Repository template courtesy of the Blueprints Hub.

How to... Scan an LLM app for vulnerabilities

Note:
This repository is intended as a learning project. It is not a general-purpose testing package.

This repo shows you how to test your Q&A application for common LLM vulnerabilities.
Do you want to know if your app tends to hallucinate? Or whether it may be easily convinced of the opposite of what it reads? Jailbreaks? You can scan for these issues.

All you need is:

• For your toy Q&A app:
  • Langchain and particularly Langchain-Community to build a sample Q&A chatbot on PDFs. This acts as the system you want to probe.
  • PyPDF to parse the PDFs.
  • Llamafile or an API key for Mistral for the LLM at the core of the sample app.
• For the demo UI:
  • Streamlit
• For the actual scanning and probing:
  • Giskard

Quick-start

Installation

1. Clone the repository:

   git clone https://github.com/ividal/robustness-scans.git
   cd robustness-scans

2. Install uv:

   On Ubuntu 24.04:

   sudo apt update
   sudo apt install -y make build-essential libssl-dev zlib1g-dev \
   libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \
   libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev \
   liblzma-dev python-openssl git
   curl -LsSf https://astral.sh/uv/install.sh | sh

   On macOS:

   curl -LsSf https://astral.sh/uv/install.sh | sh

3. Install Python with uv:

   uv python install 3.11.11

4. Create a virtual environment and handle dependencies with uv:

   uv venv

5. Install the package:

   uv sync

Running the application

To start the demo application:

cd demo
uv run streamlit run app.py

This will launch a Streamlit web interface at http://localhost:8501 displaying a Q&A chatbot for PDF documents.

Using Docker

Building and running with Docker

1. Build the Docker image:

   docker build -t blueprint .

2. Run the container:

   docker run -p 8501:8501 blueprint

3. Access the application at http://localhost:8501

Documentation

Building and viewing the docs

1. Install the documentation dependencies:

   # Using uv
   uv sync --all-groups

2. Build and serve the documentation:

   uv run mkdocs serve

3. View the documentation at http://localhost:8000

Building the docs for production

uv run mkdocs build

The built documentation will be available in the site directory.

Testing

Running tests

1. Install test dependencies:

   # Using uv
   uv sync --all-groups

2. Run the tests:

   uv run pytest -v tests/

Pre-requisites

• System requirements:

  • OS: macOS, or Linux
  • Python 3.11.11 or higher
  • Minimum RAM: negligible: all LLM calls are made to an API

• Dependencies:

  • Dependencies listed in pyproject.toml

License

This project is licensed under the Apache 2.0 License. See the LICENSE file for details.

Contributing

Contributions are welcome! To get started, you can check out the CONTRIBUTING.md file.