BlackIce: Containerized Red Teaming Toolkit for AI Security

Databricks has officially unveiled BlackIce, an open-source, containerized toolkit engineered to streamline AI security testing and Red Teaming operations.

Originally introduced at CAMLIS Red 2025, BlackIce addresses the fragmentation and configuration challenges that security researchers often face when evaluating Large Language Models (LLMs) and Machine Learning (ML) systems.

By bundling 14 widely used open-source security tools into a single, reproducible environment, Databricks aims to provide a solution analogous to “Kali Linux,” but specifically tailored for the AI threat landscape.

The motivation behind BlackIce stems from significant practical hurdles in the current AI security ecosystem. Red teamers frequently encounter “dependency hell,” where different evaluation tools require conflicting libraries or Python versions.

Furthermore, managed notebooks often restrict users to a single Python interpreter, making it difficult to orchestrate complex, multi-tool testing workflows.

BlackIce mitigates these issues by delivering a version-pinned Docker image. The architecture divides tools into two categories to ensure stability.

Static tools, which are evaluated via command-line interfaces, are installed in isolated Python virtual environments or Node.js projects to maintain independent dependencies.

Dynamic tools, which allow for advanced Python-based customization and attack code development, are installed in a global Python environment with carefully managed requirement files.

This structure allows researchers to bypass setup hassles and focus immediately on vulnerability assessment.

Integrated Toolset and Capabilities

The toolkit consolidates a diverse array of tools spanning Responsible AI, security testing, and adversarial ML. These tools are exposed through a unified command-line interface and can run from a shell or within a Databricks notebook.

The initial release includes high-profile tools such as Microsoft’s PyRIT, NVIDIA’s Garak, and Meta’s CyberSecEval.

Table 1: BlackIce Integrated Tool Inventory

To ensure the toolkit meets enterprise security standards, Databricks has mapped the capabilities of BlackIce to established risk frameworks, specifically MITRE ATLAS and the Databricks AI Security Framework (DASF).

This mapping confirms that the toolkit covers critical threat vectors ranging from prompt injection to supply chain vulnerabilities.

Table 2: Risk Framework Mapping

Databricks has made the BlackIce image available publicly on Docker Hub. The toolkit includes custom patches to ensure seamless interaction with Databricks Model Serving endpoints out of the box.

Security professionals can pull the current Long Term Support (LTS) version using the tag databricksruntime/blackice:17.3-LTS.

For integration into Databricks workspaces, users can configure their compute clusters using Databricks Container Services to point to this image URL, enabling immediate orchestration of AI security assessments.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.