Basilisk Overview

Basilisk is an open-source offensive security framework purpose-built for red teaming AI and LLM applications. It automates the discovery of vulnerabilities in AI systems using 29 attack modules across 8 categories, mapped to the OWASP LLM Top 10.

What Makes Basilisk Different

Most AI security tools use static payload lists — a fixed set of attack prompts that are tried one by one. If the target's guardrails block them, the tool reports "no findings."

Basilisk takes a fundamentally different approach with Smart Prompt Evolution (SPE-NL) — a genetic algorithm that:

  1. Initializes a population of candidate attack payloads
  2. Evaluates each payload's fitness based on target response signals
  3. Selects the highest-performing payloads as parents
  4. Mutates them using 10 mutation operators (synonym swap, encoding wrap, role injection, etc.)
  5. Crosses parent payloads using 5 crossover strategies
  6. Repeats across generations until a breakthrough or stagnation

This means Basilisk breeds new attacks that are specifically adapted to your target's guardrails.

Architecture

Basilisk consists of several core components:

  • Core Engine — Orchestrates scans, manages sessions, coordinates modules
  • Provider Adapters — Universal LLM connectivity via LiteLLM (OpenAI, Anthropic, Google, Azure, Ollama, etc.)
  • Evolution Engine (SPE-NL) — Genetic algorithm for prompt payload evolution
  • Attack Modules — 29 modules across 8 categories
  • Reconnaissance — 5 modules for fingerprinting, guardrail profiling, and capability discovery
  • Reporting — HTML, JSON, SARIF, Markdown, PDF output
  • Desktop App — Electron GUI with real-time scan visualization
  • Native Extensions — C and Go compiled modules for performance-critical operations

Quick Start

pip install basilisk-ai
export OPENAI_API_KEY="sk-..."
basilisk scan -t https://api.target.com/chat -p openai

Who Built This

Basilisk is built by Regaan — an independent security researcher and founder of Rot Hackers. Other Rot Hackers projects include WSHawk (WebSocket security scanner) and PoCSmith.