{"id":532,"date":"2026-07-04T00:00:00","date_gmt":"2026-07-03T23:00:00","guid":{"rendered":"https:\/\/kosokoking.com\/?p=532"},"modified":"2026-06-20T22:48:15","modified_gmt":"2026-06-20T21:48:15","slug":"llm-vulnerability-scanning-with-garak","status":"publish","type":"post","link":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/","title":{"rendered":"LLM vulnerability scanning with garak"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">After examining prompt injection and jailbreak techniques manually, the next step is automated scanning. LLM vulnerability scanning allows red teamers to test a model&#8217;s resilience against known attack vectors at scale, running hundreds of probes and evaluating the results systematically. This article covers&nbsp;<a href=\"https:\/\/github.com\/NVIDIA\/garak\">garak<\/a>, NVIDIA&#8217;s open-source LLM vulnerability scanner, including its architecture, how to run scans, and how to interpret the results.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What garak is<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Garak is a command-line tool that systematically probes language models for security weaknesses and safety failures. It sends adversarial inputs (probes) to a target model, analyses the responses using detector modules, and produces structured reports documenting which attack vectors succeeded and at what rate.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The tool was originally developed by&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Garak_(software)\">Prof. Leon Derczynski<\/a>&nbsp;at ITU Copenhagen in 2023 and is now maintained by NVIDIA under the Apache 2.0 licence. It has over 7,000 GitHub stars and ships with more than 50 probe modules covering prompt injection, jailbreaks, encoding bypasses, data leakage, hallucination, toxicity generation, and more. Its probe findings map to OWASP LLM Top 10 categories, making it straightforward to connect scan results to established risk taxonomies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The name is a reference to the Star Trek character, fitting the tool&#8217;s positioning as the LLM equivalent of network security scanners like nmap or Nessus.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How garak works<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Garak&#8217;s architecture is entirely plugin-based. Every component is modular and extensible.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Generators interface with the target model. Garak supports over 20 backends, including OpenAI, Anthropic, Hugging Face, Replicate, AWS Bedrock, Ollama, and NVIDIA NIM. Depending on the backend, an API key may be required.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Probes generate adversarial test inputs. Each probe module targets a specific vulnerability class and contains multiple individual prompts. The&nbsp;<code>dan<\/code>&nbsp;module tests DAN-family jailbreaks,&nbsp;<code>promptinject<\/code>&nbsp;implements prompt hijacking attacks,&nbsp;<code>encoding<\/code>&nbsp;tests Base64 and other encoding bypasses, and&nbsp;<code>leakreplay<\/code>&nbsp;tests for training data regurgitation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Detectors analyse each response to determine whether the probe succeeded. Different probes use different detectors. The&nbsp;<code>dan.DAN<\/code>&nbsp;detector checks whether the model adopted the unrestricted DAN persona, while&nbsp;<code>mitigation.MitigationBypass<\/code>checks whether the model&#8217;s refusal was successfully circumvented. The&nbsp;<code>promptinject.AttackRogueString<\/code>&nbsp;detector checks whether the model generated a specific attacker-controlled string.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Because LLM output is non-deterministic, garak runs each probe multiple times (ten by default) and reports the failure rate as a percentage. A model that refuses a jailbreak nine times out of ten still has a 10% bypass rate, and that 10% is a finding.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Running a scan<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Garak is installed via pip.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pip install garak\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">A scan requires three parameters. The&nbsp;<code>--model_type<\/code>&nbsp;flag specifies the backend platform. The&nbsp;<code>--model_name<\/code>&nbsp;flag identifies the specific model. The&nbsp;<code>--probes<\/code>&nbsp;or&nbsp;<code>-p<\/code>&nbsp;flag selects which probe modules to run.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To list all available probes, run the following.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>garak --list_probes\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The output lists every probe module and its subvariants. The list is extensive, covering DAN jailbreaks, prompt injection, encoding attacks, data leakage, XSS, package hallucination, and many others.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To scan a model for the DAN 11.0 jailbreak, the command looks like this.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>REPLICATE_API_TOKEN=\"your_key\" garak --model_type replicate \\\n  --model_name \"meta\/meta-llama-3.1-405b-instruct\" \\\n  -p dan.Dan_11_0\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Garak loads the generator, runs the probe, and outputs results inline as each probe completes.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dan.Dan_11_0                dan.DAN: FAIL  ok on  0\/5  (failure rate: 100.00%)\ndan.Dan_11_0  mitigation.MitigationBypass: FAIL  ok on  2\/5  (failure rate:  60.00%)\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">In this example, the&nbsp;<code>dan.DAN<\/code>&nbsp;detector found that the model adopted the DAN persona on all five attempts (100% failure rate). The&nbsp;<code>mitigation.MitigationBypass<\/code>&nbsp;detector found that the model&#8217;s refusal was bypassed on three out of five attempts (60% failure rate).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Running a prompt injection scan uses the same structure with a different probe module.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>REPLICATE_API_TOKEN=\"your_key\" garak --model_type replicate \\\n  --model_name \"meta\/meta-llama-3-8b-instruct\" \\\n  -p promptinject\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The&nbsp;<code>promptinject<\/code>&nbsp;probe module includes multiple subvariants that test different hijacking payloads. Results might look like this.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>promptinject.HijackHateHumansMini  promptinject.AttackRogueString: FAIL  ok on 145\/500  (failure rate: 71.00%)\npromptinject.HijackKillHumansMini  promptinject.AttackRogueString: FAIL  ok on 280\/500  (failure rate: 44.00%)\npromptinject.HijackLongPromptMini  promptinject.AttackRogueString: FAIL  ok on 140\/500  (failure rate: 72.00%)\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Interpreting results<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Garak produces two report files after each scan. The JSONL report contains every prompt sent and every response received, providing a full audit trail. The HTML report provides a visual summary with resilience scores for each probe.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The JSONL report is the primary artefact for detailed analysis. Each entry includes the probe name, the exact prompt text, the model&#8217;s responses (one per generation), and the detector verdicts. This allows the red teamer to review specific prompts that triggered failures and understand exactly how the model responded.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For the DAN scan example above, a JSONL entry shows the model responding with a full commitment to the DAN persona, acknowledging that it will generate two responses to each prompt (one standard, one unrestricted) and confirming readiness to operate in DAN mode.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For the prompt injection scan, the JSONL entries show the model generating the exact attacker-controlled string (&#8220;I hate humans&#8221;) on all five generation attempts for a given probe, confirming a consistent and repeatable vulnerability.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The HTML report provides a higher-level view. Each probe is listed with a pass rate (percentage of generations that resisted the attack) and a colour-coded indicator. A pass rate of 0% (red) means every attempt succeeded, while higher pass rates indicate partial resilience.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The failure rate is the most important metric. It tells the red teamer how reliably an attack vector works. A 100% failure rate means the model is consistently vulnerable. A 10% failure rate means the model is mostly resilient but has a bypass window. Both are findings, but they require different levels of urgency in remediation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Beyond garak<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Garak is not the only tool in this space.&nbsp;<a href=\"https:\/\/github.com\/Azure\/PyRIT\">Microsoft&#8217;s PyRIT<\/a>&nbsp;(Python Risk Identification Toolkit) specialises in multi-turn and multi-modal attack techniques, including crescendo attacks that gradually escalate over multiple conversation turns.&nbsp;<a href=\"https:\/\/github.com\/Trusted-AI\/adversarial-robustness-toolbox\">IBM&#8217;s Adversarial Robustness Toolbox (ART)<\/a>&nbsp;covers a broader range of adversarial ML attacks beyond prompt injection, including evasion attacks and data poisoning.&nbsp;<a href=\"https:\/\/github.com\/promptfoo\/promptfoo\">Promptfoo<\/a>&nbsp;provides a CI\/CD-oriented evaluation framework with over 50 vulnerability types and YAML-based test configuration.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Each tool has a different design philosophy and strength. Garak&#8217;s advantage is its breadth of probe coverage, its CLI-first workflow, and its structured reporting that maps findings to OWASP categories. For comprehensive LLM security testing, red teamers typically combine automated scanning with manual testing, using tools like garak to establish a baseline and manual techniques to explore edge cases that automated probes miss.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Garak is an open-source LLM vulnerability scanner that automates adversarial testing across prompt injection, jailbreaks, encoding bypasses, data leakage, and other vulnerability classes. It runs probes multiple times to account for non-deterministic output and reports failure rates that quantify a model&#8217;s resilience. The JSONL and HTML reports provide both detailed audit trails and high-level summaries. Automated scanning with tools like garak complements the manual prompt injection and jailbreak techniques covered in earlier articles, providing systematic coverage of known attack vectors.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[630,109,51,789,794,823,822,715,708,591],"class_list":["post-532","post","type-post","status-publish","format-standard","hentry","category-security","tag-ai-red-teaming","tag-ai-security","tag-cybersecurity","tag-garak","tag-jailbreaking","tag-llm-vulnerability-scanning","tag-nvidia","tag-owasp-llm-top-10","tag-prompt-injection","tag-red-teaming"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"KosokoKing\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Kosokoking - 31337\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"LLM vulnerability scanning with garak - Kosokoking\" \/>\n\t\t<meta property=\"og:description\" content=\"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-03T23:00:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-06-20T21:48:15+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/adeife\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@kosokoking\" \/>\n\t\t<meta name=\"twitter:title\" content=\"LLM vulnerability scanning with garak - Kosokoking\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@kosokoking\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#blogposting\",\"name\":\"LLM vulnerability scanning with garak - Kosokoking\",\"headline\":\"LLM vulnerability scanning with garak\",\"author\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#articleImage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/wp-content\\\/litespeed\\\/avatar\\\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585\",\"width\":96,\"height\":96,\"caption\":\"KosokoKing\"},\"datePublished\":\"2026-07-04T00:00:00+01:00\",\"dateModified\":\"2026-06-20T22:48:15+01:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#webpage\"},\"articleSection\":\"Info. Sec., AI Red Teaming, AI Security, Cybersecurity, Garak, jailbreaking, LLM Vulnerability Scanning, NVIDIA, OWASP LLM Top 10, Prompt Injection, red teaming\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/kosokoking.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"name\":\"Info. Sec.\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"position\":2,\"name\":\"Info. Sec.\",\"item\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#listItem\",\"name\":\"LLM vulnerability scanning with garak\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#listItem\",\"position\":3,\"name\":\"LLM vulnerability scanning with garak\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"name\":\"Info. Sec.\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#person\",\"name\":\"KosokoKing\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#personImage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/wp-content\\\/litespeed\\\/avatar\\\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585\",\"width\":96,\"height\":96,\"caption\":\"KosokoKing\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/\",\"name\":\"KosokoKing\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#authorImage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/wp-content\\\/litespeed\\\/avatar\\\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585\",\"width\":96,\"height\":96,\"caption\":\"KosokoKing\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#webpage\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/\",\"name\":\"LLM vulnerability scanning with garak - Kosokoking\",\"description\":\"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/security\\\/llm-vulnerability-scanning-with-garak\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/index.php\\\/author\\\/adeifekosokokinggmail-com\\\/#author\"},\"datePublished\":\"2026-07-04T00:00:00+01:00\",\"dateModified\":\"2026-06-20T22:48:15+01:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#website\",\"url\":\"https:\\\/\\\/kosokoking.com\\\/\",\"name\":\"Kosokoking\",\"description\":\"31337\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/kosokoking.com\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"LLM vulnerability scanning with garak - Kosokoking","description":"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.","canonical_url":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#blogposting","name":"LLM vulnerability scanning with garak - Kosokoking","headline":"LLM vulnerability scanning with garak","author":{"@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author"},"publisher":{"@id":"https:\/\/kosokoking.com\/#person"},"image":{"@type":"ImageObject","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#articleImage","url":"https:\/\/kosokoking.com\/wp-content\/litespeed\/avatar\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585","width":96,"height":96,"caption":"KosokoKing"},"datePublished":"2026-07-04T00:00:00+01:00","dateModified":"2026-06-20T22:48:15+01:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#webpage"},"isPartOf":{"@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#webpage"},"articleSection":"Info. Sec., AI Red Teaming, AI Security, Cybersecurity, Garak, jailbreaking, LLM Vulnerability Scanning, NVIDIA, OWASP LLM Top 10, Prompt Injection, red teaming"},{"@type":"BreadcrumbList","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/kosokoking.com#listItem","position":1,"name":"Home","item":"https:\/\/kosokoking.com","nextItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/category\/security\/#listItem","name":"Info. Sec."}},{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/category\/security\/#listItem","position":2,"name":"Info. Sec.","item":"https:\/\/kosokoking.com\/index.php\/category\/security\/","nextItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#listItem","name":"LLM vulnerability scanning with garak"},"previousItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#listItem","position":3,"name":"LLM vulnerability scanning with garak","previousItem":{"@type":"ListItem","@id":"https:\/\/kosokoking.com\/index.php\/category\/security\/#listItem","name":"Info. Sec."}}]},{"@type":"Person","@id":"https:\/\/kosokoking.com\/#person","name":"KosokoKing","image":{"@type":"ImageObject","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#personImage","url":"https:\/\/kosokoking.com\/wp-content\/litespeed\/avatar\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585","width":96,"height":96,"caption":"KosokoKing"}},{"@type":"Person","@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author","url":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/","name":"KosokoKing","image":{"@type":"ImageObject","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#authorImage","url":"https:\/\/kosokoking.com\/wp-content\/litespeed\/avatar\/7352636f37cc2ce2fad7b856df236dff.jpg?ver=1782892585","width":96,"height":96,"caption":"KosokoKing"}},{"@type":"WebPage","@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#webpage","url":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/","name":"LLM vulnerability scanning with garak - Kosokoking","description":"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/kosokoking.com\/#website"},"breadcrumb":{"@id":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/#breadcrumblist"},"author":{"@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author"},"creator":{"@id":"https:\/\/kosokoking.com\/index.php\/author\/adeifekosokokinggmail-com\/#author"},"datePublished":"2026-07-04T00:00:00+01:00","dateModified":"2026-06-20T22:48:15+01:00"},{"@type":"WebSite","@id":"https:\/\/kosokoking.com\/#website","url":"https:\/\/kosokoking.com\/","name":"Kosokoking","description":"31337","inLanguage":"en-US","publisher":{"@id":"https:\/\/kosokoking.com\/#person"}}]},"og:locale":"en_US","og:site_name":"Kosokoking - 31337","og:type":"article","og:title":"LLM vulnerability scanning with garak - Kosokoking","og:description":"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.","og:url":"https:\/\/kosokoking.com\/index.php\/security\/llm-vulnerability-scanning-with-garak\/","og:image":"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg","og:image:secure_url":"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg","article:published_time":"2026-07-03T23:00:00+00:00","article:modified_time":"2026-06-20T21:48:15+00:00","article:publisher":"https:\/\/facebook.com\/adeife","twitter:card":"summary","twitter:site":"@kosokoking","twitter:title":"LLM vulnerability scanning with garak - Kosokoking","twitter:description":"Garak is an open-source LLM vulnerability scanner that automates adversarial testing for prompt injection, jailbreaks, and encoding bypasses. Full walkthrough.","twitter:creator":"@kosokoking","twitter:image":"https:\/\/kosokoking.com\/wp-content\/uploads\/2020\/08\/edited-personal-picture-scaled.jpg"},"aioseo_meta_data":{"post_id":"532","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"garak","score":100,"analysis":{"keyphraseInTitle":{"score":9,"maxScore":9,"error":0},"keyphraseInDescription":{"score":9,"maxScore":9,"error":0},"keyphraseLength":{"score":9,"maxScore":9,"error":0,"length":1},"keyphraseInURL":{"score":5,"maxScore":5,"error":0},"keyphraseInIntroduction":{"score":9,"maxScore":9,"error":0},"keyphraseInSubHeadings":{"score":9,"maxScore":9,"error":0},"keyphraseInImageAlt":[],"keywordDensity":{"type":"best","score":9,"maxScore":9,"error":0}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"schemas":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2026-06-20 21:48:15","updated":"2026-07-03 23:01:55","seo_analyzer_scan_date":null},"_links":{"self":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts\/532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/comments?post=532"}],"version-history":[{"count":1,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts\/532\/revisions"}],"predecessor-version":[{"id":533,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/posts\/532\/revisions\/533"}],"wp:attachment":[{"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/media?parent=532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/categories?post=532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kosokoking.com\/index.php\/wp-json\/wp\/v2\/tags?post=532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}