Awesome MLSecOps 🛡️🤖

June 28, 2026 · View on GitHub

Awesome Maintenance License Follow

A curated list of awesome open-source tools, resources, and tutorials for MLSecOps (Machine Learning Security Operations).

MLSecOps Banner

Table of Contents

Open Source Security Tools

In this section, you and I can take a look at what opensource solutions and PoCs, exist to accomplish the task of ML protection. Of course, some of them are unsupported or will have difficulties to run. However, not mentioning them is a big crime.

ToolDescription
ModelScanProtection Against ML Model Serialization Attacks
NB DefenseSecure Jupyter Notebooks
GarakLLM vulnerability scanner
Adversarial Robustness ToolboxLibrary of defense methods for ML models against adversarial attacks
MLSploitCloud framework for interactive experimentation with adversarial machine learning research
TensorFlow PrivacyLibrary of privacy-preserving machine learning algorithms and tools
FoolboxPython toolbox for creating and evaluating adversarial attacks and defenses
AdvertorchPython toolbox for adversarial robustness research
Artificial Intelligence Threat MatrixFramework for identifying and mitigating threats to machine learning systems
Adversarial ML Threat MatrixAdversarial Threat Landscape for AI Systems
CleverHansA library of adversarial examples and defenses for machine learning models
AdvBoxAdvbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow
Audit AIBias Testing for Generalized Machine Learning Applications
Deep PwningDeep-pwning is a lightweight framework for experimenting with machine learning models with the goal of evaluating their robustness against a motivated adversary
Privacy MeterAn open-source library to audit data privacy in statistical and machine learning algorithms
TensorFlow Model AnalysisA library for analyzing, validating, and monitoring machine learning models in production
PromptInjectA framework that assembles adversarial prompts
Agent Memory GuardOfficial OWASP runtime defense layer that screens AI agent memory reads/writes, blocking prompt injection, secret leakage, and memory poisoning (ASI06)
TextAttackTextAttack is a Python framework for adversarial attacks, data augmentation, and model training in NLP
OpenAttackAn Open-Source Package for Textual Adversarial Attack
TextFoolerA Model for Natural Language Attack on Text Classification and Inference
Flawed Machine Learning SecurityPractical examples of "Flawed Machine Learning Security" together with ML Security best practice across the end to end stages of the machine learning model lifecycle from training, to packaging, to deployment
Adversarial Machine Learning CTFThis repository is a CTF challenge, showing a security flaw in most (all?) common artificial neural networks. They are vulnerable for adversarial images
Damn Vulnerable LLM ProjectA Large Language Model designed for getting hacked
Gandalf LakeraPrompt Injection CTF playground
VigilLLM prompt injection and security scanner
PALLMs (Payloads for Attacking Large Language Models)list of various payloads for attacking LLMs collected in one place
AI-exploitsexploits for MlOps systems. It's not just in the inputs given to LLMs such as ChatGPT
Offensive ML PlaybookOffensive ML Playbook. Notes on machine learning attacks and pentesting
AnonLLMAnonymize Personally Identifiable Information (PII) for Large Language Model APIs
AI Goatvulnerable LLM CTF challenges
PyritThe Python Risk Identification Tool for generative AI
Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage DetectorsSource code of the paper "Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors" accepted at AISec '23
GiskardOpen-source testing tool for LLM applications
SafetensorsConvert pickle to a safe serialization option
Citadel LensQuality testing of models according to industry standards
Model-Inversion-Attack-ToolBoxA framework for implementing Model Inversion attacks
NeMo-GuardialsNeMo Guardrails allow developers building LLM-based applications to easily add programmable guardrails between the application code and the LLM
AugLyA tool for generating adversarial attacks
KnockoffnetsPoC to implement BlackBox attacks to steal model data
Robust Intelligence Continous ValidationTool for continuous model validation for compliance with standards
VGERJupyter Attack framework
AIShield WatchtowerAn open source tool from AIShield for studying AI models and scanning for vulnerabilities
PS-fuzztool for scanning LLM vulnerabilities
Mindgard-cliCheck security of you AI via CLI
PurpleLLama3Check LLM security with Meta LLM Benchmark
Model transparencygenerate model signing
ARTkitAutomated prompt-based testing and evaluation of Gen AI applications
LangBiTeA Bias Tester framework for LLMs
OpenDPThe core library of differential privacy algorithms powering the OpenDP Project
TF-encryptedEncryption for tensorflow
Agentic SecurityAgentic LLM Vulnerability Scanner / AI red teaming kit
CircleGuardBenchA full-fledged benchmark for evaluating protection capabilities of AI models
Promptfoo ScannerAn open-source LLM red teaming tool
KubeStellar ConsoleMulti-cluster Kubernetes dashboard with MLSecOps capabilities: GPU workload monitoring, Kyverno policy enforcement, supply chain security (SBOM, SLSA), and AI/ML infrastructure observability. CNCF Sandbox project.
TrustGateAn open-source Generative Application Firewall (GAF)
Agent-WizPython CLI by Repello AI for extracting agentic workflows from LangChain/LangGraph/CrewAI/AutoGen and running automated threat modeling
WhistleblowerOpen-source offensive tool by Repello AI for testing LLM apps against system prompt leakage

Commercial Tools

ToolDescription
Databricks Platform, Azure DatabricksDatalake data management and implementation tool
Hidden Layer AI Detection ResponseTool for detecting and responding to incidents
GuardianModel protection in CI/CD
PromptfooContinuous monitoring, detection, and remediation for enterprise LLM applications
NeuralTrustTools to protect, secure and test GenAI Applications

DATA

ToolDescription
ARX - Data Anonymization ToolTool for anonymizing datasets
Data-VeilData masking and anonymization tool
Tool for IMG anonymizationImage anonymization
Tool for DATA anonymizationData anonymization
BMW-Anonymization-ApiThis repository allows you to anonymize sensitive information in images/videos. The solution is fully compatible with the DL-based training/inference solutions that we already published/will publish for Object Detection and Semantic Segmentation
DeepPrivacy2A Toolbox for Realistic Image Anonymization
PPAPLatent-space-level Image Anonymization with Adversarial Protector Networks

ML Code Security

101 Resources

You can find here a list of resources to help you get into the topic of AI security. Understand what attacks exist and how they can be used by an attacker.

AI Security Study Map

AI Security Study Map

Full size map in this repository

Threat Modeling

image

image

image

image

image

more in Adversarial AI Attacks, Mitigations, and Defense Strategies: A cybersecurity professional's guide to AI attacks, threat modeling, and securing AI with MLSecOps

Attack Vectors

Here we provide a useful list of resources that focus on a specific attack vector.

Blogs and Publications

🌱 The AI security community is growing. New blogs and many researchers are emerging. In this paragraph you can see examples of some blogs.

MLOps Infrastructure Vulnerabilities

Very interesting articles on MlOps infrastructure vulnerabilities. In some of them you can even find ready-made exploits.

MlSecOps pipeline

image

Repositories

AgentPoison

Official implementation of "AgentPoison: Red-teaming LLM Agents via Memory or Knowledge Base Backdoor Poisoning". This project explores methods of data poisoning and backdoor insertion in LLM agents to assess their resilience against such attacks.

DeepPayload

Research on methods of embedding malicious payloads into deep neural networks.

backdoor

Investigation of backdoor attacks on deep learning models, focusing on creating undetectable vulnerabilities within models.

Stealing_DL_Models

Techniques for stealing deep learning models through various attack vectors, enabling adversaries to replicate or access models.

datafree-model-extraction

Model extraction without using data, allowing for the recovery of models without access to the original data.

LLMmap

Tool for mapping and analyzing large language models (LLMs), exploring the structure and behavior of various LLMs.

GoogleCloud-Federated-ML-Pipeline

Federated learning pipeline using Google Cloud infrastructure, enabling model training on distributed data.

Class_Activation_Mapping_Ensemble_Attack

Attack using ensemble class activation maps to introduce errors in models by manipulating activation maps.

COLD-Attack

Methods for attacking deep models under various conditions and constraints, focusing on creating more resilient attacks.

pal

Research on adaptive attacks on machine learning models, enabling the creation of attacks that can adapt to model defenses.

ZeroShotKnowledgeTransfer

Knowledge transfer in zero-shot scenarios, exploring methods to transfer knowledge between models without prior training on target data.

GMI-Attack

Attack for generating informative labels, aimed at covertly extracting data from trained models.

Knowledge-Enriched-DMI

Enhancing DMI (Data Mining and Integration) methods using additional knowledge to improve accuracy and efficiency.

vmi

Research on methods for visualizing and interpreting machine learning models, providing insights into model workings.

Plug-and-Play-Attacks

Attacks that can be "plugged and played" without needing model modifications, offering flexible and universal attack methods.

snap-sp23

Tool for analyzing and processing snapshot data, enabling efficient handling of data snapshots.

privacy-vs-robustness

Research on the trade-offs between privacy and robustness in models, aiming to balance these two aspects in machine learning.

ML-Leaks

Methods for data leakage from trained models, exploring ways to extract private information from machine learning models.

BlindMI

Research on blind information extraction attacks, enabling data retrieval without access to the model's internal structure.

python-DP-DL

Differential privacy methods for deep learning, ensuring data privacy during model training.

MMD-mixup-Defense

Defense methods using MMD-mixup, aimed at improving model robustness against attacks.

MemGuard

Tools for protecting memory from attacks, exploring ways to prevent data leaks from model memory.

unsplit

Methods for merging and splitting data to improve training, optimizing the use of heterogeneous data in models.

face_attribute_attack

Attacks on face recognition models using attributes, exploring ways to manipulate facial attributes to induce errors.

FVB

Attacks on face verification models, aimed at disrupting authentication systems based on face recognition.

Malware-GAN

Using GANs to create malware, exploring methods for generating malicious code with generative models.

Generative_Adversarial_Perturbations

Methods for generating adversarial perturbations using generative models, aimed at introducing errors in deep models.

Adversarial-Attacks-with-Relativistic-AdvGAN

Adversarial attacks using Relativistic AdvGAN, exploring methods for creating more realistic and effective attacks.

llm-attacks

Attacks on large language models, exploring vulnerabilities and protection methods for LLMs.

LLMs-Finetuning-Safety

Safe fine-tuning of large language models, aiming to prevent data leaks and ensure security during LLM tuning.

DecodingTrust

Methods for evaluating trust in models, exploring ways to determine the reliability and safety of machine learning models.

promptbench

Benchmark for evaluating prompts, providing tools for testing and optimizing queries to large language models.

rome

Tool for analyzing and evaluating models based on ROM codes, exploring various aspects of model performance and resilience.

llmprivacy

Research on privacy in large language models, aiming to protect data and prevent leaks from LLMs.

Community Resources

Books

Infographics

MLSecOps Lifecycle

MLSecOps Lifecycle

AI Security Market Map

Market Map

Contributions

All contributions to this list are welcome! Please feel free to submit a pull request with any additions or improvements.

Contributors ✨


@riccardobiosas

@badarahmed

@deadbits

@wearetyomsmnv

@anmorgan24

@mik0w

@alexcombessie

@Igralino

@typpo

@robvanderveer

Repository Stats

GitHub stars GitHub forks GitHub watchers GitHub last commit GitHub issues GitHub pull requests

Activity

Repo activity Contributors

Support Us

If you find this project useful, please consider giving it a star ⭐️

GitHub Sponsor

License

This project is licensed under the MIT License - see the LICENSE file for details.

MIT License


Made with ❤️