garak is NVIDIA’s LLM vulnerability scanner (Apache 2.0) with 120+ probes. ai-blackteam is an independent, vendor-neutral red team framework. Both are Python and both scan models for unsafe behavior.

At a glance

ai-blackteamgarak
LicenseMITApache 2.0
Backed byIndependentNVIDIA
Installpip install ai-blackteampip install garak
Curated attacks1,020120+ probes
Multi-turn / adaptiveCrescendo, TAP, PAIRLimited
Tool-use / agentic39 attacks mapped to OWASP Agentic Top 10Limited agentic coverage
Providers17 (16 vendors + generic HTTP)Many (HF, OpenAI, replicate, etc.)
Compliance mapsOWASP LLM + Agentic, MITRE ATLAS, MLCommons, NIST, EU AI ActProbe-level reporting

When garak fits

  • You want a mature, battle-tested model-level scanner for nightly regression runs
  • You are inside the NVIDIA ecosystem
  • You want a broad sweep of classic probes (encoding, toxicity, leakage)

When ai-blackteam fits

  • You need agentic and tool-use coverage (garak’s weak spot) mapped to the OWASP Agentic Top 10 2026
  • You want adaptive multi-turn attacks (Crescendo, TAP) out of the box
  • You want results mapped to multiple compliance frameworks for audit reporting
  • You want to test your own deployed endpoint, not just a model

Interop

ai-blackteam exports garak-compatible JSONL: 
ai-blackteam report --export garak -o results.jsonl
A common pattern: garak sweeps the model surface, ai-blackteam runs the agentic and adaptive follow-up.