Find prompt injection, data exfiltration, jailbreak, guardrail bypass, RAG poisoning, and more vulnerabilities in your AI agents and LLMs. Automated pentesting via API.
5 categories included free · 14 premium categories for Pro & Enterprise plans
Direct, indirect, encoded, multilingual, and delimiter-based injection attacks. 73 vectors including few-shot manipulation, token smuggling, and attacks in 8 languages.
System prompt leaks, config extraction, PII exposure, cross-session data leaks, SSRF via markdown images, and incremental extraction.
DAN variants, character roleplay, hypothetical framing, gradual escalation, authority overrides, and output format manipulation.
Unauthorized tool calls, SSRF via agent, SQL injection through tool parameters, chained attacks, and mass action triggers.
Admin claim, debug mode activation, permission boundary bypass, role confusion, capability unlocking, and context manipulation.
ROT13, leetspeak, homoglyph, HTML entity, comment injection, zero-width chars, mixed encoding, and reverse text obfuscation attacks.
JSON field injection, SQL in output, malicious code generation, CSV formula injection, XXE, JSON key override, and SSTI markers.
Function hijacking, parameter type confusion, tool override, parallel calling abuse, hidden function discovery, and chain exploitation.
Document injection, context overflow, knowledge base extraction, fake citation, metadata injection, embedding collision, and authority spoofing.
Temporal attacks, state reset, conversation history manipulation, gradual constraint removal, logic bombs, persona drift, and trust escalation.
Skill injection, goal hijacking, sandbox escape, credential harvest. Test whether agents can be manipulated into autonomous harmful actions.
Trust building, memory injection, privilege escalation, session hijack. Multi-turn conversation attacks that exploit agent memory and state.
Memory poisoning, vector store injection, config override, cross-session leak. Advanced attacks targeting agent internal state and persistence layers.
Tool poisoning, shadowing, rug pull, cross-server contamination, log-to-leak exfiltration. 12 vectors targeting the Model Context Protocol.
ThinkTrap, BadThink, sponge prompts, JSON bombs, infinite delegation, tool loops. Test if your agent can be crashed or exhausted.
Insecure code generation (SQLi, XSS, eval), hallucinated packages (slopsquatting), phishing content, disinformation, adversarial suffixes.
Training data memorization, membership inference, GDPR probes, divergence prompts, cross-session data leaks, entity enumeration.
FigStep simulation, typographic injection, PDF/audio/SVG injection, steganographic text, data URI and QR code injection vectors.
Model fingerprinting, capability probing, error differential analysis, token count inference, infrastructure and rate limit fingerprinting.
Risk score 0-100, severity breakdown, specific remediation advice per vulnerability. Export as JSON or PDF with full evidence.