A production-grade LLM vulnerability scanner for security professionals, featuring 210+ adversarial probes, 28 LLM provider integrations, multi-turn attack engines, and multiple detection mechanisms, delivered as a single binary.
Augustus is an open-source LLM security testing framework developed by cybersecurity firm Praetorian. Written in Go and distributed as a single binary, it is designed for security professionals conducting adversarial red-team assessments of large language model systems.
Attack Coverage
The framework includes 210+ vulnerability probes spanning 47 attack categories: jailbreaks (DAN, AIM, AntiGPT), prompt injection (encoded injection, Tag smuggling, FlipAttack), adversarial optimization (GCG, PAIR, AutoDAN, TAP, DRA), multi-turn dialogue attacks (Crescendo progressive escalation, GOAT adaptive switching, Hydra backtracking), data extraction (API key leakage, PII extraction), context manipulation (RAG poisoning, context overflow), format exploitation (Markdown/YAML/JSON injection, XSS), and Agent attacks (multi-Agent manipulation, Browsing exploitation). Seven Buff transformations (encoding, paraphrasing, poetification, low-resource language translation) can be stacked onto any probe.
Detection and Assessment
Equipped with 90+ detectors covering pattern matching, LLM-as-a-Judge, HarmJudge (arXiv:2511.15304), and Perspective API. The multi-turn attack engine employs a three-role architecture (Attacker / Target / Judge), while the iterative engine supports candidate pruning and scoring optimization for methods like PAIR and TAP.
Provider and Deployment Integration
Supports 28 LLM providers with 43 generator variants, including OpenAI, Anthropic, Azure, Bedrock, Vertex AI, Ollama, and HuggingFace. Custom REST endpoints enable testing any OpenAI-compatible API, with proxy interception support via Burp Suite/mitmproxy for internal LLM services. The runtime features goroutine concurrency pools, rate limiting, retry logic, and timeout handling. Output formats include Table, JSON, JSONL, and HTML reports, making it suitable for enterprise CI/CD pipeline integration.
Core Pipeline
Probe Selection → Buff Transformation → Generator Call → Detector Analysis → Result Recording
After probe selection, prompts optionally pass through the Buff transformation layer before being sent by the Generator to the target LLM. Responses are analyzed by Detectors and results are recorded. The plugin registration mechanism uses Go init() functions for auto-registration of probes, detectors, and generators — adding new attack types requires only implementing the interface and registering in a package, with no core code modifications needed.