AdversaryPilot

The AI Red Team Strategist

Bayesian attack planning and orchestration for LLM, agent, and ML systems.

70 ATLAS Techniques
3 Compliance Frameworks
626+ Tests Passing
View on GitHub Quick Start

Key Capabilities

Bayesian Attack Planning

Thompson Sampling with correlated arms and benchmark-calibrated priors. Learns from every test result and recommends increasingly targeted techniques.

70 MITRE ATLAS Techniques

LLM jailbreaks (DAN, PAIR, TAP, GCG, Crescendo), prompt injection, agent exploitation (MCP poisoning, A2A impersonation), and classical AML attacks.

Compliance Mapping

Every technique maps to OWASP LLM Top 10, NIST AI RMF, and EU AI Act. Reports show per-framework coverage and untested controls.

Tool Integrations

Import results from garak (27 probe mappings) and promptfoo (11 test mappings). Execution hooks generate ready-to-run shell commands.

Z-Score Calibration

Results calibrated against HarmBench and JailbreakBench benchmarks, reported as standard deviations from baseline with statistical significance.

Self-Contained HTML Reports

10 interactive tabs: attack graphs, compliance dashboards, belief evolution, risk heatmaps. Zero dependencies - open in any browser.

How the Planner Works

Target Profile YAML definition
Hard Filters Access, domain, target
7-Dim Scorer Compatibility, fit, risk
Thompson Sample Beta posteriors + priors
Ranked Plan Rationale, hooks, Z-scores

Quick Start

pip install -e ".[dev]"

Requires Python 3.11+. Only 4 dependencies: pydantic, typer, rich, pyyaml.

adversarypilot plan target.yaml              # Generate ranked attack plan
adversarypilot campaign new target.yaml      # Start adaptive campaign
adversarypilot import garak report.jsonl     # Import tool results
adversarypilot campaign next <id>            # Get Bayesian recommendations
adversarypilot report <id>                   # Generate HTML report

Explore the Documentation

What is AdversaryPilot?
How Bayesian attack planning works and how it compares to garak, PyRIT, and promptfoo.
AI Red Team Strategy
Building a systematic, compliance-driven AI red team methodology with two-phase campaigns.
MITRE ATLAS Red Teaming Planner
Full catalog of 70 ATLAS-aligned techniques with compliance cross-mapping.
Adversarial Attack Sequencing
Multi-stage attack paths with beam search and joint success probabilities.
Analyzing Garak Results
Import garak JSONL output for Bayesian analysis, Z-score calibration, and compliance reporting.
Promptfoo Attack Planning
Plan and analyze promptfoo red team tests with execution hooks and adaptive recommendations.

Get Started with AdversaryPilot

AdversaryPilot is open-source and free to use under the Apache 2.0 license.

View on GitHub Quick Start Guide