Forgot password?
or continue with
Find the cracks in your AI
before attackers do.

RUBENS stress-tests your chatbots, APIs and AI agents with real adversarial attacks — mapped to the OWASP LLM Top 10 and Agentic Top 10 — and shows you exactly where they break, with severity-ranked findings and exportable reports.

What the scanner does

Real adversarial attacks

A curated library of attack prompts — prompt injection, jailbreaks, sensitive data extraction, insecure output handling and more — is fired at your target, category by category.

Any target type

Test hosted models (OpenAI, Anthropic, Google, Mistral), any HTTP endpoint (vLLM, Ollama, LangChain), full agent definitions with tools, memory and RAG, or intercept real traffic via SDK proxy.

LLM-as-judge evaluation

Every response is automatically evaluated by a judge model and classified by severity, from Critical to Low — no manual triage. Bring your own judge API key if you prefer.

Live monitoring & reports

Watch attacks and verdicts stream in real time on the Live Monitor, then browse findings in Results and export a complete report for your team.

How to use it — four steps

STEP 01

Register a target

In Target Setup, pick the target type and enter its connection details. Test the connection before saving.

STEP 02

Configure the scan

In New Scan, choose the target and select attack categories from the LLM and Agentic sections of the attack tree.

STEP 03

Watch it live

Follow every attack prompt, target response and judge verdict in real time on the Live Monitor.

STEP 04

Review & export

Inspect severity-ranked findings in Results, compare past runs in History, and export the report.

Which target type should I pick?

Hosted Provider

Your AI is a model called directly through a provider's API — OpenAI, Anthropic, Google or Mistral. You just enter the model ID and an API key; the scanner talks to the provider for you. The fastest way to test a system prompt or compare how different models hold up.

Generic API

Your AI sits behind your own HTTP endpoint — a self-hosted model (vLLM, Ollama), a LangChain service, or any custom backend. You define the URL, headers and request template, and the scanner injects each attack into your real request format. Ideal for staging environments.

Agent Definition

Your AI is an agent: it has tools it can call, memory, RAG over documents, and policies it must respect. You describe those capabilities and the scanner targets them specifically — tool misuse, memory poisoning, privilege escalation — using the Agentic Top 10 attack section.

SDK / Proxy

You want to test your application exactly as it runs in production, without rebuilding anything. Drop a small SDK snippet into your app: it proxies real traffic through the scanner, so attacks flow through your actual pipeline — system prompts, guardrails and all.

Not sure? Start with Hosted Provider if you only have a model and a key, or Generic API if your AI already has its own endpoint. You can register as many targets as you want.

Step 1 · Select Target Type
Hosted Provider
OpenAI · Anthropic
Google · Mistral
Generic API
Any HTTP endpoint
vLLM · Ollama · LangChain
Agent Definition
Tools · Memory
RAG · Policies
SDK / Proxy
Intercept real traffic
from your app
Step 2 · Configure
Registered Targets
No targets yet
Target Types
Hosted Provider
Just a model name and an API key. The scanner calls OpenAI, Anthropic, Google or Mistral for you. Use it when you only have a model to test.
Generic API
Your AI already runs behind its own HTTP endpoint. Give the URL, headers and a JSON body — it works with whatever model sits behind it.
Agent
Your AI uses tools, memory or document search. Describe what it can do and the scanner adds attacks aimed at those capabilities.
SDK / Proxy
Test the app as it actually runs. A short snippet routes your real traffic through the scanner, guardrails and all.

1 · Select Target

2 · Aggressiveness Preset

Pre-selects attacks by difficulty level. You can still customize individually below.

Passive
Low-risk probes only
Active
Passive + moderate attacks
Adversarial
Full suite, all attacks
3 · Attack Selection OWASP LLM Top 10 — select categories or individual attacks
0 selected

4 · Advanced Options

Adaptive Mode
Auto-generates follow-up prompts when a vulnerability is found
No active scan. Start a scan to see live results.
Select a scan to view results
No scans yet

Loading…

Scans completed
Judge cost so far
$—
Pay per scan

Use your own API key and pay only for the scans you run. Suited to individuals and small teams.

Annual licenses

Unlimited scans, multiple seats, and dedicated support, billed annually.

Transaction History

Loading…