When New LLM feature launching

When you expose new LLM features, you introduce new endpoints, prompts, and data flows that expand the attack surface. Run a black-box scan before enabling features in production to establish a baseline risk score and a prioritized list of findings. The scanner operates without agents or code access, returning results in under a minute using read-only methods and text-only LLM probes.

The scanner evaluates 12 categories aligned to OWASP API Top 10 (2023). It checks authentication bypass and JWT misconfigurations, including alg=none and expired tokens. It probes for BOLA and IDOR via sequential and adjacent ID enumeration, and BFLA via admin endpoint discovery and role leakage. Property over-exposure, input validation issues such as CORS wildcard usage, and rate-limiting characteristics are assessed. Data exposure checks for PII patterns, API key formats, and error leakage. SSRF probes target URL-accepting parameters, and LLM security includes 18 adversarial probes across Quick, Standard, and Deep tiers for system prompt extraction, jailbreaks, and data exfiltration.

The scanner parses OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution, cross-referencing the spec against runtime behavior. It flags undefined security schemes, deprecated operations, and missing pagination. For authenticated scans, provide Bearer tokens, API keys, Basic auth, or cookies. Access is gated by domain verification, and only a restricted set of headers is forwarded. These capabilities support continuous monitoring with scheduled rescans and diff detection to track score drift and new findings over time.

Findings map directly to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, the scanner helps you prepare for and supports audit evidence by surfacing findings relevant to controls described in those frameworks. The tool is a scanner only; it does not fix, patch, or remediate, and it does not replace a human pentester for high-stakes audits. Private IPs, localhost, and cloud metadata endpoints are blocked at multiple layers, and scan data is deletable on demand and never used for model training.

Use the Web Dashboard to review reports and download branded compliance PDFs. The CLI supports a simple command like middlebrick scan <url> with JSON or text output. The GitHub Action can gate CI/CD, failing the build when the score drops below your threshold. The MCP server enables scanning from AI coding assistants. An API client allows custom integrations, and Pro tier adds Slack or Teams alerts with rate-limited notifications and HMAC-SHA256 signed webhooks that auto-disable after five consecutive failures.