Skip to Content
GlossaryGarak - Glossary

Garak

Back to GlossarySecurity Testing

An open-source LLM vulnerability scanner integrated into Rhesis that tests AI applications for prompt injection, jailbreaks, toxic outputs, and data leakage.

Also known as: Garak scanner, LLM vulnerability scanner

Overview

Garak is one of the most widely used open-source tools for security testing LLM and agentic applications. Rhesis integrates Garak's probe library directly into the platform, giving you access to 65+ security test cases without needing to use the command line or parse JSON output yourself.

What Garak Tests

Garak's probe library covers a wide range of LLM vulnerability categories:

  • Prompt Injection: Attempts to override system instructions through crafted user inputs
  • Jailbreaks: Techniques designed to bypass safety guardrails
  • Toxic Output Generation: Prompts intended to elicit harmful, offensive, or dangerous content
  • Data Leakage: Attempts to extract training data, system prompts, or sensitive information
  • Hallucination Induction: Scenarios that encourage the model to confabulate facts

Using Garak in Rhesis

Import via UI: Navigate to a test set and use the Garak import UI to browse and select probes from Garak's library. Selected probes become test cases in your Rhesis test set.

Execute via Platform: Run Garak-based tests like any other test set—no terminal, no JSON parsing. Results appear in the standard test result view.

Team Collaboration: Review and discuss security findings with your team through Rhesis's comments and task management features.

Detector Metrics: The Rhesis SDK includes built-in support for Garak detector metrics, allowing you to use Garak's scoring logic when evaluating outputs.

CI/CD Integration: Include Garak-based test sets in your automated pipeline to run security scans on every release.

Redis-Cached Probe Enumeration

Garak's probe library is cached in Redis for efficient enumeration, ensuring that browsing and importing probes is fast even for large probe libraries.

Related Concepts

Garak complements Rhesis's standard behavioral testing by adding an adversarial security layer. Use Garak test sets alongside your functional test sets to maintain comprehensive coverage of both correctness and safety.

Best Practices

  • Run Garak probes after every significant model update or system prompt change to catch new vulnerabilities
  • Start with a broad sweep across probe categories to identify the highest-risk areas, then add targeted tests
  • Include Garak test sets in your CI/CD pipeline so security regressions are caught before deployment
  • Review failed probe results with your team to distinguish genuine vulnerabilities from expected refusals

Related Terms

TermsAcknowledgments