Migrating from 42Crunch to middleBrick for LLM cost runaway prevention

Migrating from a specialized LLM security tool to middleBrick starts with understanding how your APIs expose surfaces for token smuggling, prompt injection, and data exfiltration that drive unpredictable LLM costs. middleBrick runs a black-box scan that submits text-only POST probes for LLM analysis and returns a risk score from A to F within a minute. The scan covers 18 adversarial probes across three tiers, focusing on system prompt extraction, instruction override attempts, DAN and roleplay jailbreaks, and token-smuggling techniques that can inflate usage.

middleBrick maps findings to OWASP API Top 10 (2023), which covers LLM-specific risks such as prompt injection and data exfiltration, and aligns with security controls described in PCI-DSS 4.0 and SOC 2 Type II. For each finding, you receive prioritized remediation guidance that helps you prepare for audits and supports audit evidence collection, rather than claiming compliance or certification. The scanner also surfaces findings relevant to data exposure categories, including PII patterns and API key formats that can drive downstream misuse if left unchecked.

middleBrick supports Bearer, API key, Basic auth, and Cookie authentication for authenticated scanning at the Starter tier and above. Domain verification through DNS TXT records or an HTTP well-known file ensures only the domain owner can scan with credentials, and a strict header allowlist forwards only Authorization, X-API-Key, Cookie, and X-Custom-* headers. The scanner enforces read-only methods, blocks private IPs and cloud metadata endpoints at multiple layers, and never sends destructive payloads, making it safe to run against staging environments that mirror production API behavior.

middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 documents with recursive $ref resolution and cross-references spec definitions against runtime observations. This helps identify undefined security schemes, sensitive fields exposed by overly permissive schemas, deprecated operations, and missing pagination that can lead to oversized responses and higher processing costs. By comparing the declared contract to actual behavior, you can detect misconfigurations that enable path traversal, IDOR, or parameter pollution that may be leveraged in multi-turn LLM attacks.

With Pro tier, you can schedule rescans every six hours, daily, weekly, or monthly to track score trends and detect new LLM probe surfaces or regression in security controls. Diff detection highlights new findings, resolved findings, and score drift, while email alerts are rate-limited to one per hour per API. HMAC-SHA256 signed webhooks notify your systems of critical changes, and findings can be integrated into GitHub Action gates to fail builds when scores drop below your defined threshold, closing the loop between scanning and development pipelines.