Mozilla 0DIN AI Scanner

Product Introduction

1. Definition: The Mozilla 0DIN AI Scanner is an open-source, enterprise-grade web application designed for comprehensive AI model security assessments. Built on the Ruby on Rails framework and powered by the NVIDIA garak vulnerability scanner, it serves as a specialized penetration testing platform for Large Language Models (LLMs) and Generative AI (GenAI) ecosystems.

2. Core Value Proposition: As AI integration becomes standard in software development, the 0DIN AI Scanner provides a critical layer of defense by allowing organizations to monitor, measure, and mitigate GenAI model vulnerabilities. It automates the detection of prompt injections, jailbreaks, and sensitive data leakage, ensuring continuous security assurance through real-time analytics and human-researcher-driven insights. By aligning with the OWASP LLM Top 10 framework, it bridges the gap between traditional cybersecurity and modern AI safety.

Main Features

1. Expansive Vulnerability Probe Library: The scanner features 179 community-contributed probes organized into 35 distinct vulnerability families. These probes are engineered to test for specific attack vectors, including malicious prompt injections, role-play escapes, and indirect injection attacks. The library is specifically mapped to the OWASP Top 10 for Large Language Model Applications, providing a standardized methodology for risk assessment.

2. Multi-Target Scanning Architecture: Unlike basic scripts, 0DIN supports heterogeneous scanning environments. It can interface directly with API-based LLMs (such as those from OpenAI, Anthropic, or Hugging Face) and browser-based chat user interfaces. This allows security teams to test both the raw model output and the final application layer where UI-specific vulnerabilities might reside.

3. Attack Success Rate (ASR) Scoring and Trend Tracking: The platform quantifies security posture using Attack Success Rate (ASR) metrics. By running scheduled or on-demand scans, users can visualize security trends over time. If a model's ASR increases after a fine-tuning session or a system prompt update, the platform flags the regression, allowing for immediate remediation before the model hits production.

4. Enterprise Integration and SIEM Support: For organizations with established Security Operations Centers (SOC), 0DIN offers native SIEM integration. It can forward security event logs and scan results to external platforms like Splunk or Rsyslog. This ensures that AI-related security incidents are centralized alongside traditional infrastructure logs for holistic threat monitoring.

5. Multi-Tenant Open-Source Deployment: The scanner is designed for scalability with native multi-tenant support, enabling a single deployment to manage multiple independent organizations or departments. All data is encrypted at rest, and the project carries an Apache 2.0 license, meaning there are no artificial limits on the number of scans, users, or targets.

Problems Solved

1. Pain Point: Unpredictable LLM Behavior and Jailbreaking: Standard software testing cannot account for the stochastic nature of GenAI. The 0DIN Scanner addresses this by using automated probing (red teaming) to simulate adversarial attacks that attempt to bypass safety filters or extract restricted information.

2. Target Audience:

• AI Security Engineers: Professionals tasked with "red teaming" models to find weaknesses before attackers do.
• DevSecOps Teams: Engineers integrating security gates into the CI/CD pipeline for AI-powered applications.
• Compliance and Risk Officers: Personnel needing documented proof and PDF security reports to meet regulatory requirements (e.g., EU AI Act).
• AI Researchers: Users who need to compare model performance against industry baselines and frontier provider standards.

3. Use Cases:

• Pre-Deployment Auditing: Running a full suite of 179 probes against a new model candidate to ensure it doesn't leak proprietary data.
• Regression Testing: Automated daily scans to ensure that updates to a model's "system prompt" haven't introduced new jailbreak vulnerabilities.
• Vendor Comparison: Testing different LLM providers (e.g., GPT-4 vs. Claude 3) using the same probe set to determine which model is most resilient to specific attack types.

Unique Advantages

1. Differentiation: Most AI security tools are either closed-source SaaS products or command-line scripts. 0DIN combines the accessibility of a web-based UI with the transparency of open-source software. By utilizing NVIDIA garak as its underlying engine, it leverages one of the most robust scanning frameworks in the industry while providing a user-friendly management layer.

2. Key Innovation: Continuous Assurance through Automation: The primary innovation lies in the transition from "one-off" security checks to "continuous assurance." Through Docker-based deployment and scheduled recurrence, 0DIN transforms AI safety from a manual task into an automated, repeatable business process that produces actionable PDF reports and real-time alerts.

Frequently Asked Questions (FAQ)

1. How does 0DIN AI Scanner detect prompt injections? The scanner utilizes the NVIDIA garak engine to send a series of adversarial prompts (probes) designed to trick the model into ignoring its system instructions. It then analyzes the model's response using evaluators to determine if the attack was successful, calculating an Attack Success Rate (ASR) based on the results.

2. Can I deploy the 0DIN AI Scanner on-premise for sensitive data? Yes. The 0DIN AI Scanner is designed for local deployment via Docker. This ensures that your model endpoints, API keys, and scan results never leave your infrastructure, making it suitable for high-security environments and sensitive data applications.

3. Is the scanner compatible with the OWASP LLM Top 10? Absolutely. The 179 community probes are specifically categorized and aligned with the OWASP LLM Top 10 vulnerabilities, such as LLM01 (Prompt Injection), LLM02 (Insecure Output Handling), and LLM06 (Sensitive Information Disclosure), providing a standard compliance framework for users.

4. What models can be scanned with this tool? The 0DIN AI Scanner is model-agnostic. It can scan any LLM that is accessible via an API (including local models hosted on Ollama or vLLM) as well as web-based chat interfaces, allowing for comprehensive coverage across different providers and deployment styles.