Topics

PyRIT is Microsoft's open-source AI red teaming framework. Built for enterprise security teams, it has better CI/CD integration than research-first tools. The tradeoff is probe breadth.

Guardrails AI provides a validation layer for LLM outputs — checking format, structure, and content without touching the model. The validator library is extensive. The performance overhead is manageable with the right configuration.

Arize Phoenix is an open-source LLM observability platform that's evolved well beyond its origins as a drift detector. The security-relevant features — hallucination detection, retrieval quality, prompt monitoring — are production-ready.

Rebuff is a self-hosted prompt injection defense with a multi-layer architecture. The heuristics layer is fast; the LLM-based detection adds coverage. Here's the production configuration that made it viable.

Garak is the most comprehensive open-source LLM vulnerability scanner. It was designed for research. Deploying it in CI/CD requires understanding what it's good at and what it's not.

Lakera Guard is purpose-built for prompt injection detection rather than general content moderation. After four months in production, here's where it earns its cost and where it doesn't.

AI security tool demos are optimized for best-case scenarios. A rigorous evaluation requires adversarial test cases, production-realistic inputs, and honest accounting of false positive costs. Here's the framework.

AI Sec Reviews publishes hands-on reviews of AI security products and platforms — deployed against real attack libraries, with the detection and false-positive numbers in the open.