Comprehensive security scanning for AI agents, LLM applications, and autonomous systems. Detect vulnerabilities before they become breaches.
Comprehensive detection of exposed secrets and API keys in your AI agent codebase.
Detects sk-proj, sk-live, and org keys
Claude API keys and workspace tokens
Access keys, secret keys, and session tokens
Service account keys and API tokens
Subscription keys and connection strings
Personal access tokens and deploy keys
MongoDB, PostgreSQL, MySQL connection strings
Stripe, Twilio, SendGrid, Slack, Discord, and more
Advanced detection of prompt injection vulnerabilities in AI agent prompts and configurations.
DAN, roleplay, and persona-based attacks
Ignore previous instructions patterns
Quote, bracket, and escape sequences
Base64, hex, and Unicode obfuscation
System prompt extraction attempts
Conversation history manipulation
Real-time vulnerability scanning against the OSV database for known security issues.
npm, pip, cargo, and go.mod analysis
Real-time CVE and vulnerability lookup
CVSS scores and exploitability metrics
Upgrade paths and fix suggestions
Transitive dependency analysis
New vulnerability notifications
Identify patterns that could lead to unauthorized data leakage from your AI agents.
Suspicious outbound data patterns
Data exfil via DNS queries
Unauthorized file read patterns
Unusual API call patterns
Sensitive data in logs
Data embedded in responses
Seamless integration with your development workflow for continuous security scanning.
Auto-scan on push and PR
Pipeline security gates
Local scanning with keprax scan .
Block insecure commits
Programmatic scanning
Security score for READMEs
Collaborate securely across your organization with shared workspaces and advanced features.
Shared scans and history
Fake keys that alert on use
Real-time notifications
Impact analysis for leaks
HackerOne/Bugcrowd format
Dedicated security help
Free tier includes 5 scans per day with 150+ security patterns.
Launch Free Scanner