Safeguard Your Chatbots with Garak: Identifying LLM Vulnerabilities

LLMs can be vulnerable to various attacks, including prompt injection, data leakage, and even generating malicious code. But how do you proactively test your LLM-powered applications for these weaknesses? Enter Garak, an open-source LLM vulnerability scanner. In this blog post, I’ll break down the key takeaways from the video and show you how to use Garak to enhance the security of your LLMs.

What is Garak?

Garak, as explained in the video, is a powerful LLM vulnerability scanner with an extensive library of probes (test cases) and detectors. These probes are designed to trick the model into exhibiting undesirable behaviors, while the detectors analyze the responses to identify potential vulnerabilities. Garak supports various targets, including direct model endpoints and even custom web applications through its REST generator.

Key Takeaways from the Video: Testing Your Own LLM Application with Garak

The video focuses on using Garak to test a custom chatbot application called “Wuzzi Chat,” built with Llama 3 and powered by Groq for fast inference. Here’s a breakdown of the key steps demonstrated:

1. Understanding the REST Generator: Garak’s REST generator allows you to test any chatbot or web application exposed via a REST interface.
2. Reverse Engineering HTTP Requests: Use browser developer tools (Network tab) or proxy tools like Burp Suite or Fiddler to capture the HTTP requests made by your application. This helps you understand the API endpoint, request method (POST, GET, etc.), headers, and payload structure.
3. Creating a Garak Configuration File (garak-config.json): This file defines how Garak interacts with your application’s API. It includes:
   • name: A name for your configuration.
   • url: The API endpoint of your application.
   • method: The HTTP method (e.g., “POST”).
   • headers: Any required HTTP headers, such as authorization tokens (Authorization) and content type (Content-Type). Remember that you will have to set the API key as an enviroment variable so Garak can find it.
   • payload: The JSON payload that your application expects. Use input to dynamically insert Garak’s test cases into the payload.
   • response: Specifies the element in the JSON response that Garak should evaluate. The test case will look for a text property by default.
4. Running Garak with the Configuration File: Use the command line to run Garak, specifying the model type (--model_type rest), the configuration file (--config tests/gar-config.json), and the probes you want to use (e.g., --probe mal_generation.evasion).
5. Analyzing the Results: Garak generates several output files, including:
   • hit_log: Contains details of the error cases (i.e., where the LLM exhibited undesirable behavior).
   • HTML report: A graphically formatted report summarizing the results.
   • Full output log: A complete log of every attempt.
   • Check the application logs for every interaction with the server

Practical Tips and Considerations

• Authorization: Pay close attention to how your application handles authorization. Garak allows you to specify headers, including API keys. As the video points out, you might need to prepend the authorization header with “Bearer ” if the application requires Bearer token authentication.
• Content Type: Always set the Content-Type header to application/json when sending JSON payloads.
• Understanding the Payload Structure: Carefully analyze your application’s API to understand the expected payload structure. Use the input parameter in your Garak configuration file to insert the test case prompts correctly.
• Permissions and Ethical Considerations: Only test applications and systems that you are authorized to test. Running security scans without permission is unethical and potentially illegal.
• Resource Usage: Be mindful of the number of requests Garak generates. Using a high generation count (the -generations parameter) can put a strain on your server. Start with a lower value and increase it as needed.

Conclusion

Garak is a valuable tool for identifying vulnerabilities in LLM applications, especially those exposed via REST APIs. By following the steps outlined in the video and this blog post, you can proactively test your applications for potential weaknesses and improve their overall security. Remember to always test responsibly and ethically, and to continuously monitor and update your security practices as the threat landscape evolves.