Google · Mistral
vLLM · Ollama · LangChain
RAG · Policies
from your app
RUBENS stress-tests your chatbots, APIs and AI agents with real adversarial attacks — mapped to the OWASP LLM Top 10 and Agentic Top 10 — and shows you exactly where they break, with severity-ranked findings and exportable reports.
A curated library of attack prompts — prompt injection, jailbreaks, sensitive data extraction, insecure output handling and more — is fired at your target, category by category.
Test hosted models (OpenAI, Anthropic, Google, Mistral), any HTTP endpoint (vLLM, Ollama, LangChain), full agent definitions with tools, memory and RAG, or intercept real traffic via SDK proxy.
Every response is automatically evaluated by a judge model and classified by severity, from Critical to Low — no manual triage. Bring your own judge API key if you prefer.
Watch attacks and verdicts stream in real time on the Live Monitor, then browse findings in Results and export a complete report for your team.
In Target Setup, pick the target type and enter its connection details. Test the connection before saving.
In New Scan, choose the target and select attack categories from the LLM and Agentic sections of the attack tree.
Follow every attack prompt, target response and judge verdict in real time on the Live Monitor.
Inspect severity-ranked findings in Results, compare past runs in History, and export the report.
Your AI is a model called directly through a provider's API — OpenAI, Anthropic, Google or Mistral. You just enter the model ID and an API key; the scanner talks to the provider for you. The fastest way to test a system prompt or compare how different models hold up.
Your AI sits behind your own HTTP endpoint — a self-hosted model (vLLM, Ollama), a LangChain service, or any custom backend. You define the URL, headers and request template, and the scanner injects each attack into your real request format. Ideal for staging environments.
Your AI is an agent: it has tools it can call, memory, RAG over documents, and policies it must respect. You describe those capabilities and the scanner targets them specifically — tool misuse, memory poisoning, privilege escalation — using the Agentic Top 10 attack section.
You want to test your application exactly as it runs in production, without rebuilding anything. Drop a small SDK snippet into your app: it proxies real traffic through the scanner, so attacks flow through your actual pipeline — system prompts, guardrails and all.
Not sure? Start with Hosted Provider if you only have a model and a key, or Generic API if your AI already has its own endpoint. You can register as many targets as you want.
Define what AI system you want to red team — from a simple chatbot to a full agentic system
Select target, aggressiveness preset, then fine-tune individual attacks
Pre-selects attacks by difficulty level. You can still customize individually below.
Real-time scan progress and vulnerability detection
Vulnerability findings for the selected scan
All previous red team scans
You scan with your own API key, so the model usage is billed directly to you. Credits are the service fee for using the scanner: each scan uses 1 to 4 credits depending on its size. Pick a pack below.
—
Use your own API key and pay only for the scans you run. Suited to individuals and small teams.
Unlimited scans, multiple seats, and dedicated support, billed annually.