Evidence-grade testing.
Plans from $79/mo.
Self-serve checkout opens with our private beta — reserve a plan and we'll email you when your tier goes live. No card charged until activation. Free 5-attack scan runs without an account.
Prove the threat surface to your staff eng. 25 OWASP-LLM-Top-10 attacks against one endpoint, severity-graded PDF in under 2 minutes — no auth, no SDK, no CI wiring yet.
- Severity-graded PDF — share with your tech lead in 1 click
- 25 attacks across 9 of 10 OWASP LLM categories (LLM08 shipping)
- Monthly catalogue refresh as new techniques drop
- Single-endpoint, on-demand scans (CI gate ships with Team)
- Email support
Continuous prompt-injection coverage in your existing CI. PR-comment payloads, Slack alerts on regression, signed PDFs your AppSec team can attach to release tickets.
- PR comment with the exact offending payload + diff against last green run
- GitHub Actions / GitLab CI gate — block merge on regression
- Slack alert when a previously-passing attack starts failing
- 217+ catalogued attacks across OWASP LLM Top 10
- Up to 5 endpoints
- Signed PDF for engineering use (annual auditor-grade evidence on Business)
- Priority email support
Auditor-grade evidence and a human-reviewed annual red-team advisory. Built for security teams answering 200-row vendor-security questionnaires.
- SOC 2 / ISO 42001 evidence package — one PDF, dated, signed, mapped to controls
- Annual red-team advisory authored by the PromptShield research team
- Custom attack catalogue entries for your model + integrations
- Unlimited endpoints
- SSO / SAML
- Dedicated Slack channel
- SLA: 4-hour response
Endpoint = one HTTPS URL accepting prompts. RAG, chat, and tool-calling backends each count separately.
A signed, human-reviewed red-team advisory produced by the PromptShield research team. Includes 12 months of catalogue coverage, CVSS narrative, and remediation recommendations. Suitable for Board / CISO reporting.
one-time · per report
Run a free 5-attack scan first.
No credit card. No signup. Paste your endpoint, get a severity-scored teaser report in under 90 seconds.
What counts as an "endpoint"?
Any HTTP endpoint that accepts a prompt and returns a completion — OpenAI-compatible, Anthropic, custom model serving, or a REST API wrapping any LLM.
Do you store my prompts or responses?
No. PromptShield processes scans in-memory and discards raw payload data after report generation. Report PDFs are stored encrypted: 30 days on the free teaser, 90 days on paid plans. Full retention details on /privacy.
Can I test production endpoints?
We strongly recommend staging or sandbox targets. The teaser scan and Starter plan limit targets to non-.gov, non-.mil, and non-critical-infrastructure domains.
Is Stripe required to start?
Not for the free teaser scan — that runs without an account. Paid plans are in private beta: reserve a tier and we will email you when self-serve Stripe checkout opens. No card charged until your account is activated.