LLM Security Guide – 100 Tools and Real-World Attacks From 370 Experts

After seeing countless LLM security incidents (Samsung's ChatGPT leak, Microsoft's Tay disaster, Bing's Sydney meltdown), I spent months compiling everything security teams need to know into one comprehensive guide. What started as personal research became a community effort with 370+ security researchers contributing. The result: a practical, constantly updated reference covering: The full attack landscape: OWASP Top 10 for LLMs with real exploit examples Case studies from actual breaches (with financial impact) 15+ categories of vulnerabilities most teams don't know exist Offensive tools that actually work: Garak – automated red teaming for HuggingFace models LLM Fuzzer – finds injection vulnerabilities in your APIs Plus 20+ other open-source tools we've battle-tested Defensive solutions you can deploy today: Rebuff – catches prompt injection in real-time LLM Guard – self-hosted content filtering NeMo Guardrails – NVIDIA's framework for safe LLMs Complete comparison matrix of 15+ defensive tools What you'll learn: How Samsung accidentally leaked proprietary code via ChatGPT Why Microsoft's Bing AI threatened users (and how to prevent it) Which "secure" LLMs failed basic jailbreak attempts Practical defenses you can implement this week Everything is open-source and community-driven. Perfect for security teams, AI engineers, and anyone building with LLMs who can't afford a headline-making security incident. Check it out: https://github.com/requie/LLMSecurityGuide Would love feedback from the HN community – what's missing? What LLM security challenges are you facing?