Community
Star history
Track ARGUS's growth on GitHub.
Closed-loop multi-agent framework for LLM vulnerability discovery. Adaptive attack strategy. CVSSv4.0 scoring. 8 regulatory frameworks. SARIF output for CI/CD.
Full coverage across direct endpoints and complex agentic topologies — the surfaces static scanners miss entirely.
Classic LLM attacks against completion APIs — alignment bypass, system-prompt extraction, role confusion, and jailbreaking.
Indirect cross-prompt injection via retrieval documents. Attacks the model through the data layer it trusts.
Model Context Protocol attack surface — tool-call interception, poisoned context injection, cross-server propagation.
Agent-to-agent injection that hops trust boundaries and propagates exploitation through downstream agents.
Exploiting function-calling interfaces — schema confusion, argument injection, and output manipulation.
CVSSv4.0 vectors for every finding, automatically mapped to applicable regulatory frameworks. SARIF v2.1 output for CI/CD gates.
Four specialized agents in a continuous revision loop. The Planner reads live behavioral signals and rewrites its strategy — not a fixed probe list.
Target LLM / Pipeline
|
v
┌───────────────────────────────────────────────┐
│ Orchestrator │
│ │
│ Planner ────────> Attacker ────> Evaluator │
│ (Claude Opus) (synthesizer) (3-layer) │
│ ^ | | │
│ | v v │
│ └────── Revision <──── Findings + CVSS │
│ | │
│ Reporter │
└───────────────────────────────────────────────┘
|
v
SARIF v2.1 + JSON ──> CI/CD gates + GRC tooling
Cosine distance against a confirmed-attack embedding space. Flags responses that land in known attack-success neighborhoods, independent of surface form — catches paraphrases and evasive reformulations.
Multi-model verdict with configurable affirmative quorum and confidence threshold. Cross-model agreement eliminates single-model blind spots and dramatically reduces false positives.
Pipeline telemetry anomaly detection. Catches exploitation that produces no suspicious output text but alters tool-call patterns, token budgets, or downstream API behavior.
Static probe-and-detect tools catch known patterns. ARGUS reasons, adapts, and discovers novel vulnerabilities autonomously.
| Feature | Garak (NVIDIA) | PyRIT (Microsoft) | LLM-Fuzzer | ARGUS |
|---|---|---|---|---|
| Multi-agent architecture | ✗ | ✗ | ✗ | ✓ |
| Adaptive attack strategy | ✗ | ✗ | ✗ | ✓ real-time |
| Cross-session memory | ✗ | ✗ | ✗ | ✓ ChromaDB |
| OWASP LLM Top 10 (2025) | partial | partial | ✗ | ✓ all 10 |
| RAG / pipeline attacks | ✗ | partial | ✗ | ✓ |
| MCP server mesh attacks | ✗ | ✗ | ✗ | ✓ |
| Multi-agent propagation | ✗ | ✗ | ✗ | ✓ |
| CVSSv4.0 scoring | ✗ | ✗ | ✗ | ✓ |
| SARIF v2.1 output | ✗ | ✗ | ✗ | ✓ |
| 8-framework compliance mapping | ✗ | ✗ | ✗ | ✓ |
| LLM-as-judge panel detection | ✗ | partial | ✗ | ✓ quorum |
| Behavioral trace analysis | ✗ | ✗ | ✗ | ✓ |
| Academic backing | ✓ | ✓ | ✓ | ✓ IEEE |
Install once, scan any supported target with a single command. API key resolved from env or --api-key flag.
git clone https://github.com/\ sunilgentyala/argus cd argus pip install -e .
argus scan \ --target anthropic \ --model claude-sonnet-4-6 \ --profile quick
argus scan \ --target openai \ --model gpt-4o \ --system-prompt "..." \ --profile compliance
argus show \ ./argus-reports/\ <session-id>.report.json
Every confirmed finding is automatically tagged to applicable regulatory articles — ready for your audit trail or GRC team.
Govern, Map, Measure, Manage — full control framework mapping.
High-risk system requirements, transparency and conformity obligations.
Federal AI safety, security reporting, and red-team requirements.
AI Safety Institute evaluation and testing standards.
Cybersecurity incident reporting and AI governance guidelines.
International AI management system standard controls.
Regional frameworks across Asia-Pacific jurisdictions.
AU digital transformation and AI policy alignment.
Track ARGUS's growth on GitHub.
A star on GitHub helps other security researchers find ARGUS and signals that open LLM security tooling matters.