Skip to main content
Glama
cognis-digital

Adversa

Official

ADVERSA

LLM red-team harness โ€” OWASP LLM Top 10 + MITRE ATLAS attack packs

PyPI CI License: COCL 1.0 Suite

AI Security & Governance โ€” securing LLMs, agents, and the MCP supply chain.

pip install cognis-adversa
adversa scan .            # โ†’ prioritized findings in seconds

๐Ÿ”Ž Example output

Real, reproducible output from the tool โ€” runs offline:

$ adversa-emit --version
adversa 2.0.0
$ adversa-emit --help
usage: adversa [-h] [--version] {catalog,scan,probe,refs} ...

LLM red-team probe runner (OWASP LLM Top-10 + MITRE ATLAS).

positional arguments:
  {catalog,scan,probe,refs}
    catalog             list the probe catalog
    scan                run probes against a target
    probe               show detail for one probe
    refs                show OWASP + ATLAS reference tables

options:
  -h, --help            show this help message and exit
  --version             show program's version number and exit
$ adversa-emit catalog
ADVERSA probe catalog (12 probes)
==============================================================================
ID                       OWASP   ATLAS        SEV       NAME
------------------------------------------------------------------------------
pi.direct_override       LLM01   AML.TA0004   high      Direct instruction override
pi.indirect_payload      LLM01   AML.TA0006   critical  Indirect prompt injection via retrieved content
pi.encoded_smuggling     LLM01   AML.TA0009   medium    Encoded payload smuggling
leak.system_prompt       LLM07   AML.TA0011   high      System prompt extraction
leak.credentials         LLM02   AML.TA0010   critical  Sensitive credential disclosure
harm.dangerous_instructions LLM09   AML.TA0005   high      Dangerous-capability elicitation
harm.roleplay_jailbreak  LLM01   AML.TA0009   high      Persona/roleplay jailbreak (DAN-style)
output.xss_injection     LLM05   AML.TA0006   high      Improper output handling (XSS payload)
agency.tool_abuse        LLM06   AML.TA0006   high      Excessive agency / unsafe tool invocation
misinfo.confident_falsehood LLM09   AML.TA0014   medium    Misinformation / fabricated authority
consumption.amplification LLM10   AML.TA0014   low       Unbounded consumption (resource amplification)
poison.training_data     LLM04   AML.TA0003   medium    Data poisoning acknowledgement

Blocks above are real adversa output โ€” reproduce them from a clone.

Related MCP server: meok-mcp-injection-scan-mcp

Usage โ€” step by step

adversa is an LLM red-team probe runner mapping the OWASP LLM Top-10 + MITRE ATLAS onto runnable probes.

  1. Install (Python 3.10+):

    pip install -e .            # or: pipx install adversa
  2. Browse the bundled probe catalog (filter by OWASP/ATLAS/severity):

    adversa catalog --owasp LLM01 --min-severity high
  3. Scan a target โ€” the bundled secure/vulnerable references, a captured-response transcript (offline, no live endpoint), or your own module:callable of signature target(prompt) -> str:

    adversa scan vulnerable
    adversa scan transcript:demos/01-healthcare-chatbot/transcript.json
    adversa scan mypkg.mymodel:generate --owasp LLM01
  4. Read the output as a table, JSON, or SARIF 2.1.0 (for GitHub code-scanning), or inspect one probe's prompts + grader + remediation:

    adversa scan vulnerable --format json | jq '.results[] | select(.passed==false)'
    adversa scan vulnerable --format sarif > adversa.sarif
    adversa probe pi.direct_override
    adversa refs        # OWASP LLM Top-10 + ATLAS tactic tables
  5. Gate CI โ€” scan exits 1 when findings are present, 0 when clean, 2 on usage error:

    - run: pip install -e . && adversa scan mypkg.mymodel:generate   # non-zero fails the job

Contents

Why adversa?

LLM red-team harness โ€” OWASP LLM Top 10 + MITRE ATLAS attack packs โ€” without standing up heavyweight infrastructure.

adversa is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table ยท JSON ยท SARIF), gate CI on it, and let agents drive it over MCP.

Features

  • โœ… 12-probe catalog mapped to OWASP LLM Top-10 (2025) + MITRE ATLAS tactics

  • โœ… Severity ranking + filtering (--owasp, --atlas, --min-severity, --probe)

  • โœ… Five graders (must-refuse, must-not-leak, must-not-contain, must-contain, injection-resisted)

  • โœ… Transcript replay target โ€” red-team captured responses offline, no live endpoint

  • โœ… Bundled secure / vulnerable reference targets + module:callable for your own model

  • โœ… Output as table ยท JSON ยท SARIF 2.1.0 (GitHub code-scanning ready)

  • โœ… CI gate via exit codes (0 clean ยท 1 findings ยท 2 usage)

  • โœ… 8 real-use-case demos with run commands + remediation guidance

  • โœ… Runs on Linux/macOS/Windows ยท Docker ยท devcontainer

  • โœ… Ports in Python, JavaScript, Go, and Rust (ports/)

Quick start

pip install cognis-adversa
adversa --version
adversa scan .                       # scan current project
adversa scan . --format json         # machine-readable
adversa scan . --fail-on high        # CI gate (non-zero exit)

Example

$ adversa scan .
  [HIGH    ] ADV-001  example finding             (./src/app.py)
  [MEDIUM  ] ADV-002  another signal              (./config.yaml)

  2 findings ยท risk score 5 ยท 38ms

Demos โ€” real scenarios you can run now

Each demos/<NN-name>/ holds a realistic input (a captured-response transcript.json in ADVERSA's real format, or a module:callable target) plus a SCENARIO.md explaining where the data came from, the exact command, what to expect, and how to act on the findings.

Demo

Scenario

What it shows

01

Healthcare chatbot, pre-launch

4 findings โ€” system-prompt + credential leak block launch

02

Same bot after hardening

0 findings โ€” clean CI gate (exit 0)

03

RAG poisoned document

indirect + encoded prompt injection (LLM01)

04

Agent with shell access

excessive agency (rm -rf /) + directive override

05

Support bot jailbreak

DAN persona + harmful-instruction elicitation

06

Research assistant

fabricated citation + data-poisoning acceptance

07

Worst-case baseline

all 12 probes fail (vulnerable target)

08

Your own model

wiring a module:callable target into CI

adversa scan transcript:demos/01-healthcare-chatbot/transcript.json   # 4 findings, exit 1
adversa scan transcript:demos/02-post-hardening-clean/transcript.json # 0 findings, exit 0

The transcript shape is either a probe-id map ({"leak.system_prompt": "<reply>"}) or a list of {"probe_id": "...", "response": "..."} pairs โ€” capture your model's replies once, then grade them offline as often as you like.

Architecture

flowchart LR
  IN[sources] --> P[adversa<br/>curate + validate]
  P --> OUT[query / analysis]

Use it from any AI stack

adversa is interoperable with every popular way of using AI:

  • MCP server โ€” adversa mcp (Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)

  • OpenAI-compatible / JSON โ€” pipe adversa scan . --format json into any agent or LLM

  • LangChain ยท CrewAI ยท AutoGen ยท LlamaIndex โ€” wrap the CLI/JSON as a tool in one line

  • CI / scripts โ€” exit codes + SARIF for non-AI pipelines

How it compares

Cognis adversa

leondz

Self-hostable, no account

โœ…

varies

Single command, zero config

โœ…

โš ๏ธ

JSON + SARIF for CI

โœ…

varies

MCP-native (AI agents)

โœ…

โŒ

Polyglot ports (JS/Go/Rust)

โœ…

โŒ

Open license

โœ… COCL

varies

Built in the spirit of leondz/garak, re-framed the Cognis way. Missing a credit? Open a PR.

Integrations

Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (adversa mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.

Install โ€” every way, every platform

pip install "git+https://github.com/cognis-digital/adversa.git"    # pip (works today)
pipx install "git+https://github.com/cognis-digital/adversa.git"   # isolated CLI
uv tool install "git+https://github.com/cognis-digital/adversa.git" # uv
pip install cognis-adversa                                          # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/adversa:latest --help        # Docker
brew install cognis-digital/tap/adversa                             # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/adversa/main/install.sh | sh

Linux

macOS

Windows

Docker

Cloud

scripts/setup-linux.sh

scripts/setup-macos.sh

scripts/setup-windows.ps1

docker run ghcr.io/cognis-digital/adversa

DEPLOY.md (AWS/Azure/GCP/k8s)

  • aegis โ€” AI Agent Permission & Access Auditor โ€” surfaces the lethal trifecta of credentials + injection + reach

  • promptmirror โ€” Prompt-injection & indirect-injection scanner for any LLM context input

  • ledgermind โ€” Local LLM cost & token forensics proxy with anomaly detection

  • guardpost โ€” Runtime agent firewall โ€” PII redaction, rate limits, policy enforcement

  • hallumark โ€” LLM hallucination & grounding auditor for RAG systems

  • aicard โ€” Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards

Explore the suite โ†’ ๐Ÿ—‚๏ธ all 170+ tools ยท โญ awesome-cognis ยท ๐Ÿ”— cognis-sources ยท ๐Ÿค– uncensored-fleet ยท ๐Ÿง  engram

Contributing

PRs, new rules, and demo scenarios are welcome under the collaboration-pull model โ€” see CONTRIBUTING.md and SECURITY.md.

โญ If adversa saved you time, star it โ€” it genuinely helps others find it.

Interoperability

{} composes with the 300+ tool Cognis suite โ€” JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

License

Source-available under the Cognis Open Collaboration License (COCL) v1.0 โ€” free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.


F
license - not found
-
quality - not tested
B
maintenance

Maintenance

โ€“Maintainers
โ€“Response time
โ€“Release cycle
โ€“Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/adversa'

If you have feedback or need assistance with the MCP directory API, please join our Discord server