Open Source Tools
Garak — Python framework for LLM red teaming. Generates adversarial inputs, probes for unsafe outputs, tests prompt injection vulnerabilities. Good starting point for internal teams.
Microsoft PyRIT
PyRIT (Python Risk Identification Toolkit) — Microsoft’s open-source red-team framework. Particularly strong for Azure OpenAI scenarios. Supports orchestration of multi-turn attacks.
Commercial Services
Specialized red-team firms (Robust Intelligence, Hidden Layer) offer services for high-stakes deployments. Human creativity still beats automated tools on novel attack vectors; combine both.
Cadence
Pre-production red team before launch. Quarterly for customer-facing agents. After major model updates, prompt changes, or tool additions. One-time red team isn’t enough; it’s a discipline, not an event.