AI-enhanced, brute-force chaos. Stealth ops, ethical only. Slice through defenses like a cyber god! ☠️

ATLAS tactics, techniques, and case studies data

Code for "Adversarial attack by dropping information." (ICCV 2021)

Train AI (Keras + Tensorflow) to defend apps with Django REST Framework + Celery + Swagger + JWT - deploys to Kubernetes and OpenShift Container Platform

Code scanner to check for issues in prompts and LLM calls

Performing website vulnerability scanning using OpenAI technologie

Unofficial pytorch implementation of paper: Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

[NDSS'24] Inaudible Adversarial Perturbation: Manipulating the Recognition of User Speech in Real Time

PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.