AI Security & Red-Teaming Platform — Find vulnerabilities in your own LLM-based applications before attackers do.
AI 安全與紅隊平台 — 在攻擊者發現之前,找出您自己 LLM 應用程式的漏洞。
LLMShield is a defensive security tool. It is intended for developers and security researchers to test their own systems. Do not use it against services you do not own or do not have explicit written permission to test.
LLMShield 是一個防禦性安全工具。 旨在供開發者與安全研究人員測試自己的系統。請勿用於您不擁有或未獲明確書面許可的服務。
To prevent misuse, this repository intentionally omits ready-to-run attack payloads and detailed exploit instructions. Users must read the source code to understand and use the framework.
為防止誤用,本儲存庫刻意省略可直接執行的攻擊載荷與詳細的漏洞利用說明。使用者須閱讀原始碼以了解並使用此框架。
LLMs power critical applications today, but they introduce a new class of risk that traditional security tools weren't designed to handle. LLMShield helps engineering teams systematically test their own LLM integrations against known categories of failure.
LLM 驅動著現今的關鍵應用程式,但它們帶來了傳統安全工具未針對處理的新型風險。LLMShield 協助工程團隊有系統地測試自己的 LLM 整合,對應已知的失敗類別。
The framework is aligned with the OWASP Top 10 for LLM Applications, an industry-standard taxonomy of LLM-specific risks.
此框架對應 OWASP Top 10 for LLM Applications,這是 LLM 特定風險的業界標準分類。
| Component / 元件 | Technology / 技術 |
|---|---|
| Backend API | FastAPI (Python) |
| Scanner Engine | Rust (sub-millisecond pattern matching) |
| Frontend | Next.js 14 + TypeScript + TailwindCSS |
| Database | PostgreSQL |
| Cache | Redis |
| Containerization | Docker Compose |
┌─────────────────────────────────────────────────┐
│ LLMShield Platform │
├─────────────────────────────────────────────────┤
│ │
│ Frontend ──► FastAPI ──► Rust Scanner │
│ (Next.js) (Python) (fast) │
│ │ │
│ ▼ │
│ PostgreSQL + Redis │
│ │
└─────────────────────────────────────────────────┘
- A library of test templates spanning the major OWASP LLM categories
- 涵蓋主要 OWASP LLM 類別的測試範本函式庫
- Native Rust scanner for high-throughput pattern detection
- 原生 Rust 掃描器,提供高吞吐模式偵測
- Async REST API with auto-generated OpenAPI documentation
- 非同步 REST API,附自動生成的 OpenAPI 文件
- PostgreSQL persistence for audit history
- PostgreSQL 持久化儲存稽核歷史
- Docker Compose orchestration for local development
- 用於本機開發的 Docker Compose 編排
See QUICKSTART.md for detailed setup instructions.
詳細設定說明請見 QUICKSTART.md。
Prerequisites / 前置需求: Python 3.10+, Rust 1.75+, Node.js 18+, Docker Desktop, and an LLM API key for the model you want to test against your own application.
前置需求: Python 3.10+、Rust 1.75+、Node.js 18+、Docker Desktop,以及您要在自己應用程式中測試的模型的 LLM API 金鑰。
- Project skeleton with Docker setup
- Test template library across OWASP LLM categories
- Rust pattern scanner
- FastAPI backend with audit endpoints
- Next.js dashboard
- Authentication & multi-user support
- PDF report export
- CI/CD integration
- Additional LLM provider integrations
llmshield/
├── backend/ # FastAPI + Python
├── scanner-rust/ # Rust scanner (CLI + library)
├── frontend/ # Next.js 14 dashboard
├── docs/ # Documentation & screenshots
├── docker-compose.yml
└── README.md
MIT License — see LICENSE for details.
⚠️ WARNING / 警告This tool is provided for defensive security testing of systems you own or are authorized to test. The authors accept no liability for misuse. Users are responsible for compliance with applicable laws, terms of service of the LLM providers they test against, and ethical guidelines for security research.
此工具僅供您擁有或獲授權測試之系統的防禦性安全測試。作者不對誤用承擔任何責任。使用者須自行遵守適用法律、所測試 LLM 供應商的服務條款,以及安全研究的道德準則。
Built on top of work and ideas from the broader AI security community, including the OWASP LLM Top 10 working group.
建構於廣大 AI 安全社群的工作與想法之上,包括 OWASP LLM Top 10 工作小組。
Embun Ventani
- GitHub: @Venta02
- LinkedIn: embun ventani
- Email: embunventa02@gmail.com
Securing AI, one prompt at a time.
每一個提示,守護 AI 安全。