ai-scanner by 0din-ai

AI security scanner for LLM vulnerability assessment

Created 4 days ago

New!

310 stars

Top 87.0% on SourcePulse

View on GitHub

1 Expert Loves This Project

Dan Guido

Cofounder of Trail of Bits

Project Summary

Summary

0din-ai/ai-scanner is an open-source web application for AI model security assessments, built on Ruby on Rails and NVIDIA garak. It enables organizations to test AI systems for vulnerabilities pre-deployment, functioning like penetration testing for traditional software, and offers detailed reporting for enhanced security.

How It Works

This project utilizes Ruby on Rails and NVIDIA garak for its AI security scanning engine. It features 179 community probes across 35 vulnerability families, aligned with the OWASP LLM Top 10. The system supports multi-target scanning for API-based LLMs and browser-based chat interfaces, facilitating thorough security evaluations.

Quick Start & Requirements

Install via curl -sL https://raw.githubusercontent.com/0din-ai/ai-scanner/main/scripts/install.sh | bash. Alternatively, use Docker Compose: download docker-compose.yml and .env.example, copy to .env, configure SECRET_KEY_BASE and POSTGRES_PASSWORD, then run docker compose up -d. Access at http://localhost with admin@example.com / password (change immediately). Full documentation links are provided for quick start, first scans, user guides, deployment, development, and troubleshooting.

Highlighted Details

179 community probes across 35 vulnerability families (OWASP LLM Top 10 aligned).
Multi-target scanning for API LLMs and browser chat UIs.
Scheduled/on-demand scans with configurable recurrence.
Attack Success Rate (ASR) scoring with trend tracking.
PDF report export with per-probe drill-down.
SIEM integration (Splunk, Rsyslog).
Multi-tenant architecture with data encrypted at rest.
Unlimited features, scans, and users.

Maintenance & Community

Contribution guidelines are available in CONTRIBUTING.md, and security vulnerability reporting is detailed in SECURITY.md. Specific community channels, sponsorships, or contributor information are not explicitly detailed in the provided README snippet.

Licensing & Compatibility

Licensed under the Apache License 2.0, this project is permissive for commercial use and integration into closed-source applications.

Limitations & Caveats

Default credentials (admin@example.com / password) require immediate change. The quick start relies on Docker, and manual configuration of .env for secrets is necessary.

Health Check

Last Commit

3 days ago

Responsiveness

Inactive

Pull Requests (30d)

Issues (30d)

Star History

310 stars in the last 4 days