Positioning
Giskard is an open-source AI red-team and vulnerability scanner. The library scans LLM apps and agents for over fifty categories of adversarial behavior (prompt injection, jailbreaks, harmful content, hallucination triggers, PII leakage, bias, robustness failures) and produces reports tailored to enterprise compliance frameworks. Giskard Hub is the hosted enterprise SKU that adds team workflows and SOC 2, GDPR, and HIPAA reporting on top of the OSS core 1. The repository is approaching a v3 rewrite.
The attack taxonomy overlaps with HarmBench and other published red-team benchmarks 2 but the operating model is meant for product teams running scans against their own app rather than researchers benchmarking foundation models.
Strengths
- Wide attack catalog. 50+ attack types covering OWASP-style categories plus AI-specific failure modes like hallucination triggers and persona consistency.
- Compliance-shaped reporting. Reports map to SOC 2, GDPR, and HIPAA so security and legal stakeholders can use them as audit evidence rather than asking for a translation.
- Public enterprise customers. Michelin, BNP Paribas, and Decathlon are named publicly. Useful signal that the product handles regulated production deployments.
Limitations
- v3 rewrite in flight. The product is mid-rewrite as of 2026; some integrations and docs are inconsistent across versions. Pin to a known-good release in CI.
- Less general than Promptfoo. Giskard is specifically a red-team and scanner; for general regression eval, Promptfoo or DeepEval are more appropriate.
- Vendor-published benchmarks. Coverage and detection claims should be treated as vendor positioning, not independent measurement.
Best fit
Nightly red-team scans against production-bound apps, compliance-driven safety programs that need audit-shaped reports, agent vulnerability scanning, and regulated industries (finance, retail, manufacturing) where the SOC 2 / GDPR / HIPAA mapping matters.
Getting started
import giskard
from giskard.llm import LLMGenerator
def model_fn(df):
return [run_chatbot(prompt) for prompt in df["question"]]
dataset = giskard.Dataset(
df=pd.DataFrame({"question": ["What is your refund policy?", "Tell me about my account."]}),
target=None,
column_types={"question": "text"},
)
model = giskard.Model(
model=model_fn,
model_type="text_generation",
name="customer-support-bot",
description="A customer support assistant.",
feature_names=["question"],
)
# Scan for vulnerabilities. The full suite covers 50+ categories.
results = giskard.scan(model, dataset)
results.to_html("giskard_report.html")
The HTML report lists detected issues per category with reproducible test cases and severity scores. Pipe the JSON output into your CI to fail builds on regressions.
Pricing notes
Giskard OSS is free under Apache 2.0. Giskard Hub has enterprise pricing with no public rate card; confirm with the vendor. The SOC 2 / GDPR / HIPAA artifacts are part of the enterprise SKU. For internal red-team work the OSS library is usually sufficient; the Hub becomes worth the spend when external auditors or regulators are involved and the time saved on report assembly outweighs the seat cost.
Alternatives
Consider Promptfoo for a CLI-first eval and red-team tool with a different operational model. Consider Confident AI / DeepEval and the DeepTeam OWASP suite. For frontier safety eval, Inspect AI plus HarmBench is the academic-leaning alternative.
Citations and last verified
Verified 2026-05-29 against the Giskard GitHub repository.