All posts
-
Best AI Security Testing Tools 2026: Red Teaming and LLM Vulnerability Scanners Compared
A practitioner's comparison of the best AI security testing tools in 2026 — open-source scanners, commercial red-teaming platforms, and how to match each
-
OWASP LLM Top 10 Mitigation Guide: Controls for Every Risk Category (2025 Edition)
A practitioner's OWASP LLM Top 10 mitigation guide covering all ten 2025 risk categories — prompt injection through unbounded consumption — with concrete
-
Patronus AI Review: Automated LLM Evaluation and Guardrails
A review of Patronus AI's evaluation platform — the Lynx hallucination model, the Glider custom evaluator, the built-in judge and safety evaluators, and
-
Protect AI's ModelScan and NB Defense: Open-Source AI Supply-Chain Scanning
A hands-on review of Protect AI's two best-known open-source tools — ModelScan for model serialization attacks and NB Defense for Jupyter notebooks.
-
Robust Intelligence (Now Cisco AI Defense): What the Platform Actually Covers
A conservative review of Robust Intelligence — the AI security pioneer now part of Cisco AI Defense. Algorithmic red teaming, AI Validation, model file
-
Giskard Review: Open-Source Testing and Evaluation for LLM and RAG Apps
A long-form review of Giskard, the open-source Python library for testing AI systems. Its automated Scan for LLM vulnerabilities, the RAGET RAG-evaluation
-
Garak Deep Dive: Architecture, Probes, and Operating the NVIDIA LLM Scanner
A hands-on, long-form review of garak — NVIDIA's open-source LLM vulnerability scanner. How its probe/detector/generator/buff architecture actually works
-
PyRIT Deep Dive: Microsoft's AI Red Teaming Framework in Practice
A long-form review of PyRIT, Microsoft's open-source AI red teaming framework. Its orchestrator/target/converter/scorer/memory architecture, multi-turn
-
How to Evaluate AI Security Tools Without Getting Fooled
AI security tool demos are optimized for best-case scenarios. A rigorous evaluation requires adversarial test cases, production-realistic inputs, and
-
PyRIT: Microsoft's AI Red Teaming Tool in Security Workflows
PyRIT is Microsoft's open-source AI red teaming framework. Built for enterprise security teams, it has better CI/CD integration than research-first tools.
-
Guardrails AI: Output Validation That Doesn't Require Retraining
Guardrails AI provides a validation layer for LLM outputs — checking format, structure, and content without touching the model.
-
Arize Phoenix: LLM Observability That's Actually Free
Arize Phoenix is an open-source LLM observability platform that's evolved well beyond its origins as a drift detector.
-
Garak LLM Scanner: Production-Grade Red Teaming or Research Tool?
Garak is the most comprehensive open-source LLM vulnerability scanner. It was designed for research. Deploying it in CI/CD requires understanding what
-
Rebuff: Open-Source Prompt Injection Defense, Layer by Layer
Rebuff is a self-hosted prompt injection detector with a four-layer architecture: heuristics, LLM-based detection, a vector database of past attacks, and
-
Lakera Guard: Prompt Injection Detection in Practice
Lakera Guard is purpose-built for prompt injection detection rather than general content moderation. A documentation- and feature-based look at what it