Independent reference. We are independent of every vendor listed. No affiliate links. No sponsored placements.
Garak pricing 2026

Garak (NVIDIA): Pricing, Tiers and What's Actually Covered

NVIDIA's open-source LLM vulnerability scanner. CLI tool that runs adversarial probes against any LLM endpoint and reports failures by attack class.

Open-source LLM security
Garak (NVIDIA)
Santa Clara, CA, USA | Last verified 2026-06-19
Cheapest published rate
Free open source (Apache 2.0)

Pricing tiers

Verbatim from the Garak pricing page on 2026-06-19. Quote-only tiers are surfaced as such, never with an inferred price.

TierPriceFree allowanceNotes
Open source CLI scannerFree / monthUnlimited self-hosted scansProbes cover prompt injection, jailbreak, encoding attacks, toxicity, leakage.

Source: https://github.com/NVIDIA/garak | Verified 2026-06-19

OWASP LLM Top 10 coverage

What Garak defends against, as claimed on its product pages and security documentation. Coverage flags are binary: an item is listed only if the vendor names the attack class explicitly.

  • LLM01 Prompt injection
  • LLM02 Sensitive information disclosure
  • LLM03 Supply chain
  • LLM04 Data and model poisoning
  • LLM05 Improper output handling
  • LLM06 Excessive agency
  • LLM07 System prompt leakage
  • LLM08 Vector and embedding weaknesses
  • LLM09 Misinformation
  • LLM10 Unbounded consumption

Hidden costs

Beyond the line-item price, every runtime AI guardrail carries operating costs the vendor page does not surface. Plan for these in any board paper.

  • Per-call latency overhead. Guardrail check sits in the request path; budget 50 to 300 ms extra per LLM call.
  • False-positive remediation. Allocate engineering time to tune policies after every guardrail rule change.
  • Logging and retention. Guardrail decisions need to land in your SIEM. See siemcostcalculator.com.
  • On-call coverage. Treat AI security alerts like SOC alerts. See securityoperationscost.com.

What Garak is best for

NVIDIA's open-source LLM vulnerability scanner. CLI tool that runs adversarial probes against any LLM endpoint and reports failures by attack class.

Last verified June 2026Source: vendor pricing pages. See /methodology.