Granicus

AI System Security Scanner

OWASP LLM Top 10 • SAST • DAST • Red Team • Adaptive

Scans: 0
Catalog:
00:00
Ready

Granicus AI Security Scanner

Comprehensive AI/LLM security platform. Static analysis, live adversarial testing, red team probes, adaptive attacks, workflow visualization, and prompt hardening — all powered by Claude.

v2.0.0 • 184+ Probes • 16 Categories • OWASP LLM Top 10
SAST Scan Analyze source code from GitLab repos for OWASP LLM Top 10 vulnerabilities
DAST Scan Run live adversarial tests against AI agent endpoints
Red Team 184+ curated probes with encoding evasion and multilingual attacks
Adaptive Red Team Multi-round mutation attacks that evolve to bypass guardrails
LLM Attack Gen Polymorphic adversarial attacks generated fresh by Claude each run
LLM Grading Claude evaluates uncertain results with confidence scores and detectors
Workflow Visualization Interactive D3.js graph of LangGraph agent architectures with risk overlay
Prompt Hardening Auto-rewrite vulnerable prompts with injection-resistant patterns
Regression Suites Save and re-run failing attack probes to verify vulnerability fixes
Full Assessment Combined SAST + DAST + Red Team + LLM grading in a single pass

Try a command

Agent commands reference

You can say any of these in natural language. Examples:

CommandExample phrases
SAST scanScan code, Run SAST, Static scan, Scan repo <name>
DAST scanLive test, Adversarial test, Test endpoint <url>
LLM gradeGrade results, Evaluate uncertain tests, Assess response
Full scanFull scan, Complete scan, Scan everything
Generate reportGenerate report, HTML report, Summary
Security evalGenerate tests, Create tests, Run security eval, Run tests against endpoint
LLM adversarial attacksRun LLM adversarial attacks on <url>, Polymorphic attacks
Red teamRun red team against <url>, Pen test, Run all probes, 500+ curated probes
Adaptive red teamRun adaptive red team for 5 rounds, Deep probe, Mutation scan
Encoding evasionRun red team with encoding ladders, Multilingual red team
Visualize workflowVisualize workflow for <repo>, Show agent graph, Architecture diagram
Harden promptsHarden prompts in <repo>, Fix prompt injection, Patch prompts
Regression suitesList regression suites, Run regression suite <name> against <url>
Export reportExport as HTML/Markdown/JSON, Download report
ExplainExplain finding <id>, Show PASS/FAIL tests, What was sent?
Policy / custom testsLow-noise scan, Governance policy, Comprehensive scan, Use custom tests at docs/…
Status / HelpStatus, Progress, What can you do?, Help

Policy & custom tests — copy-paste examples:

  • Run a low-noise SAST on orchestratoragent
  • Run DAST on https://your-endpoint/process with governance policy
  • Run a comprehensive scan on orchestratoragent
  • Run DAST on https://your-endpoint/process using custom tests at docs/sample-custom-tests.json
Scan defaults & server config

These values are sent as context with each message (defaults when your text does not specify a repo, URL, or policy). Non-secret fields persist in local storage; API keys use session storage (cleared when the browser tab closes).

Server runtime (read-only, from GET /api/ui-config) 
Loading…