APIsec for AI / ML engineers

middleBrick is a self-service API security scanner designed for environments where models call external services and host internal endpoints. Submit a URL and receive a risk score from A to F with prioritized findings. The scanner operates as a black-box solution with no agents, no SDK integration, and no access to your code or language runtime. It supports any language, framework, or cloud and completes most scans in under a minute.

The scanner covers 12 security categories aligned to the OWASP API Top 10 (2023). It detects authentication bypass and JWT misconfigurations such as alg=none, HS256 usage, expired tokens, missing claims, and sensitive data in claims. It identifies BOLA and IDOR via sequential ID enumeration and active adjacent-ID probing, and BFLA through admin endpoint probing and role leakage. Input Validation checks include CORS wildcard usage with credentials, dangerous HTTP methods, and debug endpoints. Data Exposure flags PII patterns including email, Luhn-validated card numbers, context-aware SSN formats, and API key formats for AWS, Stripe, GitHub, and Slack. For AI/ML workflows, the LLM / AI Security category runs 18 adversarial probes across Quick, Standard, and Deep tiers, targeting system prompt extraction, instruction override, DAN and roleplay jailbreaks, data exfiltration, cost exploitation, encoding bypasses, prompt injection variants, and token smuggling.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 documents with recursive $ref resolution. It cross-references spec definitions against runtime behavior to surface undefined security schemes, sensitive fields, deprecated operations, and missing pagination. For authenticated scans, supported methods include Bearer tokens, API keys, Basic auth, and cookies. Domain verification is enforced through DNS TXT records or an HTTP well-known file, ensuring only the domain owner can scan with credentials. The scanner forwards a strict allowlist of headers: Authorization, X-API-Key, Cookie, and X-Custom-*. This approach enables CI/CD integration while preserving a clear security boundary.

Results are delivered through the Web Dashboard, where scans are stored, score trends are reviewed, and branded compliance PDFs can be downloaded. The CLI via the middlebrick npm package supports command execution such as middlebrick scan <url> with JSON or text output. A GitHub Action can gate merges and fail builds when the score drops below a defined threshold. For ongoing risk management, Pro tier provides scheduled rescans every 6 hours, daily, weekly, or monthly. Diff detection highlights new findings, resolved findings, and score drift, and email alerts are rate-limited to one per hour per API. HMAC-SHA256 signed webhooks are available, with auto-disable after five consecutive failures.

middleBrick does not fix, patch, block, or remediate findings; it detects and reports with remediation guidance. It does not perform active SQL injection or command injection testing, as those require intrusive payloads outside its scope. Business logic vulnerabilities are not detected, as they demand domain-specific context. The scanner does not perform blind SSRF testing that relies on out-of-band infrastructure. When mapping findings to compliance frameworks, language such as maps findings to, covers requirements of, and validates controls from is used only for PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, the tool supports audit evidence and aligns with security controls described in applicable standards.