644 words
3 minutes
DeepTeam and promptmap2: Next-Gen LLM Red Teaming Frameworks

DeepTeam and promptmap2: Next-Gen LLM Red Teaming Frameworks#

The LLM red teaming landscape continues to evolve rapidly. Beyond established tools like garak and promptfoo, two newer frameworks are pushing the boundaries of automated LLM security testing: DeepTeam from Confident AI provides a comprehensive red teaming platform with 50+ built-in vulnerabilities, while promptmap2 from Utku Sen focuses on automated prompt injection scanning for custom LLM applications.

DeepTeam by Confident AI#

DeepTeam is an open-source framework designed to make LLM red teaming accessible and systematic. It integrates the latest security guidelines and research into a cohesive testing pipeline.

Core Capabilities#

DeepTeam provides a structured approach to LLM security testing across three pillars:

1. Vulnerability Detection

With 50+ state-of-the-art, ready-to-use vulnerabilities, DeepTeam covers a broad spectrum of LLM security risks:

CategoryVulnerabilities
SafetyToxicity, violence, self-harm, hate speech
PrivacyPII leakage, training data extraction, membership inference
RobustnessPrompt injection, jailbreaks, adversarial inputs
FairnessBias detection, demographic parity, stereotype perpetuation
HallucinationFactual inconsistency, fabricated references, unsupported claims

2. Attack Simulation

DeepTeam implements multiple attack strategies including:

  • Gray-box attacks: Testing with partial knowledge of the system
  • Prompt injection: Direct and indirect injection techniques
  • Jailbreak attempts: Multi-turn jailbreak strategies
  • Social engineering: Manipulative prompts designed to bypass safety filters

3. Guardrail Implementation

After identifying vulnerabilities, DeepTeam helps add guardrails to secure your LLM systems:

from deepteam import red_team
from deepteam.vulnerabilities import PromptInjection, PIILeakage
from deepteam.attacks import GrayBoxAttack
# Define your LLM system
def my_llm_app(input_text):
# Your LLM application logic
return response
# Run red team assessment
results = red_team(
target=my_llm_app,
vulnerabilities=[PromptInjection(), PIILeakage()],
attacks=[GrayBoxAttack()]
)

Framework Integration#

DeepTeam supports structured testing aligned with major security frameworks:

  • OWASP Top 10 for LLMs: Maps findings to the OWASP LLM risk categories
  • NIST AI RMF: Aligns with the NIST risk management framework
  • Custom frameworks: Define your own testing methodology

How DeepTeam Differs from garak and promptfoo#

FeatureDeepTeamgarakpromptfoo
Vulnerability focusBroad (safety + security)Security-focusedPrompt testing
Guardrail buildingYesNoLimited
Framework alignmentOWASP, NISTCustomCustom
Attack typesGray-box, injection, jailbreak50+ probe typesRed teaming + jailbreaks
CI/CD integrationYesCLI-basedNative CI/CD

promptmap2#

promptmap2 is the successor to the original promptmap tool by Utku Sen, focused specifically on automated prompt injection scanning for custom LLM applications.

What promptmap2 Does#

promptmap2 takes a systematic approach to prompt injection testing:

  1. System prompt analysis: Examines your LLM’s system prompt for potential weaknesses
  2. Automated attack generation: Creates targeted injection payloads based on the system prompt
  3. Multi-vector testing: Tests injection through multiple input channels
  4. Impact assessment: Evaluates the severity of successful injections

Key Improvements Over promptmap v1#

  • Broader attack coverage: More injection techniques and mutation strategies
  • Better false positive handling: Improved detection of actual vs. apparent injection success
  • Custom application support: Designed specifically for custom LLM applications, not just raw models
  • Automated reporting: Structured output for integration with security workflows

Use Cases#

promptmap2 is particularly valuable for:

  • Custom LLM applications: Test your specific application logic, not just the base model
  • System prompt hardening: Identify and fix weaknesses in your system prompts
  • Pre-deployment testing: Run prompt injection tests before releasing LLM applications
  • Continuous security: Integrate into CI/CD for ongoing prompt injection regression testing

Comparison with Other Injection Scanners#

ToolFocusApproach
promptmap2Custom LLM appsAnalyzes system prompts, generates targeted attacks
promptmap (v1)Custom LLM appsBasic prompt injection scanning
whistleblowerSystem prompt leakageCapability discovery and prompt extraction
HouYiLLM-integrated appsFull injection chain

Integrating into Your Red Team Workflow#

Phase 1: Broad Scanning
├── garak — Comprehensive security probing
├── DeepTeam — Safety + security + guardrails
└── promptfoo — Prompt regression testing
Phase 2: Targeted Testing
├── promptmap2 — System prompt injection testing
├── whistleblower — Prompt leakage assessment
└── FuzzyAI — Jailbreak fuzzing
Phase 3: Custom Attacks
├── PyRIT — Microsoft's risk identification
├── DeepTeam custom vulnerabilities
└── Manual red team exercises

CI/CD Integration#

Both tools can be integrated into development workflows:

# GitHub Actions example
- name: LLM Red Team
run: |
pip install deepteam promptmap2
deepteam scan --target my_llm_app --output results.json
promptmap2 --endpoint http://localhost:8000 --system-prompt ./system.md

Key Takeaways#

  • DeepTeam brings structured, framework-aligned red teaming to LLM security testing with 50+ built-in vulnerabilities
  • DeepTeam uniquely includes guardrail building capabilities, closing the loop from finding vulnerabilities to fixing them
  • promptmap2 specializes in automated prompt injection testing tailored to custom LLM applications
  • Both tools complement existing frameworks like garak and promptfoo, filling gaps in guardrail implementation and application-specific testing
  • Integrating these tools into CI/CD pipelines ensures continuous security testing throughout the LLM application lifecycle
DeepTeam and promptmap2: Next-Gen LLM Red Teaming Frameworks
https://mranv.pages.dev/posts/deepteam-promptmap2-nextgen-llm-red-teaming/
Author
Anubhav Gain
Published at
2026-05-22
License
CC BY-NC-SA 4.0