frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: DeepTeam – Penetration Testing for LLMs

https://github.com/confident-ai/deepteam
3•jeffreyip•1y ago
Hi HN, we’re Jeffrey and Kritin, and we’re building DeepTeam (https://trydeepteam.com), an open-source Python library to scan LLM apps for security vulnerabilities. You can start “penetration testing” by defining a Python callback to your LLM app (e.g. `def model_callback(input: str)`), and DeepTeam will attempt to probe it with prompts designed to elicit unsafe or unintended behavior.

Note that the penetration testing process treats your LLM app as a black-box - which means that DeepTeam will not know whether PII leakage has occurred in a certain tool call or incorporated in the training data of your fine-tuned LLM, but rather just detect that it is present. Internally, we call this process “end-to-end” testing.

Before DeepTeam, we worked on DeepEval, an open-source framework to unit-test LLMs. Some of you might be thinking, well isn’t this kind of similar to unit-testing?

Sort of, but not really. While LLM unit-testing focuses on 1) accurate eval metrics, 2) comprehensive eval datasets, penetration testing focuses on the haphazard simulation of attacks, and the orchestration of it. To users, this was a big and confusing paradigm shift, because it went from “Did this pass?” to “How can this break?”.

So we thought to ourselves, why not just release a new package to orchestrate the simulation of adversarial attacks for this new set of users and teams working specifically on AI safety, and borrow DeepEval’s evals and ecosystem in the process?

Quickstart here: https://www.trydeepteam.com/docs/getting-started#detect-your...

The first thing we did was offer as many attack methods as possible - simple encoding ones like ROT13, leetspeak, to prompt injections, roleplay, and jailbreaking. We then heard folks weren’t happy because the attacks didn’t persist across tests and hence they “lost” their progress every time they tested, and so we added an option to `reuse_simulated_attacks`.

We abstracted everything away to make it as modular as possible - every vulnerability, attack, can be imported in Python as `Bias(type=[“race”])`, `LinearJailbreaking()`, etc. with methods such as `.enhance()` for teams to plug-and-play, build their own test suite, and even to add a few more rounds of attack enhancements to increase the likelihood of breaking your system.

Notably, there are a few limitations. Users might run into compliance errors when attempting to simulate attacks (especially for AzureOpenAI), and so we recommend setting `ignore_errors` to `True` in case that happens. You might also run into bottlenecks where DeepTeam does not cover your custom vulnerability type, and so we shipped a `CustomVulnerability` class as a “catch-all” solution (still in beta).

You might be aware that some packages already exist that do a similar thing, often known as “vulnerability scanning” or “red teaming”. The difference is that DeepTeam is modular, lightweight, and code friendly. Take Nvidia Garak for example, although comprehensive, has so many CLI rules, environments to set up, it is definitely not the easiest to get started, let alone pick the library apart to build your own penetration testing pipeline. In DeepTeam, define a class, wrap it around your own implementations if necessary, and you’re good to go.

We adopted a Apache 2.0 license (for now, and probably in the foreseeable future too), so if you want to get started, `pip install deepteam`, use any LLM for simulation, and you’ll get a full penetration report within 1 minute (assuming you’re running things asynchronously). GitHub: https://github.com/confident-ai/deepteam

Excited to share DeepTeam with everyone here – let us know what you think!

I tracked down an animal abuser using OSINT [video]

https://www.youtube.com/watch?v=nzytWZPyuEw
1•Bender•2m ago•0 comments

Major forest fire only 50km from Paris

https://www.reddit.com/r/paris/s/8wXGehfCCY
1•Arodex•2m ago•0 comments

Separating Logic and Language

https://news.mit.edu/2026/separating-logic-and-language-0708
1•alexwwang•5m ago•0 comments

The Work of Helping A.I. Destroy Work

https://www.nytimes.com/2026/07/10/business/ai-white-collar-jobs.html
1•pseudolus•7m ago•1 comments

Closing a three-year-old issue using Rust arenas

https://giacomocavalieri.me/writing/gleam-rust-arenas
1•ryantsuji•19m ago•0 comments

The great (fire)wall: the technical details behind how China's internet works

https://kylejeong.com/blog/great-firewall
1•Kylejeong21•19m ago•0 comments

Embedcache – Cut embedding API costs by caching redundant requests

https://github.com/Ajay6601/embedcache
1•Ajay3043•20m ago•0 comments

Show HN: Whop Downloader – Bulk save videos from Whop in one click

https://chromewebstore.google.com/detail/whop-downloader/lfnmkoipepgcllbonheeogljjgcjhjaa
1•qwikhost•20m ago•0 comments

Llambda.lisp

http://funcall.blogspot.com/2026/07/llambdalisp.html
2•lemonberry•21m ago•0 comments

Gameboy is back ( no signup)

https://gb.omniiii.com/
3•djxjxjcjcjc•23m ago•0 comments

MacKenzie Scott's Giving, in Quality-Adjusted Life Years (QALYs)

https://maxghenis.com/mackenzie-scott-qaly/
4•383toast•31m ago•1 comments

Performant C/CUDA inference engine for Qwen 3.6 35B on RTX 5090 / Blackwell

https://github.com/ambud/q36
2•ambuds•35m ago•0 comments

Claude Code Usage Global Leaderboard

https://www.claudeusage.com
2•bazarkua•36m ago•0 comments

Apple's "Thermonuclear" Response to OpenAI's Threat

https://www.wsj.com/tech/ai/apples-thermonuclear-response-to-the-openai-threat-8d51c814
4•mful•38m ago•1 comments

Tacit Knowledge

https://en.wikipedia.org/wiki/Tacit_knowledge
11•chistev•38m ago•1 comments

Show HN: Let your coding agent iterate by seeing the browser

https://github.com/puffinsoft/peek-cli
5•G3819•41m ago•0 comments

Quintile – keyboard N×M grid tiling for macOS

https://github.com/stefanopineda/quintile
2•stefanopineda•42m ago•0 comments

Universal Learning of Nonlinear Dynamics

https://arxiv.org/abs/2508.11990
2•E-Reverance•42m ago•0 comments

Collections: How to Polis, 101, Part I: Component Parts

https://acoup.blog/2023/03/10/collections-how-to-polis-101-part-i-component-parts/
2•vinnyglennon•44m ago•0 comments

Matthew Effect

https://en.wikipedia.org/wiki/Matthew_effect
5•chistev•44m ago•0 comments

Nuts News

https://news.nuts.services/
3•kordlessagain•53m ago•0 comments

Australia Tops Claude Usage

https://www.forbes.com.au/news/innovation/australia-is-the-worlds-biggest-claude-user-now-anthrop...
3•ishanz•59m ago•0 comments

AI's Biggest Unlock Isn't Productivity. It's Access to Expertise

https://diviv.substack.com/p/ais-biggest-unlock-isnt-productivity
7•divi_vijay•59m ago•0 comments

Mushroom trip: a mycologist's tour of the Tarkine

https://www.theguardian.com/science/ng-interactive/2026/jul/13/mushroom-trip-a-mycologists-tour-o...
2•Anon84•1h ago•0 comments

Sam Altman and Elon Musk Argue over Who's Running the Bigger Scam

https://daringfireball.net/linked/2026/07/12/altman-musk
10•MaysonL•1h ago•1 comments

Quantum Mechanics May Not Need Imaginary Numbers After All

https://scitechdaily.com/quantum-mechanics-may-not-need-imaginary-numbers-after-all/
2•westurner•1h ago•0 comments

Billion Dollar PDFs

https://billiondollarpdf.com/
28•rafaepta•1h ago•6 comments

OneDev AI: Coding Agents as Teammates in Issues, Pull Requests, and CI

https://onedev.io/blogs/ai-teammates
3•timplant•1h ago•0 comments

Student's £30 device 'translates in real time'

https://www.bbc.com/news/articles/ced47540de2o
4•jethronethro•1h ago•0 comments

Circular Obstacle Pathfinding (2017)

https://redblobgames.github.io/circular-obstacle-pathfinding/
5•andsoitis•1h ago•1 comments