AIGoat - AI Security Playground to Attack and Defend LLMs. All Running Locally

We built an AI/LLM security playground - AI Goat where anyone from developers to security engineers can run a real AI application locally and start breaking it within minutes. No cloud setup. No API keys. No complex environment. Just one command. Once it’s running, you can: attack the system exploit real vulnerabilities switch between defense levels to see what actually works All within the same application. This is what AIGoat is designed for. Most AI applications today are one prompt away from doing something they were never designed to do. And the scary part? Most teams don’t realize it. A Real Attack: Supply Chain Backdoor One of the most overlooked risks in AI systems is the supply chain . In AIGoat, we simulate this using a malicious model configuration. Here’s what happens: A model is shared publicly It looks legitimate It contains hidden behavioral triggers When integrated into an application: A specific phrase triggers data exfiltration Another exposes internal prompts Another