A comprehensive operational toolkit for conducting AI/LLM red team assessments on Large Language Models, AI agents, RAG pipelines, and AI-enabled applications. This repository provides both tactical field guidance and strategic consulting frameworks.
📖 GitBook Navigation: See SUMMARY.md for the complete chapter structure.
This repository represents the Gold Master release of the AI LLM Red Team Handbook. It contains a fully standardized, 46-chapter curriculum covering the entire spectrum of AI security—from prompt injection and jailbreaking to adversarial machine learning and federated learning attacks.
- AI LLM Red Team Handbook (46 Chapters, Completed)
- Professional consultancy guide with standardized metadata, abstracts, and navigation.
- Covers Ethics, Architectures, RAG Security, Agentic Threats, and Compliance (EU AI Act/ISO 42001).
- AI LLM Red Team Field Manual
- Compact operational reference for field use (checklists, payloads, methodology).
- Python Testing Framework (
scripts/)- Automated suites for prompt injection, fuzzing, and safety validation.
ai-llm-red-team-handbook/
├── docs/ # The Handbook (Chapters 01-46)
│ ├── archive/ # Historical versions
│ ├── assets/ # Diagrams, charts, and visual aids
│ ├── field_manuals/ # Operational checklists and quick-refs
│ ├── templates/ # Report and SOW templates
│ └── SUMMARY.md # Master Table of Contents
├── scripts/ # Automated testing tools (Python)
├── workflows/ # CI/CD and automation workflows
├── .agent/ # Agentic memory and context
├── LICENSE # CC BY-SA 4.0 License
└── README.md # This file
The primary way to use this repository is as a reference.
- Start at SUMMARY.md to browse all chapters.
- View the Field Manual for quick lookups during an engagement.
To run the provided Python scanning and fuzzing scripts:
Prerequisites:
- Python 3.8+
- API Access to a target LLM (OpenAI, Anthropic, or local Ollama)
Setup:
# Clone the repository
git clone https://github.com/shiva108/ai-llm-red-team-handbook.git
cd ai-llm-red-team-handbook
# Install dependencies
cd scripts
pip install -r config/requirements.txtRunning Tests:
# Set up your environment variables (API Keys)
cp .env.example .env
nano .env
# Run the test runner
python examples/runner.py --target "gpt-4" --test "prompt_injection"This handbook is divided into 8 strategic parts. All chapters are now complete and audited.
- Ch 01-04: Introduction, Ethics, Mindset, Rules of Engagement.
- Ch 05-08: Threat Modeling, Scoping, Lab Setup, Chain of Custody.
- Ch 09-11: LLM Architectures, Tokens, Plugins/APIs.
- Ch 12-13: RAG Pipelines, Supply Chain Security.
- Ch 14-24: Prompt Injection, Data Leakage, Jailbreaking, API Exploitation, Evasion, Poisoning, Model Theft, DoS, Multimodal, Social Engineering.
- Ch 25-30: Adversarial ML, Supply Chain Defense, Federated Learning, Privacy, Model Inversion, Backdoors.
- Ch 31-39: Reconnaissance, Attack Frameworks, Automation, Defense Evasion, Post-Exploitation, Reporting, Remediation, Continuous Red Teaming, Bug Bounties.
- Ch 40-46: Compliance (EU AI Act), Industry Best Practices, Case Studies, Future of Red Teaming, Emerging Threats, Program Building, Conclusion.
We welcome contributions to keep this handbook living and breathing.
- Fork the repository.
- Create a feature branch (
git checkout -b feature/new-jailbreak). - Submit a Pull Request with a clear description of the change.
- Please ensure all new content follows the Chapter Template in
docs/templates/.
For Authorized Security Testing Only.
The techniques and tools described in this repository are for educational purposes and for use by authorized security professionals to test systems they own or have explicit permission to test.
- Do not use these tools on public LLMs (e.g., ChatGPT, Claude) without complying with their Terms of Service.
- Do not use these techniques for malicious purposes.
The authors and contributors accept no liability for misuse of this material.
- Issues: GitHub Issues
- License: CC BY-SA 4.0
Version: 1.46.154 | Status: Gold Master