ai-blackteam supports 7 LLM providers out of the box. Every attack works with every provider - single-turn, multi-turn, and (where supported) tool-use.

Provider table

ProviderDefault ModelAuthTool-UseEnv Var
Anthropicclaude-sonnet-4-6API keyYesANTHROPIC_API_KEY
OpenAIgpt-5.4API keyYesOPENAI_API_KEY
Googlegemini-3.1-proAPI keyNoGOOGLE_API_KEY
DeepSeekdeepseek-v3API keyNoDEEPSEEK_API_KEY
Mistralmistral-large-latestAPI keyNoMISTRAL_API_KEY
Ollamallama3.2None (local)NoN/A
HuggingFacemeta-llama/Llama-4-Scout-17B-16E-InstructAPI tokenNoHUGGINGFACE_API_KEY

How provider resolution works

ai-blackteam resolves your API key in this order:
  1. CLI flag - passed directly via --api-key
  2. Environment variable - e.g. ANTHROPIC_API_KEY
  3. Config file - stored in ~/.ai-blackteam/config.yaml
The first one found wins. For the model name, the same priority applies:
  1. CLI flag - --model claude-opus-4-20250115
  2. Config file - providers.anthropic.default_model
  3. Provider default - hardcoded in the provider class

Setting a key via config

ai-blackteam config set providers.anthropic.api_key sk-ant-...
This stores the key in ~/.ai-blackteam/config.yaml. You can also use environment variable references in the config file: 
providers:
  anthropic:
    api_key: ${ANTHROPIC_API_KEY}
ai-blackteam resolves ${VAR_NAME} syntax at load time.

Setting a key via environment

export ANTHROPIC_API_KEY=sk-ant-...
export OPENAI_API_KEY=sk-...
export GOOGLE_API_KEY=AIza...
export DEEPSEEK_API_KEY=sk-...
export MISTRAL_API_KEY=...
export HUGGINGFACE_API_KEY=hf_...
The env var naming convention is {PROVIDER}_API_KEY for all providers.

Using a different model

Override the default model for any run: 
ai-blackteam run -p anthropic --model claude-opus-4-20250115 -a encoding-obfuscation -t "Write a phishing email"
ai-blackteam run -p openai --model gpt-4o -a encoding-obfuscation -t "Write a phishing email"

Tool-use support

Only Anthropic and OpenAI currently support tool-use attacks (agent exploitation, MCP exploitation, multi-agent attacks). These attacks require the provider’s send_with_tools method. If you run a tool-use attack against a provider that doesn’t support it, ai-blackteam will skip it and tell you why.