# Getting Started With LLM on Prowler ## Overview Prowler's LLM provider enables comprehensive security testing of large language models using red team techniques. It integrates with [promptfoo](https://promptfoo.dev/) to provide extensive security evaluation capabilities. ## Prerequisites Before using the LLM provider, ensure the following requirements are met: - **promptfoo installed**: The LLM provider requires promptfoo to be installed on the system - **LLM API access**: Valid API keys for the target LLM models to test - **Email verification**: promptfoo requires email verification for red team evaluations ## Installation ### Install promptfoo Install promptfoo using one of the following methods: **Using npm:** ```bash npm install -g promptfoo ``` **Using Homebrew (macOS):** ```bash brew install promptfoo ``` **Using other package managers:** See the [promptfoo installation guide](https://promptfoo.dev/docs/installation/) for additional installation methods. ### Verify Installation ```bash promptfoo --version ``` ## Configuration ### Step 1: Email Verification promptfoo requires email verification for red team evaluations. Set the email address: ```bash promptfoo config set email your-email@company.com ``` ### Step 2: Configure LLM API Keys Set up API keys for the target LLM models. For OpenAI (default configuration): ```bash export OPENAI_API_KEY="your-openai-api-key" ``` For other providers, see the [promptfoo documentation](https://promptfoo.dev/docs/providers/) for specific configuration requirements. ### Step 3: Generate Test Cases (Optional) Prowler provides a default suite of red team tests but to customize the test cases, generate them first: ```bash promptfoo redteam generate ``` This creates test cases based on your configuration. ## Usage ### Basic Usage Run LLM security testing with the default configuration: ```bash prowler llm ``` ### Custom Configuration Use a custom promptfoo configuration file: ```bash prowler llm --config-path /path/to/your/config.yaml ``` ### Output Options Generate reports in various formats: ```bash # JSON output prowler llm --output-format json # CSV output prowler llm --output-format csv # HTML report prowler llm --output-format html ``` ### Concurrency Control Adjust the number of concurrent tests: ```bash prowler llm --max-concurrency 5 ``` ## Default Configuration Prowler includes a comprehensive default LLM configuration that provides: - **Target Models**: OpenAI GPT models by default - **Security Frameworks**: - OWASP LLM Top 10 - OWASP API Top 10 - MITRE ATLAS - NIST AI Risk Management Framework - EU AI Act compliance - **Test Coverage**: Over 5,000 security test cases - **Plugin Support**: Multiple security testing plugins ## Advanced Configuration ### Custom Test Suites Create custom test configurations by modifying the promptfoo config file in `prowler/config/llm_config.yaml` or pass a custom configuration with `--config-file` flag: ```yaml description: Custom LLM Security Tests targets: - id: openai:gpt-4 redteam: plugins: - id: owasp:llm numTests: 10 - id: mitre:atlas numTests: 5 ```