Enterprise-grade LLM Security Benchmarking Framework
Benchmark โข Evaluate โข Compare โข Secure Large Language Models
AgentArmor is an extensible AI security benchmarking framework designed to evaluate Large Language Models (LLMs) against real-world adversarial attacks, safety risks, reliability concerns, and enterprise security requirements.
The framework enables AI engineers, researchers, and organizations to benchmark multiple LLM providers using a unified evaluation pipeline, standardized attack suites, automated scoring metrics, and enterprise-ready reporting.
Unlike traditional LLM evaluation tools that primarily focus on model quality, AgentArmor emphasizes security-first evaluation, helping teams identify vulnerabilities before deploying AI systems into production.
Supported deployment environments include both cloud-hosted foundation models and locally deployed models through Ollama.
- ๐ก๏ธ Security-focused LLM benchmarking framework
- ๐ค Supports multiple LLM providers
- โ๏ธ Modular plugin architecture
- ๐ Automated evaluation metrics
- ๐ Multi-format report generation
- ๐ REST API with FastAPI
- ๐ Interactive Streamlit dashboard
- ๐ณ Docker & Docker Compose support
- ๐งช Comprehensive pytest test suite
- Overview
- Features
- Architecture
- Installation
- Configuration
- Usage
- Reports
- API
- Dashboard
- Docker
- Extending
- Roadmap
- Contributing
- License
As organizations increasingly integrate Large Language Models into production systems, evaluating models solely on accuracy is no longer sufficient.
Enterprise AI applications must also demonstrate resilience against:
- Prompt Injection
- Jailbreak Attempts
- System Prompt Leakage
- Harmful Content Generation
- Data Leakage
- Bias
- Role Override Attacks
AgentArmor provides a unified framework that benchmarks multiple LLM providers using identical attack suites and evaluation metrics, making security comparisons consistent, reproducible, and extensible.
The framework follows a modular plugin architecture, allowing developers to introduce new providers, attack suites, evaluators, and reporting formats without modifying the core benchmarking pipeline.
Evaluate Large Language Models against realistic adversarial attacks commonly encountered in production AI systems.
Benchmark multiple LLM providers through a common interface.
Supported providers include:
- Google Gemini
- OpenAI
- Anthropic Claude
- Ollama
- Dummy Provider
Built-in security attack suites include:
- Prompt Injection
- Jailbreak
- System Prompt Leakage
- Harmful Content
- Data Leakage
- Bias
- Role Override
Each attack suite uses curated datasets to evaluate model robustness.
Every benchmark execution produces multiple evaluation metrics including:
- Security Score
- Accuracy
- Relevance
- Hallucination Detection
- Latency
Automatically generate benchmark reports in multiple formats:
- JSON
- Markdown
- HTML
- CSV
These reports can be integrated into CI/CD pipelines, dashboards, and internal security reviews.
Expose benchmarking capabilities through FastAPI, enabling integration with external applications and automation pipelines.
Visualize benchmark results using Streamlit with an interactive dashboard for comparing providers, reviewing scores, and analyzing reports.
Deploy the complete benchmarking framework using Docker and Docker Compose for reproducible environments.
The framework is intentionally modular.
Developers can extend AgentArmor by adding:
- New LLM Providers
- New Attack Suites
- New Evaluation Metrics
- New Report Writers
without changing the benchmarking pipeline.
| Provider | Status |
|---|---|
| Dummy Provider | โ |
| Google Gemini | โ |
| OpenAI | โ |
| Anthropic Claude | โ |
| Ollama | โ |
| Attack Suite | Description |
|---|---|
| Prompt Injection | Evaluates resistance against malicious prompt injection attempts. |
| Jailbreak | Tests whether model safety mechanisms can be bypassed. |
| System Prompt Leakage | Detects disclosure of hidden system instructions. |
| Harmful Content | Evaluates responses to unsafe or dangerous requests. |
| Data Leakage | Tests protection against disclosure of confidential information. |
| Bias | Evaluates model responses for discriminatory or biased behavior. |
| Role Override | Measures resistance against attempts to manipulate the model's intended role. |
Each benchmark execution produces standardized metrics for security, quality, and performance.
| Metric | Description |
|---|---|
| Security | Measures resistance against adversarial attacks. |
| Accuracy | Evaluates correctness of model responses. |
| Relevance | Measures semantic similarity between prompts and responses. |
| Hallucination | Detects fabricated or unsupported information. |
| Latency | Measures response generation time. |
AgentArmor automatically generates benchmark reports in multiple formats.
| Format | Purpose |
|---|---|
| JSON | Machine-readable benchmark output |
| Markdown | Human-readable documentation |
| HTML | Interactive benchmark reports |
| CSV | Spreadsheet analysis and reporting |
| Category | Technologies |
|---|---|
| Programming Language | Python |
| API | FastAPI |
| Dashboard | Streamlit |
| AI Providers | OpenAI, Gemini, Anthropic, Ollama |
| Embeddings | Sentence Transformers |
| Containerization | Docker, Docker Compose |
| Testing | Pytest |
| CI/CD | GitHub Actions |
| Reporting | HTML, JSON, CSV, Markdown |
| Configuration | YAML, Environment Variables |
AgentArmor follows a modular, plugin-based architecture that separates providers, attack suites, evaluation metrics, and reporting into independent components.
This design enables developers to easily extend the framework by adding new providers, attacks, evaluators, or report formats without modifying the core benchmarking pipeline.
Architecture Diagram
agentarmor/
โ
โโโ agents/ # Agent implementations
โโโ api/ # FastAPI application
โโโ attacks/ # Security attack suites
โโโ clients/ # Provider API clients
โโโ config/ # Configuration loader & settings
โโโ datasets/ # Attack datasets
โโโ docs/ # Project documentation
โโโ evaluators/ # Evaluation metrics
โโโ metrics/ # Metric implementations
โโโ models/ # Shared data models
โโโ pipeline/ # Benchmark execution pipeline
โโโ plugins/ # Provider & attack registry
โโโ providers/ # LLM provider implementations
โโโ reports/ # Generated benchmark reports
โ โโโ writers/ # HTML, JSON, CSV & Markdown writers
โโโ runners/ # Benchmark runners
โโโ scripts/ # Utility scripts
โโโ services/ # Security scorecard services
โโโ templates/ # HTML templates
โโโ tests/ # Unit tests
โ
โโโ dashboard.py # Streamlit dashboard
โโโ main.py # CLI entry point
โโโ docker-compose.yml
โโโ Dockerfile
โโโ requirements.txt
โโโ README.md
git clone https://github.com/<your-username>/agentarmor.git
cd agentarmorWindows
python -m venv .venv
.venv\Scripts\activateLinux / macOS
python3 -m venv .venv
source .venv/bin/activatepip install --upgrade pip
pip install -r requirements.txtCreate a .env file in the project root.
Example:
#########################################
# Google Gemini
#########################################
GEMINI_API_KEY=your_gemini_api_key
DEFAULT_MODEL=gemini-2.5-flash
#########################################
# OpenAI
#########################################
OPENAI_API_KEY=your_openai_api_key
OPENAI_MODEL=gpt-4o-mini
#########################################
# Anthropic
#########################################
ANTHROPIC_API_KEY=your_anthropic_api_key
ANTHROPIC_MODEL=claude-3-5-haiku-latest
#########################################
# Ollama
#########################################
OLLAMA_BASE_URL=http://localhost:11434
OLLAMA_MODEL=llama3.2:3bIf you want to benchmark local models without cloud APIs:
Install Ollama
Download a lightweight model:
ollama pull llama3.2:3bVerify installation:
ollama listRun the server:
ollama serveRun the complete benchmark suite.
python main.pyExample output:
Benchmarking Provider: Google Gemini
Running attack suite: Prompt Injection
Running attack suite: Jailbreak
Running attack suite: Harmful Content
Running attack suite: Data Leakage
Running attack suite: Bias
Running attack suite: Role Override
Generating reports...
Benchmark Complete
Execute the full test suite.
pytestRun a specific test:
pytest tests/test_prompt_injection.pyGenerate verbose output:
pytest -vLaunch the REST API.
uvicorn api.app:app --reloadDefault URL
http://127.0.0.1:8000
Swagger UI
http://127.0.0.1:8000/docs
ReDoc
http://127.0.0.1:8000/redoc
Launch the interactive dashboard.
streamlit run dashboard.pyDefault URL
http://localhost:8501
The dashboard provides:
- Provider comparison
- Security scorecards
- Benchmark summaries
- Generated reports
- Interactive visualizations
Build the project.
docker compose buildRun the services.
docker compose upRun in detached mode.
docker compose up -dStop the containers.
docker compose downAgentArmor supports multiple ways to execute benchmarks.
| Mode | Description |
|---|---|
| CLI | Run using python main.py |
| FastAPI | REST API for automation and integrations |
| Streamlit | Interactive dashboard for visual benchmarking |
| Docker | Containerized deployment |
| GitHub Actions | Continuous Integration |
| File | Purpose |
|---|---|
.env |
API keys and provider configuration |
config/config.yaml |
Providers, attacks, and benchmark settings |
requirements.txt |
Python dependencies |
docker-compose.yml |
Multi-container deployment |
Dockerfile |
Container image definition |
After each benchmark execution, AgentArmor automatically generates reports in multiple formats for analysis, auditing, and integration into enterprise workflows.
Generated reports are stored in the reports/ directory.
reports/
โโโ benchmark_report.csv
โโโ benchmark_report.md
โโโ latest_report.json
โโโ report.html
โโโ report.md
Supported formats include:
| Format | Description |
|---|---|
| JSON | Machine-readable output for automation and integrations |
| Markdown | Human-readable benchmark summary |
| HTML | Interactive report suitable for sharing |
| CSV | Spreadsheet-friendly report for analysis |
Example CLI execution:
Benchmarking Provider: Google Gemini
Running attack suite: Prompt Injection
Running attack suite: Jailbreak
Running attack suite: System Prompt Leakage
Running attack suite: Harmful Content
Running attack suite: Data Leakage
Running attack suite: Bias
Running attack suite: Role Override
============================================================
AGENTARMOR SECURITY SCORECARD
============================================================
Provider : Google Gemini
Attack Score Status
------------------------------------------------------------
Prompt Injection 92.0 PASS
Jailbreak 89.0 PASS
System Prompt Leakage 96.0 PASS
Harmful Content 94.0 PASS
Data Leakage 97.0 PASS
Bias 90.0 PASS
Role Override 93.0 PASS
------------------------------------------------------------
Overall Score : 93.0
Risk Level : LOW
When benchmarking multiple providers, AgentArmor automatically generates a ranked leaderboard.
Example:
| Rank | Provider | Overall Score | Risk |
|---|---|---|---|
| 1 | Ollama | 97.14 | LOW |
| 2 | Google Gemini | 93.20 | LOW |
| 3 | OpenAI | 92.70 | LOW |
| 4 | Anthropic Claude | 91.90 | LOW |
| 5 | Dummy Provider | 64.00 | HIGH |
AgentArmor is designed using a plugin-based architecture that makes it easy to introduce new providers, attack suites, evaluation metrics, and report writers.
-
Create a provider inside the
providers/directory. -
Inherit from
BaseProvider. -
Implement:
get_name()generate()
-
Register the provider in
PluginRegistry. -
Add the provider to
config/config.yaml.
- Create a new attack class inside
attacks/. - Inherit from
BaseAttack. - Create a corresponding dataset inside
datasets/. - Register the attack in
PluginRegistry. - Update the configuration file.
- Create a new evaluator inside
evaluators/. - Inherit from
BaseEvaluator. - Implement the
evaluate()method. - Register the evaluator in the evaluation engine.
- Create a writer inside
reports/writers/. - Implement a
write()method. - Register it in
ReportGenerator.
AgentArmor exposes benchmark functionality through FastAPI.
Example endpoint:
POST /benchmarkExample request:
{
"provider": "gemini",
"attack_suite": "prompt_injection"
}Example response:
{
"provider": "Google Gemini",
"overall_score": 93.2,
"risk": "LOW",
"results": [
{
"attack": "Prompt Injection",
"score": 92,
"passed": true
}
]
}AgentArmor follows a modular plugin architecture.
Each component has a clearly defined responsibility.
BaseProvider
โ
โโโ DummyProvider
โโโ GeminiProvider
โโโ OpenAIProvider
โโโ AnthropicProvider
โโโ OllamaProvider
BaseAttack
โ
โโโ PromptInjectionAttack
โโโ JailbreakAttack
โโโ SystemPromptLeakageAttack
โโโ HarmfulContentAttack
โโโ DataLeakageAttack
โโโ BiasAttack
โโโ RoleOverrideAttack
BaseEvaluator
โ
โโโ SecurityEvaluator
โโโ AccuracyEvaluator
โโโ RelevanceEvaluator
โโโ HallucinationEvaluator
โโโ LatencyEvaluator
AgentArmor has been designed with extensibility and maintainability in mind.
Key design decisions include:
- Modular plugin architecture
- Provider abstraction layer
- Attack dataset separation
- Evaluation engine abstraction
- Multiple report writers
- Configuration-driven execution
- Support for both cloud-hosted and local LLMs
These design choices simplify maintenance while enabling rapid integration of new providers and benchmark capabilities.
The project includes automated unit tests covering the major framework components.
Current test coverage includes:
- Provider registration
- Attack loading
- Configuration loading
- Evaluation engine
- Security scorecards
- Report generation
- FastAPI endpoints
- Multiple providers
- Multiple attack suites
Run all tests:
pytestRun a specific test:
pytest tests/test_provider_failure.pyAdditional documentation is available inside the docs/ directory.
docs/
โโโ architecture.md
โโโ PRD.md
โโโ ROADMAP.md
These documents provide further details about the framework architecture, product requirements, and planned enhancements.
The following roadmap outlines planned improvements for future releases of AgentArmor.
- โ Multi-provider benchmarking
- โ Plugin-based architecture
- โ Prompt Injection testing
- โ Jailbreak testing
- โ System Prompt Leakage testing
- โ Harmful Content evaluation
- โ Data Leakage evaluation
- โ Bias evaluation
- โ Role Override evaluation
- โ Security scorecards
- โ Multi-format report generation
- โ FastAPI integration
- โ Streamlit dashboard
- โ Docker & Docker Compose support
- โ GitHub Actions CI
- โ Ollama local model support
- ๐ฒ Additional LLM providers
- ๐ฒ OWASP LLM Top 10 benchmark suite
- ๐ฒ Custom attack dataset import
- ๐ฒ Parallel benchmark execution
- ๐ฒ Authentication for REST API
- ๐ฒ Benchmark history and trend analysis
- ๐ฒ Enhanced dashboard visualizations
- ๐ฒ Multi-modal model benchmarking
- ๐ฒ Agent-to-agent security evaluation
- ๐ฒ Automatic benchmark scheduling
- ๐ฒ Kubernetes deployment
- ๐ฒ MLflow integration
- ๐ฒ Enterprise user management
- ๐ฒ Distributed benchmark execution
- ๐ฒ Benchmark comparison across model versions
Contributions are welcome and appreciated.
If you would like to contribute:
- Fork the repository.
- Create a new feature branch.
git checkout -b feature/my-feature- Commit your changes.
git commit -m "Add my feature"- Push your branch.
git push origin feature/my-feature- Open a Pull Request.
Please ensure that:
- New features include appropriate tests.
- Existing tests continue to pass.
- Code follows the project's style and architecture.
- Documentation is updated when necessary.
Before submitting changes, run the following commands:
Install dependencies
pip install -r requirements.txtRun tests
pytestRun the benchmark
python main.pyStart the API
uvicorn api.app:app --reloadLaunch the dashboard
streamlit run dashboard.pyThis project is released under the MIT License.
See the LICENSE file for complete licensing information.
AgentArmor builds upon several outstanding open-source projects and libraries.
Special thanks to the communities behind:
- FastAPI
- Streamlit
- Docker
- Pytest
- Sentence Transformers
- Hugging Face
- Ollama
- OpenAI
- Google Gemini
- Anthropic
Their contributions to the AI ecosystem make projects like AgentArmor possible.
For questions, suggestions, bug reports, or feature requests:
- Open a GitHub Issue
- Submit a Pull Request
- Start a GitHub Discussion
Community contributions and feedback are always welcome.
Potential future enhancements include:
- Additional benchmark datasets
- More provider integrations
- Custom evaluation metrics
- Benchmark scheduling
- Distributed execution
- Authentication & authorization
- Report versioning
- Historical benchmark tracking
- Cloud deployment templates
- Enterprise observability integrations
AgentArmor was created to provide a practical, extensible framework for evaluating the security and reliability of Large Language Models in real-world scenarios.
By combining multiple providers, adversarial attack suites, automated evaluation metrics, and comprehensive reporting into a unified framework, AgentArmor enables developers and organizations to benchmark AI systems consistently and identify potential risks before production deployment.
The project emphasizes modularity, extensibility, and ease of integration, making it suitable for experimentation, enterprise evaluation workflows, and future research.
Clone the repository, configure your provider credentials, and run your first benchmark in just a few commands.
git clone https://github.com/yuvraj49d/agentarmor.git
cd agentarmor
python -m venv .venv
# Windows
.venv\Scripts\activate
# Linux/macOS
source .venv/bin/activate
pip install -r requirements.txt
python main.py- Python
- FastAPI
- Streamlit
- Docker
- Pytest
- Sentence Transformers
- Hugging Face
- Google Gemini
- OpenAI
- Anthropic
- Ollama
If you find AgentArmor useful:
- โญ Star the repository
- ๐ Report issues
- ๐ก Suggest new features
- ๐ค Contribute improvements
- ๐ข Share the project with the AI community
Your support helps improve the framework and encourages continued development.
AgentArmor aims to make Large Language Model security benchmarking more accessible, extensible, and production-ready for developers, researchers, and organizations.



