{"data":{"slug":"corca-ai-awesome-llm-security","name":"awesome-llm-security","tagline":"A curation of tools, documents and projects about LLM Security","github_url":"https://github.com/corca-ai/awesome-llm-security","owner":"corca-ai","repo":"awesome-llm-security","owner_avatar_url":"https://avatars.githubusercontent.com/u/72978860?v=4","primary_language":null,"stars":1637,"forks":294,"topics":["awesome","awesome-list","llm","security"],"archived":false,"github_pushed_at":"2025-08-20T01:27:47+00:00","maintenance_label":"Slowing","url":"https://www.graphcanon.com/tools/corca-ai-awesome-llm-security","markdown_url":"https://www.graphcanon.com/tools/corca-ai-awesome-llm-security.md","api_url":"https://www.graphcanon.com/api/graphcanon/tools/corca-ai-awesome-llm-security","graph_url":"https://www.graphcanon.com/api/graphcanon/graph?tool=corca-ai-awesome-llm-security","description":"A curation of awesome tools, documents and projects about LLM Security.","homepage_url":null,"license":null,"open_issues":161,"watchers":31,"ai_summary":"Curates resources related to security aspects of large language models including attack methodologies, defenses, and platform security.","readme_excerpt":"# Awesome LLM Security \n\nA curation of awesome tools, documents and projects about LLM Security.\n\nContributions are always welcome. Please read the [Contribution Guidelines](CONTRIBUTING.md) before contributing.\n\n> [!NOTE] \n> ⚡ For efficient research navigation, we’re sharing PDFs via [Moonlight](https://www.themoonlight.io/), which provides summaries alongside the original paper.\n\n## Table of Contents\n\n- [Awesome LLM Security ](#awesome-llm-security-)\n  - [Table of Contents](#table-of-contents)\n  - [Papers](#papers)\n    - [White-box attack](#white-box-attack)\n    - [Black-box attack](#black-box-attack)\n    - [Backdoor attack](#backdoor-attack)\n    - [Fingerprinting](#fingerprinting)\n    - [Defense](#defense)\n    - [Platform Security](#platform-security)\n    - [Survey](#survey)\n  - [Benchmark](#benchmark)\n  - [Tools](#tools)\n  - [Articles](#articles)\n  - [Other Awesome Projects](#other-awesome-projects)\n  - [Other Useful Resources](#other-useful-resources)\n\n## Papers\n\n### White-box attack\n- \"Visual Adversarial Examples Jailbreak Large Language Models\", 2023-06, AAAI(Oral) 24, `multi-modal`, [[paper]](https://www.themoonlight.io/paper/share/9e1233aa-e417-448a-9032-05a11bff5a66) [[repo]](https://github.com/Unispac/Visual-Adversarial-Examples-Jailbreak-Large-Language-Models)\n- \"Are aligned neural networks adversarially aligned?\", 2023-06, NeurIPS(Poster) 23, `multi-modal`, [[paper]](https://www.themoonlight.io/paper/share/282d463d-f9ce-4759-9e97-38b72c1200a7)\n- \"(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs\", 2023-07, `multi-modal` [[paper]](https://www.themoonlight.io/paper/share/520e644a-b4f9-497f-9ebf-d6da198699aa)\n- \"Universal and Transferable Adversarial Attacks on Aligned Language Models\", 2023-07, `transfer`, [[paper]](https://www.themoonlight.io/paper/share/5fc39128-9efa-49b3-8582-a909bab40dd3) [[repo]](https://github.com/llm-attacks/llm-attacks) [[page]](https://llm-attacks.org/)\n- \"Jailbreak in pieces: Compositional Adversarial Attacks on Multi-Modal Language Models\", 2023-07, `multi-modal`, [[paper]](https://www.themoonlight.io/paper/share/5409b2f8-3f70-4cee-bcf3-01563877acf8)\n- \"Image Hijacking: Adversarial Images can Control Generative Models at Runtime\", 2023-09, `multi-modal`, [[paper]](https://www.themoonlight.io/paper/share/b06630ff-1269-4765-86ed-0c79563402c1) [[repo]](https://github.com/euanong/image-hijacks) [[site]](https://image-hijacks.github.io)\n- \"Weak-to-Strong Jailbreaking on Large Language Models\", 2024-04, `token-prob`, [[paper]](https://www.themoonlight.io/paper/share/f8ec09ce-ebe5-4d59-ab7f-51fa27a4805e) [[repo]](https://github.com/XuandongZhao/weak-to-strong)\n\n### Black-box attack\n- \"Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection\", 2023-02, AISec@CCS 23 [[paper]](https://www.themoonlight.io/paper/share/8e338d56-34fc-411f-8f5f-2746997d7927)\n- \"Jailbroken: How Does LLM Safety Training Fail?\", 2023-07, NeurIPS(Oral) 23, [[paper]](https://www.themoonlight.io/paper/share/1b53328c-f894-443b-8818-7e1d35580202)\n- \"Latent Jailbreak: A Benchmark for Evaluating Text Safety and Output Robustness of Large Language Models\", 2023-07, [[paper]](https://www.themoonlight.io/paper/share/4d35806f-3e25-4b28-abb3-2ea94b7246bd) [[repo]](https://github.com/qiuhuachuan/latent-jailbreak/tree/main)\n- \"Effective Prompt Extraction from Language Models\", 2023-07, `prompt-extraction`, [[paper]](https://www.themoonlight.io/paper/share/9c059d79-6fac-47ad-93df-49db7e6bf1be)\n- \"Multi-step Jailbreaking Privacy Attacks on ChatGPT\", 2023-04, EMNLP 23, `privacy`, [[paper]](https://www.themoonlight.io/paper/share/fec9d235-0578-4ec1-bf6a-b2b0f7049b44)\n- \"LLM Censorship: A Machine Learning Challenge or a Computer Security Problem?\", 2023-07, [[paper]](https://www.themoonlight.io/paper/share/b638c2fa-7808-48ba-a624-1b94947bd63d)\n- \"Jailbreaking chatgpt via prompt engineering: An empirical study\", 2023-05, [[paper]](https://www.themoonligh","github_created_at":"2023-07-05T03:38:31+00:00","created_at":"2026-07-11T10:32:27.875683+00:00","updated_at":"2026-07-12T03:41:42.848896+00:00","categories":[{"slug":"evaluation-observability","name":"Evaluation & Observability","url":"https://www.graphcanon.com/categories/evaluation-observability","markdown_url":"https://www.graphcanon.com/categories/evaluation-observability.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/evaluation-observability"}],"tags":[{"slug":"llm","name":"llm"},{"slug":"awesome-list","name":"awesome-list"},{"slug":"security","name":"security"}],"trust":{"provenance":{"is_fork":false,"github_id":662394571,"owner_type":"Organization","methodology":"github_public_v1","parent_repo":null,"near_duplicate_slugs":[]},"computed_at":"2026-07-11T10:32:28.623Z","maintenance":{"label":"Slowing","score":36,"methodology":"github_public_v1","releases_90d":0,"days_since_push":325,"last_release_at":null},"security_summary":{"status":"no_lockfile","scanner":null,"low_count":0,"high_count":0,"last_scan_at":"2026-07-11T10:32:30.329Z","medium_count":0,"scan_profile":"none","critical_count":0}},"capability_facts":{"scan":{"source":"repo_scan","observed_at":"2026-07-11T11:19:12.833Z"}},"decision_facts":{"hosting":{"model":"unknown","summary":""},"pricing":{"model":"freemium","summary":"As an open-source project without defined pricing models, its use is generally free under the terms of its license (license details are not provided)."},"requirements":null,"constraints":{"hosting_model":"unknown","pricing_model":"freemium"},"when_to_use":["When you are specifically looking for detailed information on both white-box and black-box attacks targeted at Large Language Models (LLMs), which 'awesome-llm-security' comprehensively catalogs.","If you need resources that focus heavily on multi-modal adversarial techniques against LLMs, including visual and sound-based indirect instruction injections, as provided in the repository's list."],"when_not_to_use":["When your primary interest is in general software security or vulnerabilities unrelated to language models, since 'awesome-llm-security' zeroes in on attack vectors specifically for LLMs.","If you are solely interested in tools and methods that are not publicly discussed or peer-reviewed; the repository focuses on documented approaches within reputable academic publications."],"source":"enrich:decision_facts","observed_at":"2026-07-11T11:19:51.643Z"},"constraint_facets":{"hosting_model":"unknown","pricing_model":"freemium"},"decision_summary":[{"label":"Hosting","value":"unknown"},{"label":"Pricing","value":"freemium - As an open-source project without defined pricing models, its use is generally free under the terms of its license (license details are not provided)."},{"label":"Adopt for","value":"Awesome LLM Security is a curated list of resources related to the security aspects of large language models. It covers various attack methodologies, defenses, and platform security through papers, benchmarks, tools, and"}]}}