One Command. Full Security Report.

Break your agent
before the world does.

Run npx adversec scan and get a full security report for your AI agent — with grades, vulnerability breakdowns, and fix recommendations. No setup required.

Try It Free → See How It Works
terminal
# Security-test any AI agent in one command
npx adversec scan --cmd "python my_agent.py"

# Or test an HTTP endpoint
npx adversec scan --endpoint http://localhost:8000/chat

# Output:
  Security Grade: C
  Overall: 6/10 passed (40% ASR)
  Recommendations:
  1. [HIGH] Prompt Injection — Add system prompt anchoring
  2. [MED] Tool Abuse — Implement tool-call allowlists

// The Problem

AI agents are powerful.
They're also easy to trick.

A user can type the right words and make your AI agent reveal private data, ignore its safety rules, or do things it was never supposed to do. Most teams don't find out until it's too late. Testing for this by hand doesn't scale — Adversec automates it.

86%
of AI projects stall before launch due to safety and trust concerns
$4.2M
average cost when an AI system gets exploited (IBM, 2025)
3.2×
increase in prompt injection attacks — people tricking AI agents into misbehaving
~0
easy-to-use tools that let you test this yourself — until Adversec

// Three Steps

Up and running in minutes.

01

Install & run

Run npx adversec scan --cmd "your-agent" — that's it. Point it at a local command or an HTTP endpoint. No servers to set up, no config files required.

02

We attack your agent

Adversec generates dozens of tailored attack scenarios — prompt injection, data leakage, jailbreaks, tool abuse — and fires them at your agent. Each test is specific to what your agent does, not generic.

03

Get your grade & fixes

Get a security grade (A-F), category breakdown, severity ratings, and actionable fix recommendations — right in your terminal. Know exactly what's vulnerable and how to fix it.

// Copy, Paste, Scan

Test your agent right now.

🦞

OpenClaw

# Create wrapper script
echo '#!/bin/bash
echo "$(cat)" | openclaw agent \
  --agent main --json 2>/dev/null \
  | jq -r ".message // ."' > test_oc.sh
chmod +x test_oc.sh

# Scan
npx adversec scan \
  --cmd "./test_oc.sh" \
  --agent-name "my-openclaw"

Works with any OpenClaw agent. Tests prompt injection, tool abuse, and data leakage.

Hermes Agent

# Create wrapper script
cat <<'EOF' > test_hermes.py
import sys
sys.path.insert(0,"path/to/hermes")
from run_agent import AIAgent
a = AIAgent(model="your-model",
  max_iterations=1,quiet_mode=True,
  enabled_toolsets=[])
print(a.chat(sys.stdin.read()))
EOF

# Scan
npx adversec scan \
  --cmd "python test_hermes.py" \
  --agent-name "my-hermes"

Wrap any Hermes agent for testing. Works with any model backend.

Any Agent

# Local script (stdin → stdout)
npx adversec scan \
  --cmd "python my_agent.py"

# HTTP endpoint
npx adversec scan \
  --endpoint http://localhost:8000/chat

# CI/CD pipeline
npx adversec scan --cmd "./agent" --ci

Python, Node, Go, Rust — anything that reads stdin and writes stdout. Or test any HTTP endpoint.

See full examples in the docs →

// How It Works

Describe your agent.
We try to break it.

Instant Test Generation

Tell us what your agent does — "handles refund requests," "books appointments," etc. Adversec automatically creates dozens of realistic attack scenarios designed specifically for your agent's job.

Test Any Agent, Anywhere

Use --cmd to test local scripts, or --endpoint to hit a live HTTP agent. No bridge scripts, no wrappers — Adversec handles the plumbing.

Multi-Step Manipulation

Real attackers don't stop at one message. Adversec simulates conversations that start innocent and gradually escalate — the same technique used to trick AI agents in the real world.

Output Verification

If your agent returns structured data (like JSON), Adversec checks whether attacks can corrupt the format — breaking downstream systems that depend on clean, predictable responses.

Grades & Fix Recommendations

Get a security grade (A-F), severity breakdown, and specific fix recommendations for every vulnerability found. "Add system prompt anchoring" beats "you have a security issue." No expertise required.

CI/CD Ready

Add npx adversec scan --ci to your pipeline. Exit code = number of failures. Block deploys that introduce security regressions. Works with GitHub Actions, GitLab CI, and any runner.

// What We Test For

Every way an agent can fail. Covered.

Adversec tests for the attacks listed in the OWASP Top 10 for LLMs — the industry-standard list of AI security risks — plus real-world manipulation techniques.

Prompt Injection Indirect Injection Data Leakage Denial of Service Jailbreaking Unsafe Output Gradual Escalation Role Confusion Tool Hijacking Hallucination Exploits Excessive Authority Format Breaking Context Overflow Session Leakage

● high-priority attacks    hover for explanations

// Pricing

Start free.
Scale when you're ready.

Free
$0/mo
Try it out. No credit card needed.
  • 50 test generations
  • Core attack categories
  • Pass/fail verdicts with explanations
  • Community support
Get Your Free Key
Pro
$49/mo
For teams putting AI agents in front of real users.
  • 5,000 test generations/mo
  • All attack types including multi-step
  • Run tests live against your agent
  • Detailed vulnerability reports
  • Priority support
Start 7-Day Free Trial
Enterprise
Custom
For organizations running many agents at scale.
  • Unlimited test generations
  • Custom attack scenarios
  • Dedicated infrastructure
  • SLA & compliance reporting
  • Dedicated account team
Contact Sales

Know your agent is safe before your users find out it isn't.

Get your API key and run npx adversec scan — full security report in minutes. No security background required.

Get Your API Key → CLI Documentation