Llamator MCP Server: Automated LLM Red Team Testing with HTTP API, MCP Interface & Status Management

Llamator MCP Server

The LLAMATOR MCP Server is a production - level service for automated LLM red team testing, providing HTTP API and MCP interfaces, supporting asynchronous test execution, artifact storage, and job status management.

Security Developer tools #LLM security testing #Asynchronous jobs #Red team tools #MCP integration .Python

rating : 2.5 points

downloads : 6.5K

update time : 2026-03-13

Open Site

What is the LLAMATOR MCP Server?

The LLAMATOR MCP Server is a service platform specifically designed for automated red team testing of large language models (LLMs). It allows security researchers and developers to automatically perform security assessments on LLMs, detecting potential vulnerabilities and risks in the models. Through a standardized testing process, it helps identify the performance of models under adversarial attacks.

How to use the LLAMATOR MCP Server?

You can use LLAMATOR in two main ways: 1) Submit test tasks and obtain results through the HTTP REST API; 2) Integrate with AI agent tools through the MCP protocol and call LLAMATOR as a tool. The system uses an asynchronous processing architecture. Test tasks are executed in the background, and after completion, you can query the results and download test reports through the API.

Use cases

Suitable for AI security teams, model developers, and enterprise security departments for: • Security assessment before the launch of new models • Regular security audits and compliance checks • Adversarial attack testing and vulnerability discovery • Security benchmark testing and performance monitoring • Red team exercises for research and educational purposes

Main features

Asynchronous test execution

Supports asynchronous execution of red team test tasks in the background without blocking the main process, suitable for complex test scenarios that run for a long time.

Dual interface support

Provides both HTTP REST API and MCP protocol interfaces to meet different integration needs and facilitate integration with existing toolchains and AI agents.

Test result management

Automatically saves test results and reports to object storage, provides secure download links, and supports long - term storage and analysis of test data.

Sensitive information protection

Automatically identifies and desensitizes sensitive information such as API keys to ensure that secure data during the testing process is not leaked.

Standardized test suite

Built - in standardized test solutions such as OWASP LLM Top 10, providing consistent test benchmarks and evaluation criteria.

Monitoring and metrics

Provides Prometheus metric endpoints to support system performance monitoring and status tracking of test tasks.

Advantages

Out - of - the - box Docker deployment simplifies the installation and configuration process

Supports multiple integration methods, flexibly adapting to different technology stacks

Asynchronous architecture ensures stability and reliability under high concurrency

Complete test lifecycle management, from task submission to result acquisition

Enterprise - level security features, including API key protection and sensitive data desensitization

Detailed test reports and traceable test records

Limitations

Requires external dependencies such as Redis and MinIO, and the deployment complexity is relatively high

The test execution time may be long, not suitable for scenarios with extremely high real - time requirements

Requires certain technical knowledge to configure and optimize test parameters

Currently mainly supports OpenAI - compatible APIs, and has limited support for other model architectures

How to use

Environment preparation

Ensure that Docker and Docker Compose are installed, and clone the project code repository to the local machine.

Configure environment variables

Copy the example configuration file and modify the environment variables according to the actual situation, especially the model API endpoints and storage configuration.

Start the service

Use Docker Compose to start all service components, including the API server, worker processes, Redis, and MinIO.

Verify the service status

Confirm that the service is running normally through the health check interface, and access the Swagger UI to view the API documentation.

Submit a test task

Submit an LLM red team test task through the HTTP API or MCP tool, and obtain the task ID for subsequent queries.

Obtain test results

Use the task ID to query the test status and results, and download test reports and detailed logs.

Usage examples

Basic model security assessment

Conduct basic security tests on newly developed LLM models, and use the OWASP LLM Top 10 test suite to evaluate the model's ability to resist common attacks.

Model monitoring in the production environment

Regularly conduct red team tests on LLM services in the production environment, monitor the changes in model security over time, and promptly discover new security risks.

Multi - model comparison test

Test the security performance of multiple LLM models simultaneously to provide security - dimension data support for model selection.

Frequently Asked Questions

Which types of LLM models does the LLAMATOR MCP Server support?

How long does a test task usually take to complete?

How to protect the security of API keys used during the testing process?

How long will the test result data be saved?

Can test cases be customized?

What is the difference between the MCP interface and the HTTP API?

Related resources

Official documentation

Detailed technical documentation and configuration reference

GitHub repository

Source code and issue tracking

Telegram discussion group

Community discussion and technical support

Jupyter tutorial

Interactive learning tutorials and examples

OWASP LLM Top 10

Standard reference for LLM security risks

Creative Commons license

Open - source license used by the project

🚀 LLAMATOR MCP Server

A production-oriented service wrapper for automated LLM red teaming with LLAMATOR

🚀 Quick Start

This repository offers a production - oriented service wrapper around LLAMATOR for automated LLM red teaming. It provides two integration surfaces:

HTTP API (FastAPI): Used for job submission, job state retrieval, and artifacts access.
MCP server (Streamable HTTP transport): For agent/tooling integrations, allowing LLAMATOR runs to be invoked as tools.

Execution is asynchronous and orchestrated via ARQ + Redis. Artifacts are uploaded to MinIO and retrieved through presigned URLs (returned as JSON; the API does not redirect).

✨ Features

Asynchronous test runs: With durable state persisted in Redis.
Request persistence with secret redaction:
- API keys are not stored in plaintext.
- Stored payloads include only boolean markers (e.g., api_key_present).
Artifacts lifecycle management:
- The worker creates job - local artifacts under LLAMATOR_MCP_ARTIFACTS_ROOT/<job_id>/....
- Artifacts are uploaded to MinIO as an archive named artifacts.zip.
- The HTTP API can list available objects under a job prefix and resolve presigned download links.
Optional API - key protection: For both HTTP and MCP interfaces via X - API - Key.
OpenAPI schema: With API - key authorization support.
Prometheus metrics: Exposed at /metrics.

📦 Installation

Requirements

Docker
Docker Compose

Start the full stack

docker compose up --build

Default service endpoints

HTTP API: http://localhost:8000
MinIO S3 endpoint: http://localhost:9000
MinIO console: http://localhost:9001

Healthcheck

curl -sS http://localhost:8000/v1/health

📚 Documentation

Configuration

All configuration is provided via environment variables prefixed with LLAMATOR_MCP_. A complete reference is available in DOCUMENTATION.md.

Typical local setup

cp .env.example .env

Key configuration categories

Redis: Connection DSN for job queue and state storage.
MinIO: S3 - compatible storage for artifacts.
Attack/Judge models: OpenAI - compatible endpoints for LLAMATOR execution.
API security: Optional X - API - Key protection.
Job execution: Timeouts, TTLs, and retry behavior.

💻 Usage Examples

HTTP API usage

Create a run

curl -sS -X POST "http://localhost:8000/v1/tests/runs" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: <optional>" \
  -d '{
    "tested_model": {
      "kind": "openai",
      "base_url": "http://host.docker.internal:1234/v1",
      "model": "llm",
      "api_key": "lm-studio"
    },
    "run_config": { "enable_reports": false },
    "plan": { "preset_name": "owasp:llm10", "num_threads": 1 }
  }'

The response contains:

job_id (uuid4 hex, 32 characters)
status (queued | running | succeeded | failed)
created_at (UTC timestamp)

Retrieve job state

curl -sS "http://localhost:8000/v1/tests/runs/<job_id>" \
  -H "X-API-Key: <optional>"

Response includes:

status: current job state
result: aggregated metrics (when succeeded)
error: error details (when failed)
error_notice: compact user - facing error message (when failed)

Artifacts

List objects available for a job:

curl -sS "http://localhost:8000/v1/tests/runs/<job_id>/artifacts" \
  -H "X-API-Key: <optional>"

Resolve a presigned download URL for a specific object:

curl -sS "http://localhost:8000/v1/tests/runs/<job_id>/artifacts/<path>" \
  -H "X-API-Key: <optional>"

The download endpoint returns a JSON payload containing download_url and does not emit redirects.

MCP interface

The MCP server is mounted into the FastAPI application (default mount path: /mcp) and uses Streamable HTTP transport.

Exposed tools

create_llamator_run: Submits a job, waits for completion, returns aggregated metrics and (if available) a presigned URL for artifacts.zip.
get_llamator_run: Returns aggregated metrics for a finished job and the optional artifacts archive URL.

Both tools return a consistent response schema:

{
  "job_id": "string",
  "aggregated": {
    "attack_name": {
      "metric": 0
    }
  },
  "artifacts_download_url": "string or null",
  "error_notice": "string or null"
}

Protocol notes, headers, and examples are documented in DOCUMENTATION.md.

🔧 Technical Details

Security model:
- If LLAMATOR_MCP_API_KEY is empty, authentication is disabled.
- If configured, protected HTTP routes and the MCP app require X - API - Key: <value>.
Local development:
- Install dependencies:

poetry install

- Run the API server:

uvicorn llamator_mcp_server.main:app --host 0.0.0.0 --port 8000

- Run the worker:

arq llamator_mcp_server.worker_settings.WorkerSettings

Tutorial: A Jupyter notebook with step - by - step examples is available at notebooks/llamator_mcp_server_tutorial.ipynb. It demonstrates:
- HTTP API usage with curl
- MCP JSON - RPC protocol interaction
- Polling for job completion
- Artifacts retrieval
Tests: Integration tests are located in llamator - mcp - server/tests and rely on tests/.env.test.

pytest -q

📄 License

This project is licensed under the terms of the Creative Commons Attribution - ShareAlike 4.0 International license. See the LICENSE file for details.