Sandro Builds
ToolsBlogAbout

PROMPT INJECTION SCANNER — MODE B (LLM RED-TEAMING)

Is your AI prompt hackable?
Find out in 3–15 seconds.

Paste your system prompt. We fire 238 real injection attacks: instruction override, data extraction, role-play jailbreaks, encoding tricks, psychological manipulation, and more. Red-team with a specialized model combination, get actual LLM responses as proof, and receive a security score (0.0–1.0).

Privacy-first & Automation-ready: Manual scans run fully in your browser. Or use our REST API to scan prompts in GitHub Actions and CI/CD pipelines during deploy. View API docs ↗

TESTED AGAINST 238 REAL-WORLD ATTACKS

Our attack library is built from battle-tested security research:

deepset/prompt-injections — Academic dataset for injection detection (HuggingFace, 662 prompts)
pr1m8/prompt-injections — Categorized taxonomy of 200+ real techniques (GitHub, MIT)
PayloadsAllTheThings — Industry-standard pentesting payloads (50K+ GitHub stars)
OWASP LLM Top 10 — Security framework for LLM vulnerabilities
yanismiraoui/prompt_injections — Multilingual attacks (12+ languages)

11 attack categories: Instruction Override, Data Extraction, Jailbreak (DAN/STAN/DUDE), Context Manipulation, Role Hijacking, Encoding Tricks (Base64/Hex/ROT13), Multilingual Bypass, Authority Impersonation, Psychological Manipulation, Formatting Exploits (ChatML/JSON/XML), Payload Chaining

HIERARCHICAL MODEL TESTING

Your prompt is tested hierarchically against models from least safe to most safe in-the-box security. This exposes vulnerabilities that stronger models might auto-defend against, ensuring thorough coverage of your prompt's actual defense layer.

OPENROUTER API KEY

Calls run from your browser using your key. Safe: Keys passed in secure headers and never logged. Get a free key →

YOUR SYSTEM PROMPT

The full instructions your app sends to the model as the system message.

0 / 10,000

SCAN MODE

↑ add your API key to scan
powered by sandrobuilds.com