List of tools:
MCP-Protect
MCP-Protect is a security tool designed to safeguard AI agents by scanning and validating third-party Model Context Protocol (MCP) endpoints against various MCP security risks such as Tool Poisoning Attack (TPA), Rug Pull Attack, Shadow MCP Servers, Indirect Prompt Injection via MCP tools descriptions, metadata and so on. It acts as an extra security layer between the application and third party MCP endpoints to protect data and responses flowing through external sources and connectors. By treating all external MCP servers as "untrusted" until verified, it mitigates risks like Data Exfiltration or Indirect
Key Capabilities
- Static Analysis (Scan): Evaluates tool descriptions and metadata to detect malicious instructions or hidden prompts designed to trick the LLM against a list of predefined list of payloads.
- Dynamic Analysis (Execute): Examines authentic responses for suspicious patterns by invoking tools using secure test data to assess live tool behaviour.
- Enterprise Operational Features:
- Proxy Support: Routes traffic through corporate security proxies for inspection.
- Auth Management: Supports extra headers and tokens for endpoints behind gateways.
- Structured Reporting: Generates JSON logs for easy auditing and automated security decision-making.
- Automated Guardrails: Integrates directly into CI/CD pipelines to block the deployment of insecure integrations automatically through status flags.
[Download]
PenTestPrompt
"PenTestPrompt" is a unique tool that enables users to: -
- Generate highly effective attack prompts with context - based on the application functionality, potential attack techniques and risk category
- Allows to automate the submission of generated prompts to target application
- Leverages API key provided by user to generate prompts
- Logs and analyzes responses using customizable keywords
Whether you're a security researcher, developer, or organization safeguarding an AI-driven solution, "PenTestPrompt" streamlines the security testing process for LLMs specially to uncover prompt injection vulnerability.
[Download]
FileInjector
File Injector is a tool designed to aid creation of documents tampered with prompt injection attacks to assess the robustness of AI systems for indirect prompt injection attacks. It lets you embed hidden instructions or prompts within various file types. This way, you can easily create test cases to evaluate how your AI applications handles such embedded commands.
Key Capabilities
- Multi-Format Input Support: Upload PDFs and/or images to inject malicious prompts in the document.
- Dual Interface - CLI and UI: Choose the command-line interface for automation, or use a simple web UI for interactive testing, whichever fits your workflow.
- Injection Customization: Customize injection methods with different text placements, font sizes, document sections, or even steganography techniques to evaluate how your model reacts.
- Versatile Prompt Input: Select from a library of known malicious prompts, write your own test cases, or upload files containing complex scenarios for robust coverage.
[Download]