Adversa
OfficialEnables integration with CrewAI agents as a tool for LLM red-teaming.
Outputs scan results in SARIF format compatible with GitHub code-scanning.
Forwards findings to Jira via webhook for issue tracking.
Can be used as a tool within LangChain applications.
Provides JSON output compatible with OpenAI API for further analysis.
Forwards findings to Slack via webhook for team notifications.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@AdversaScan the current project for OWASP LLM vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ADVERSA
LLM red-team harness โ OWASP LLM Top 10 + MITRE ATLAS attack packs
AI Security & Governance โ securing LLMs, agents, and the MCP supply chain.
pip install cognis-adversa
adversa scan . # โ prioritized findings in seconds๐ Example output
Real, reproducible output from the tool โ runs offline:
$ adversa-emit --version
adversa 2.0.0$ adversa-emit --help
usage: adversa [-h] [--version] {catalog,scan,probe,refs} ...
LLM red-team probe runner (OWASP LLM Top-10 + MITRE ATLAS).
positional arguments:
{catalog,scan,probe,refs}
catalog list the probe catalog
scan run probes against a target
probe show detail for one probe
refs show OWASP + ATLAS reference tables
options:
-h, --help show this help message and exit
--version show program's version number and exit$ adversa-emit catalog
ADVERSA probe catalog (12 probes)
==============================================================================
ID OWASP ATLAS SEV NAME
------------------------------------------------------------------------------
pi.direct_override LLM01 AML.TA0004 high Direct instruction override
pi.indirect_payload LLM01 AML.TA0006 critical Indirect prompt injection via retrieved content
pi.encoded_smuggling LLM01 AML.TA0009 medium Encoded payload smuggling
leak.system_prompt LLM07 AML.TA0011 high System prompt extraction
leak.credentials LLM02 AML.TA0010 critical Sensitive credential disclosure
harm.dangerous_instructions LLM09 AML.TA0005 high Dangerous-capability elicitation
harm.roleplay_jailbreak LLM01 AML.TA0009 high Persona/roleplay jailbreak (DAN-style)
output.xss_injection LLM05 AML.TA0006 high Improper output handling (XSS payload)
agency.tool_abuse LLM06 AML.TA0006 high Excessive agency / unsafe tool invocation
misinfo.confident_falsehood LLM09 AML.TA0014 medium Misinformation / fabricated authority
consumption.amplification LLM10 AML.TA0014 low Unbounded consumption (resource amplification)
poison.training_data LLM04 AML.TA0003 medium Data poisoning acknowledgementBlocks above are real
adversaoutput โ reproduce them from a clone.
Related MCP server: meok-mcp-injection-scan-mcp
Usage โ step by step
adversa is an LLM red-team probe runner mapping the OWASP LLM Top-10 + MITRE ATLAS onto runnable probes.
Install (Python 3.10+):
pip install -e . # or: pipx install adversaBrowse the bundled probe catalog (filter by OWASP/ATLAS/severity):
adversa catalog --owasp LLM01 --min-severity highScan a target โ the bundled
secure/vulnerablereferences, a captured-response transcript (offline, no live endpoint), or your ownmodule:callableof signaturetarget(prompt) -> str:adversa scan vulnerable adversa scan transcript:demos/01-healthcare-chatbot/transcript.json adversa scan mypkg.mymodel:generate --owasp LLM01Read the output as a table, JSON, or SARIF 2.1.0 (for GitHub code-scanning), or inspect one probe's prompts + grader + remediation:
adversa scan vulnerable --format json | jq '.results[] | select(.passed==false)' adversa scan vulnerable --format sarif > adversa.sarif adversa probe pi.direct_override adversa refs # OWASP LLM Top-10 + ATLAS tactic tablesGate CI โ
scanexits1when findings are present,0when clean,2on usage error:- run: pip install -e . && adversa scan mypkg.mymodel:generate # non-zero fails the job
Contents
Why adversa? ยท Features ยท Quick start ยท Example ยท Demos ยท Architecture ยท AI stack ยท How it compares ยท Integrations ยท Install anywhere ยท Related ยท Contributing
Why adversa?
LLM red-team harness โ OWASP LLM Top 10 + MITRE ATLAS attack packs โ without standing up heavyweight infrastructure.
adversa is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table ยท JSON ยท SARIF), gate CI on it, and let agents drive it over MCP.
Features
โ 12-probe catalog mapped to OWASP LLM Top-10 (2025) + MITRE ATLAS tactics
โ Severity ranking + filtering (
--owasp,--atlas,--min-severity,--probe)โ Five graders (must-refuse, must-not-leak, must-not-contain, must-contain, injection-resisted)
โ Transcript replay target โ red-team captured responses offline, no live endpoint
โ Bundled
secure/vulnerablereference targets +module:callablefor your own modelโ Output as table ยท JSON ยท SARIF 2.1.0 (GitHub code-scanning ready)
โ CI gate via exit codes (0 clean ยท 1 findings ยท 2 usage)
โ 8 real-use-case demos with run commands + remediation guidance
โ Runs on Linux/macOS/Windows ยท Docker ยท devcontainer
โ Ports in Python, JavaScript, Go, and Rust (
ports/)
Quick start
pip install cognis-adversa
adversa --version
adversa scan . # scan current project
adversa scan . --format json # machine-readable
adversa scan . --fail-on high # CI gate (non-zero exit)Example
$ adversa scan .
[HIGH ] ADV-001 example finding (./src/app.py)
[MEDIUM ] ADV-002 another signal (./config.yaml)
2 findings ยท risk score 5 ยท 38msDemos โ real scenarios you can run now
Each demos/<NN-name>/ holds a realistic input (a captured-response
transcript.json in ADVERSA's real format, or a module:callable target) plus
a SCENARIO.md explaining where the data came from, the exact command, what to
expect, and how to act on the findings.
Demo | Scenario | What it shows |
Healthcare chatbot, pre-launch | 4 findings โ system-prompt + credential leak block launch | |
Same bot after hardening | 0 findings โ clean CI gate (exit 0) | |
RAG poisoned document | indirect + encoded prompt injection (LLM01) | |
Agent with shell access | excessive agency ( | |
Support bot jailbreak | DAN persona + harmful-instruction elicitation | |
Research assistant | fabricated citation + data-poisoning acceptance | |
Worst-case baseline | all 12 probes fail ( | |
Your own model | wiring a |
adversa scan transcript:demos/01-healthcare-chatbot/transcript.json # 4 findings, exit 1
adversa scan transcript:demos/02-post-hardening-clean/transcript.json # 0 findings, exit 0The transcript shape is either a probe-id map ({"leak.system_prompt": "<reply>"})
or a list of {"probe_id": "...", "response": "..."} pairs โ capture your model's
replies once, then grade them offline as often as you like.
Architecture
flowchart LR
IN[sources] --> P[adversa<br/>curate + validate]
P --> OUT[query / analysis]Use it from any AI stack
adversa is interoperable with every popular way of using AI:
MCP server โ
adversa mcp(Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)OpenAI-compatible / JSON โ pipe
adversa scan . --format jsoninto any agent or LLMLangChain ยท CrewAI ยท AutoGen ยท LlamaIndex โ wrap the CLI/JSON as a tool in one line
CI / scripts โ exit codes + SARIF for non-AI pipelines
How it compares
Cognis adversa | leondz | |
Self-hostable, no account | โ | varies |
Single command, zero config | โ | โ ๏ธ |
JSON + SARIF for CI | โ | varies |
MCP-native (AI agents) | โ | โ |
Polyglot ports (JS/Go/Rust) | โ | โ |
Open license | โ COCL | varies |
Built in the spirit of leondz/garak, re-framed the Cognis way. Missing a credit? Open a PR.
Integrations
Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (adversa mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.
Install โ every way, every platform
pip install "git+https://github.com/cognis-digital/adversa.git" # pip (works today)
pipx install "git+https://github.com/cognis-digital/adversa.git" # isolated CLI
uv tool install "git+https://github.com/cognis-digital/adversa.git" # uv
pip install cognis-adversa # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/adversa:latest --help # Docker
brew install cognis-digital/tap/adversa # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/adversa/main/install.sh | shLinux | macOS | Windows | Docker | Cloud |
|
|
|
| DEPLOY.md (AWS/Azure/GCP/k8s) |
Related Cognis tools
aegisโ AI Agent Permission & Access Auditor โ surfaces the lethal trifecta of credentials + injection + reachpromptmirrorโ Prompt-injection & indirect-injection scanner for any LLM context inputledgermindโ Local LLM cost & token forensics proxy with anomaly detectionguardpostโ Runtime agent firewall โ PII redaction, rate limits, policy enforcementhallumarkโ LLM hallucination & grounding auditor for RAG systemsaicardโ Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards
Explore the suite โ ๐๏ธ all 170+ tools ยท โญ awesome-cognis ยท ๐ cognis-sources ยท ๐ค uncensored-fleet ยท ๐ง engram
Contributing
PRs, new rules, and demo scenarios are welcome under the collaboration-pull model โ see CONTRIBUTING.md and SECURITY.md.
โญ If
adversasaved you time, star it โ it genuinely helps others find it.
Interoperability
{} composes with the 300+ tool Cognis suite โ JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
License
Source-available under the Cognis Open Collaboration License (COCL) v1.0 โ free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/adversa'
If you have feedback or need assistance with the MCP directory API, please join our Discord server