llmthreat
For vendors 21 vendors · 10 tools Matrix Vendors

Giskard is an AI Red Teaming vendor based in Paris, France. Its flagship product is Giskard Hub (LLM red teaming and evaluation platform) + Giskard open-source library. Against the OWASP LLM Top 10 (2025) we score it Covered on 4 of 10 risks, Partial on 4, with 6 MITRE ATLAS techniques mapped as of . It's independent.

4/10
Risks covered
4
Partial
6
ATLAS techniques
€7.5M + $5M round (2025)
Funding
Active
Status

At a glance

Category
AI Red Teaming
Headquarters
Paris, France
Founded
2021
Employees
11-50
Flagship product
Giskard Hub (LLM red teaming and evaluation platform) + Giskard open-source library
Deployment
SaaS (Giskard Hub, EU/US data residency), self-hosted/on-premise, open-source library
Best for
ML/AI teams needing continuous, automated red teaming and hallucination/robustness testing before and after deployment, with open-source and sovereign options
Funding to date
€7.5M + $5M round (2025)
Last round
$5M round · 2025-02
Status
Active

Facts as of .

What does Giskard do?

An open-source testing library at heart with a SaaS platform on top; red-teams LLMs and agents for hallucination, bias, and injection. It ships as SaaS (Giskard Hub, EU/US data residency), self-hosted/on-premise, open-source library, and it's built for mL/AI teams needing continuous, automated red teaming and hallucination/robustness testing before and after deployment, with open-source and sovereign options. It's a weaker fit for teams seeking an inline runtime firewall/guardrail that blocks attacks in production rather than a pre-deployment testing and evaluation tool.

Which OWASP LLM Top 10 risks does Giskard cover?

Giskard's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of Giskard's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.

OWASP LLM Top 10 (2025) coverage — as of 2026-07-13
OWASP LLM Risk What it is Giskard coverage How it's addressed Source
LLM01 Prompt Injection User or hidden input overrides the model's rules or intended behavior. Covered Automatically generates prompt-injection test cases against agents via API. https://www.giskard.ai/
LLM02 Sensitive Information Disclosure The model leaks secrets, personal data, or proprietary content in its output. Covered Tests for data disclosure / sensitive-information extraction. https://www.giskard.ai/
LLM03 Supply Chain Compromised models, datasets, plugins, or dependencies add risk before runtime. Not covered Giskard's documented scan vulnerability-category list (Prompt Injection, Hallucination/Misinformation, Excessive Agency, System Prompt Leakage, Data Privacy Exfiltration, Denial of Service, etc.) contains no AI/ML supply-chain or dependency/model-artifact scanning category. https://docs.giskard.ai/hub/ui/scan/vulnerability-categories/
LLM04 Data and Model Poisoning Tampered training or fine-tuning data corrupts how the model behaves. Not covered Same documented vulnerability-category list has no training-data or model-poisoning detector; the platform evaluates already-deployed model/agent behavior rather than training-pipeline integrity. https://docs.giskard.ai/hub/ui/scan/vulnerability-categories/
LLM05 Improper Output Handling Downstream systems trust model output without checking it, enabling injection or code execution. Partial Detects inappropriate/harmful content generation; does not cover downstream output-handling (XSS/SQLi) in consuming systems. https://www.giskard.ai/
LLM06 Excessive Agency An agent holds more permissions, tools, or autonomy than the task needs. Partial Black-box red teaming of AI agents including tools; agent-scope/excessive-agency testing not explicitly detailed. https://docs.giskard.ai/
LLM07 System Prompt Leakage The system prompt or the secrets inside it get exposed to users. Partial Data-disclosure testing covers information extraction, which includes system-prompt leakage paths. https://www.giskard.ai/
LLM08 Vector and Embedding Weaknesses Flaws in RAG stores let attackers poison, extract, or infer data. Partial RAG evaluation toolkit (RAGET) tests retrieval quality; embedding-security weaknesses not specifically addressed. https://docs.giskard.ai/
LLM09 Misinformation The model produces false or fabricated content that users act on. Covered Hallucination, sycophancy, contradiction and omission detection. https://www.giskard.ai/
LLM10 Unbounded Consumption Uncontrolled requests drive cost, denial of service, or model extraction. Covered Dedicated documentation page 'Denial of Service (OWASP LLM 10)' describes scanner tests for resource-exhaustion/performance-degradation attacks. https://docs.giskard.ai/hub/ui/scan/vulnerability-categories/denial-of-service.html
MITRE ATLAS coverage — as of 2026-07-13
ATLAS Technique (ID) Tactic Giskard coverage Notes Source
LLM Prompt Injection (AML.T0051) Initial Access / Execution Covered Generates prompt-injection test cases against target agents. https://www.giskard.ai/
LLM Jailbreak (AML.T0054) Defense Evasion / Privilege Escalation Covered Tests jailbreaking vulnerabilities. https://www.giskard.ai/
LLM Data Leakage (AML.T0057) Exfiltration Covered Tests data disclosure / sensitive-info extraction. https://www.giskard.ai/
Craft Adversarial Data (AML.T0043) ML Attack Staging Covered Automated adversarial test-case generation. https://www.giskard.ai/
External Harms (AML.T0048) Impact Partial Detects harmful/inappropriate content and bias. https://www.giskard.ai/
Discover LLM Hallucinations (AML.T0062) Discovery Covered Hallucination detection is a core capability. https://www.giskard.ai/

Is Giskard independent, and how is it funded?

Giskard is an independent company as of . It has raised €7.5M + $5M round (2025) to date, most recently a $5M round dated 2025-02. Lead investors: Elaia, Bessemer Venture Partners.

Giskard alternatives

The closest alternatives we track in AI Red Teaming are CalypsoAI, Mindgard, Robust Intelligence. On the open-source side, garak covers similar ground.

Frequently asked questions

What is Giskard used for?

Giskard is an AI Red Teaming vendor. Its flagship product is Giskard Hub (LLM red teaming and evaluation platform) + Giskard open-source library. It ships as SaaS (Giskard Hub, EU/US data residency), self-hosted/on-premise, open-source library, and it's built for mL/AI teams needing continuous, automated red teaming and hallucination/robustness testing before and after deployment, with open-source and sovereign options.

Is Giskard independent or acquired?

Giskard is an independent company as of 2026-07-13 and has not been acquired.

How many OWASP LLM Top 10 risks does Giskard cover?

We score Giskard as Covered on 4 of the ten OWASP LLM Top 10 (2025) risks, with 4 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.

How is Giskard deployed?

Giskard ships as SaaS (Giskard Hub, EU/US data residency), self-hosted/on-premise, open-source library.

What are the best alternatives to Giskard?

The closest AI Red Teaming alternatives llmthreat tracks are CalypsoAI, Mindgard, Robust Intelligence. On the open-source side, garak covers similar ground.

Last verified . Sources: https://www.giskard.ai/, https://www.giskard.ai/about, https://docs.giskard.ai/, https://www.crunchbase.com/organization/giskard-ai, https://tech.eu/2026/05/07/meet-the-french-startup-fixing-the-guardrail-gap-holding-enterprise-ai-back/. Funding and repo figures are third-party and go stale. Re-verify before you rely on them.
Informational, not professional security advice — verify Giskard's claims and threat coverage against the official OWASP and MITRE sources and the vendor directly before making a purchasing or security decision. OWASP, MITRE, and the listed vendors and maintainers do not endorse llmthreat.com.