frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: DeepTeam – Penetration Testing for LLMs

https://github.com/confident-ai/deepteam
3•jeffreyip•1y ago
Hi HN, we’re Jeffrey and Kritin, and we’re building DeepTeam (https://trydeepteam.com), an open-source Python library to scan LLM apps for security vulnerabilities. You can start “penetration testing” by defining a Python callback to your LLM app (e.g. `def model_callback(input: str)`), and DeepTeam will attempt to probe it with prompts designed to elicit unsafe or unintended behavior.

Note that the penetration testing process treats your LLM app as a black-box - which means that DeepTeam will not know whether PII leakage has occurred in a certain tool call or incorporated in the training data of your fine-tuned LLM, but rather just detect that it is present. Internally, we call this process “end-to-end” testing.

Before DeepTeam, we worked on DeepEval, an open-source framework to unit-test LLMs. Some of you might be thinking, well isn’t this kind of similar to unit-testing?

Sort of, but not really. While LLM unit-testing focuses on 1) accurate eval metrics, 2) comprehensive eval datasets, penetration testing focuses on the haphazard simulation of attacks, and the orchestration of it. To users, this was a big and confusing paradigm shift, because it went from “Did this pass?” to “How can this break?”.

So we thought to ourselves, why not just release a new package to orchestrate the simulation of adversarial attacks for this new set of users and teams working specifically on AI safety, and borrow DeepEval’s evals and ecosystem in the process?

Quickstart here: https://www.trydeepteam.com/docs/getting-started#detect-your...

The first thing we did was offer as many attack methods as possible - simple encoding ones like ROT13, leetspeak, to prompt injections, roleplay, and jailbreaking. We then heard folks weren’t happy because the attacks didn’t persist across tests and hence they “lost” their progress every time they tested, and so we added an option to `reuse_simulated_attacks`.

We abstracted everything away to make it as modular as possible - every vulnerability, attack, can be imported in Python as `Bias(type=[“race”])`, `LinearJailbreaking()`, etc. with methods such as `.enhance()` for teams to plug-and-play, build their own test suite, and even to add a few more rounds of attack enhancements to increase the likelihood of breaking your system.

Notably, there are a few limitations. Users might run into compliance errors when attempting to simulate attacks (especially for AzureOpenAI), and so we recommend setting `ignore_errors` to `True` in case that happens. You might also run into bottlenecks where DeepTeam does not cover your custom vulnerability type, and so we shipped a `CustomVulnerability` class as a “catch-all” solution (still in beta).

You might be aware that some packages already exist that do a similar thing, often known as “vulnerability scanning” or “red teaming”. The difference is that DeepTeam is modular, lightweight, and code friendly. Take Nvidia Garak for example, although comprehensive, has so many CLI rules, environments to set up, it is definitely not the easiest to get started, let alone pick the library apart to build your own penetration testing pipeline. In DeepTeam, define a class, wrap it around your own implementations if necessary, and you’re good to go.

We adopted a Apache 2.0 license (for now, and probably in the foreseeable future too), so if you want to get started, `pip install deepteam`, use any LLM for simulation, and you’ll get a full penetration report within 1 minute (assuming you’re running things asynchronously). GitHub: https://github.com/confident-ai/deepteam

Excited to share DeepTeam with everyone here – let us know what you think!

AI2Web: Open protocol to make any website work with every AI agent

https://ai2web.dev/
1•rolandfarkas•23s ago•0 comments

One Wikipedia page costs your AI agent 68,000 tokens

3•arhamislam5766•3m ago•0 comments

Baptism Saves You -This is the best explanation of why

https://silvestro2026.substack.com/p/baptism-saves-you
1•silvestromedia•3m ago•0 comments

Maura Gillison, who linked HPV to head and neck cancer, dies at 61

https://cancerletter.com/obituary/20260702_2/
1•tortilla•6m ago•0 comments

Math Visualizations of the AI Layoff Trap

https://mattlane.us/stories/dailemma
1•mmmaaatttttt•6m ago•0 comments

Ask HN: How has the internet devolved in recent years?

1•fridayblunt•11m ago•0 comments

Zero Sum Attribution Powered by AI

https://www.upside.tech/platform/pipedash/
1•mada299•12m ago•0 comments

Count Binface, Nigel Farage's space-warrior foe

https://www.economist.com/the-world-in-brief/2026/07/11/b240d63f-2768-43dd-89b6-2bdceb6df745
2•tagawa•12m ago•0 comments

Show HN: A pixel pet for your GitHub README that eats your commits

https://github.com/Nomlings/badge
1•franwbu•13m ago•0 comments

Show HN: Atuin AI Proxy bridges Hub AI to an OpenAI-compatible endpoint

https://github.com/Vlad1mir-D/atuin-ai-proxy
1•Am1G0•13m ago•0 comments

State Actors and AI Slop Are Amplifying the Homegrown Data Center Revolt

https://alethea.com/insights/how-state-actors-and-ai-slop-are-amplifying-data-center-revolt
2•m-hodges•14m ago•0 comments

Rise of the 'Slop Zombies'

https://www.machinesociety.ai/p/rise-of-the-slop-zombies
2•mikelgan•14m ago•1 comments

How to become a -10x Engineering Manager

https://medium.com/@jackiexu1228/how-to-be-a-10x-engineering-manager-a9fa8e3dd558
1•kokodoko•16m ago•0 comments

Which 'AI scientist' suits your lab? A guide for the perplexed

https://www.nature.com/articles/d41586-026-02091-6
1•gnabgib•17m ago•0 comments

I Like Using Scrollbars

https://www.arp242.net/scrollbar.html
1•ingve•19m ago•0 comments

From Venture Rankings to Venture Decisions

https://www.thestateofventure.com/p/from-venture-rankings-to-venture
1•kteare•20m ago•0 comments

Unlocking the PSP's Dual Core Setup

https://wololo.net/2026/06/16/unlocking-the-psps-dual-core-setup/
1•msephton•23m ago•0 comments

Show HN: Hana JIT – LLVM-backed Python JIT with genetic-algorithm superoptimizer

https://github.com/ezducate/HanaJit
1•iqbal1980•25m ago•0 comments

Security settings every GitHub maintainer should enable this week

https://github.blog/security/6-security-settings-every-github-maintainer-should-enable-this-week/
1•mooreds•35m ago•0 comments

Build your favorite technologies from scratch

https://github.com/codecrafters-io/build-your-own-x
1•kamphey•36m ago•0 comments

What Does a WordPress Development Company Do?

https://www.techwrath.com/what-does-wordpress-development-company-do/
1•techwrath11•39m ago•0 comments

Wine 11.13 – Run Windows Applications on Linux, BSD, Solaris and macOS

https://www.winehq.org/announce/11.13
1•neustradamus•41m ago•0 comments

Agents of Our Own Illiteracy

https://royalicing.com/2026/agents-of-our-own-illiteracy
1•burntcaramel•42m ago•0 comments

Classicist Emily Wilson: 'Odysseus is a different kind of conman'

https://www.ft.com/content/3edbfdf4-cb20-4393-9d5d-ffc1dd241ca4
1•petethomas•44m ago•1 comments

Project Cybersyn

https://en.wikipedia.org/wiki/Project_Cybersyn
1•lschueller•46m ago•0 comments

Hermes – AI that turns customer behavior into actions instead of dashboards

https://tryhermes.dev
1•germainhirwa•47m ago•0 comments

Old Car Racing Photos (2021)

https://toni.org/2021/01/26/old-car-racing-photos/
1•mooreds•47m ago•0 comments

Grok Build hides a Doom-like 'easter egg' game behind the /gboom command

https://runtimewire.com/article/exclusive-grok-build-hides-a-doom-like-easter-egg-game-behind-the...
1•ryanmerket•48m ago•0 comments

A Big Headache for Police: Getting Driverless Cars to Obey Traffic Laws

https://www.wsj.com/business/autos/a-big-headache-for-police-getting-driverless-cars-to-obey-traf...
2•apparent•51m ago•1 comments

GPT-5.6 Luna outperforms GPT-5.5 on health reasoning, while being 25x cheaper

https://twitter.com/OpenAI/status/2075686461693898868
1•rstagi•57m ago•0 comments