Question 1

How to use Garak with a local gguf model like llama.cpp?

Accepted Answer

Set the GGML_MAIN_PATH environment variable to the llama.cpp executable and use --target_type ggml with --target_name pointing to the model file, as described in the generators section.

Question 2

Garak vs manual red-teaming: which is more thorough for LLM security?

Accepted Answer

Garak automates systematic probing with a wide range of attacks, making it more scalable and consistent, but manual testing can uncover nuanced, context-specific vulnerabilities that automated tools might miss.

Question 3

How to interpret the JSONL reports from Garak?

Accepted Answer

The JSONL files contain structured logs of each probing attempt with status fields; use the provided analyse_log.py script or parse them for hits, failures, and debugging details.

Question 4

Can Garak test for custom prompt injection techniques?

Accepted Answer

Yes, via its plugin architecture—you can write custom probes by inheriting from base classes and implementing specific attack vectors, as outlined in the development guide.

Question 5

What are the API costs when using Garak with OpenAI or AWS Bedrock?

Accepted Answer

Garak itself is free, but probing commercial models incurs standard API fees from providers like OpenAI or AWS, so budget based on the number of generations and probes run.

Question 6

How to integrate Garak into a CI/CD pipeline?

Accepted Answer

Run Garak as a command-line step in your pipeline, using environment variables for API keys and parsing the JSONL output for automated security checks, though setup requires careful scripting.

Garak

What is Garak?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions