🔬 Security Scanning For LLM Apps

Promptfoo's code scanner uses state-of-the-art AI security agents to assess every PR opened in your codebase for LLM-related vulnerabilities.

Find issues before you merge

Our scanner carefully examines PR diffs for the kinds of vulnerabilities that most commonly and severely impact systems built on top of LLMs and agent frameworks, like:

• Prompt injection
• Mishandling of PII/secrets
• Excessive agency

Deep tracing

Beyond the PR itself, the scanner agentically traces LLM inputs, outputs, and capability changes deep into the larger repo to identify subtle yet critical issues that human reviewers can struggle to catch.

No noise

Despite the comprehensive approach, it also has a high bar for reporting, avoiding false positives and alert fatigue. Maintainers can configure severity levels and provide custom instructions to tailor sensitivity to their needs.