Alternatives to 42Crunch for Few-shot poisoning test

Few-shot poisoning targets model behavior by inserting crafted examples into training or inference pipelines. In API-driven AI systems, attackers can abuse public endpoints, webhooks, or callback URLs to inject misleading samples that influence downstream model outputs. These attacks do not require model access; they exploit the data ingestion surface and the trust placed in external content.

middleBrick scans API surfaces that could be leveraged for data exfiltration or prompt manipulation. The LLM security tests include adversarial probes designed to extract system prompts, perform roleplay jailbreaks, and attempt instruction override. These probes exercise the API with text-only POST methods and analyze responses for signs of training data leakage or behavior manipulation.

During scans, middleBrick checks for unsafe consumption patterns such as excessive third-party URLs and webhook/callback exposure that could serve as poisoning channels. Findings are mapped to OWASP API Top 10 categories, providing prioritized remediation guidance to reduce the attack surface that could facilitate few-shot poisoning.

middleBrick offers three scan tiers focused on interaction pathways:

• Quick: lightweight probe of common endpoints and security headers.
• Standard: expanded LLM adversarial probes across multiple tiers, including data exfiltration and encoding bypass attempts.
• Deep: comprehensive validation of input handling, error leakage, and indirect prompt injection vectors.

Each tier uses read-only methods (GET, HEAD, and text-only POST) to assess how an API might be abused to influence model behavior without performing destructive actions.

middleBrick maps findings to OWASP API Top 10 (2023), which addresses risks related to injection and input validation that overlap with mechanisms used in few-shot poisoning scenarios. The tool also helps you prepare for SOC 2 Type II audits by surfacing findings relevant to security monitoring and access controls, and supports audit evidence for PCI-DSS 4.0 where API integrity is required.

These alignments provide structured evidence for security reviews, though middleBrick is a scanning tool and does not certify compliance.

The CLI allows on-demand scans with JSON or text output, enabling integration into local workflows. For ongoing risk management, the Pro tier supports scheduled rescans and diff detection across runs to identify new findings or score drift related to API changes. Email alerts are rate-limited to one per hour per API, and HMAC-SHA256 signed webhooks can notify external systems of significant changes.

Organizations requiring controlled access can use authenticated scanning with Bearer, API key, Basic auth, or Cookie, subject to domain verification. Only a limited allowlist of headers is forwarded, ensuring that sensitive credentials are not exposed beyond intended endpoints.