Open-source LLM-security tools, by repository status (2026)
10 open-source LLM-security tools — red-teaming scanners, guardrails, eval frameworks — tracked by license, language, maintainer, and live repository status. 6 are active; the rest are flagged Archived, Dormant, or Ownership changed, so you can tell a live project from a dead one. Last verified 2026-07-13.
| Tool | License | Language | Stars | Last push | Status | Primary use |
|---|---|---|---|---|---|---|
| Agentic Security msoedov (independent maintainer) | Apache-2.0 | Python | 1,925 | 2026-06-23 | Active | Agentic LLM vulnerability scanner / AI red-teaming kit for testing autonomous agent pipelines against security threats |
| garak NVIDIA | Apache-2.0 | Python | 8,401 | 2026-07-10 | Active | LLM vulnerability scanner — automated probing for jailbreaks, prompt injection, data leakage, hallucination, and other failure modes |
| Giskard Giskard AI | Apache-2.0 | Python | 5,506 | 2026-07-10 | Active | Open-source evaluation and testing library for LLM agents/RAG — detects hallucination, bias, prompt injection, and other quality/security issues |
| Guardrails Guardrails AI | Apache-2.0 | Python | 7,130 | 2026-07-10 | Active | Framework for adding structural, type, and quality guardrails to LLM outputs, including input/output validators for security risks like prompt injection and PII leakage |
| LLM Guard Protect AI (a Palo Alto Networks company) | MIT | Python | 3,164 | 2026-07-08 | Archived | Security toolkit for LLM interactions — input/output scanners for prompt injection, PII, toxicity, jailbreaks, and data leakage |
| NeMo Guardrails NVIDIA | Apache-2.0 | Python | 6,669 | 2026-07-10 | Active | Open-source toolkit for adding programmable guardrails (topical, safety, security rails) to LLM-based conversational systems |
| promptfoo Promptfoo (a subsidiary of OpenAI as of March 2026) | MIT | TypeScript | 23,165 | 2026-07-12 | Ownership changed | Prompt/agent/RAG testing and LLM red-teaming — vulnerability scanning, eval, and CI/CD security testing for AI applications |
| PyRIT Microsoft | MIT | Python | 4,086 | 2026-07-12 | Active | Python Risk Identification Tool — open-source framework for red-teaming/risk-identification of generative AI systems |
| Rebuff Protect AI (a Palo Alto Networks company) | Apache-2.0 | TypeScript | 1,511 | 2024-08-07 | Archived | LLM prompt injection detector using heuristics, an LLM-based detector, vector-store similarity, and canary tokens |
| Vigil deadbits (independent maintainer) | Apache-2.0 | Python | 490 | 2024-01-31 | Dormant | Detects prompt injections, jailbreaks, and other risky LLM inputs via a pluggable scanner pipeline |
Last verified . Sources: GitHub API, each project repository and license. Funding and repo figures are third-party and go stale. Re-verify before you rely on them.
Informational, not professional security advice — verify each project's status on GitHub before relying on it. GitHub and the maintainers do not endorse llmthreat.com. OWASP, MITRE, and the listed vendors and maintainers do not endorse llmthreat.com.