# middleBrick

> Automated API security risk scoring platform. Scans enterprise APIs and assigns security risk scores.

middleBrick is a self-service SaaS that automatically analyzes APIs for security vulnerabilities and generates risk scores. It covers OWASP API Security Top 10, LLM/AI-specific threats, GraphQL, and compliance frameworks.

## Core Capabilities

- **Risk Scoring Engine**: 12 parallel security checks covering OWASP API Top 10 + GraphQL + LLM-specific analysis
- **AI/LLM Security**: 18 adversarial probes across 3 scan tiers — prompt injection, jailbreaks, encoding bypasses, data exfiltration, cost exploitation. The only self-service scanner with active LLM probing.
- **Compliance Mapping**: GDPR, PCI-DSS, HIPAA, SOC 2, ISO 27001, NIST
- **Multi-Protocol**: REST and GraphQL supported; gRPC, WebSocket, SOAP planned
- **Framework Coverage**: 30+ frameworks (FastAPI, Express, Spring Boot, Django, NestJS, Laravel, Gin, Flask, etc.)
- **CI/CD Integration**: CLI tool, GitHub Action, MCP Server

## Documentation

- [Getting Started](https://middlebrick.com/docs/)
- [How It Works](https://middlebrick.com/docs/how-it-works/)
- [Scoring Methodology](https://middlebrick.com/docs/scoring/)
- [Security Checks Overview](https://middlebrick.com/docs/checks-overview/)
- [LLM Security Checks](https://middlebrick.com/docs/llm-security/)
- [API Reference](https://middlebrick.com/docs/api-reference/)
- [CLI](https://middlebrick.com/docs/cli/)
- [GitHub Action](https://middlebrick.com/docs/github-action/)
- [MCP Server](https://middlebrick.com/docs/mcp-server/)
- [Integrations](https://middlebrick.com/docs/integrations/)
- [FAQ](https://middlebrick.com/docs/faq/)

## Security Topics

- [API Vulnerability Guides](https://middlebrick.com/security/prompt-injection) — 60+ vulnerability pages across authentication, authorization, injection, encryption, data exposure, SSRF, LLM security
- [CWE Reference](https://middlebrick.com/cwe/cwe-89) — 100+ CWE entries with framework-specific remediation
- [Compliance Guides](https://middlebrick.com/compliance/gdpr) — GDPR, PCI-DSS, HIPAA, SOC 2, ISO 27001
- [Regulation Reference](https://middlebrick.com/regulations/gdpr) — Regional regulation analysis with article-level API security mappings

## Pricing

| Tier | Price | Scans |
|------|-------|-------|
| Free | $0/mo | 3 scans/month |
| Starter | $99/mo | 15 APIs |
| Pro | $499/mo | 100 APIs |
| Enterprise | $2,000+/mo | Unlimited |

## Company

middleBrick is a [Zevlat Intelligence](https://zev.lat) venture.

## Contact

- Website: https://middlebrick.com
- Dashboard: https://middlebrick.com/dashboard