Built PromptBrake: AI APIsecurity testing for teams shippingLLM features (waitlist open)
Howdy IH,
I’m building PromptBrake (https://promptbrake.com), an AI API security testing product for teams at any stage, from founders and security leaders to engineers shipping production systems.
Waitlist: https://promptbrake.com/waitlist
What it does today:
- Tests AI API endpoints with a fixed library of real attack patterns.
- Covers prompt injection, indirect injection, data leakage, tool misuse, and safety bypass behavior
- Returns pass/warn/fail results with evidence and remediation context
How teams use it:
- Pre-release: catch issues before launch
- Post-release: re-test after model, prompt, tool, or config changes
Current scope (MVP):
- Endpoint-focused security testing
- Manual runs (no CI/CD automation yet)
- No scheduled scans/alerts yet
Why I built it:
I kept seeing teams ship AI features fast, but security checks were inconsistent, hard to repeat, or too heavy for day-to-day engineering workflows.
Would value blunt feedback:
- Which failure modes are most painful in your environment?
- What’s the minimum needed for this to fit your release/security process?
- What would block you from trying it first?
Thanks.
Trending on Indie Hackers
Quick follow-up:
The MVP is fully functional and now live, ready for teams to secure and stress-test their AI endpoints.
We’re continuing to improve the product based on user feedback while hardening and maintaining the platform. During this phase, you may occasionally experience intermittent service.
Quick follow-up:
We’re getting closer to full MVP release, and we’ve been implementing updates based on feedback from different users. One recent addition is CI integration for Pro paid accounts: users can generate CI API keys in the dashboard and run scan/gating endpoints from their own pipelines.
We’re still in waitlist mode while we keep hardening and validating the workflow end-to-end.
Super relevant. Two failure modes that hurt most for us: (1) tool misuse leading to unintended actions, and (2) data leakage across tenants via prompt/context bleed. A minimal “release gate” for me would be: seed a few critical flows + one adversarial suite, run in CI on prompt/tool changes, and emit a diff report. What’s your plan for CI hooks + regression tracking?
Thank you, this is very helpful. Those two failure modes are exactly high-priority in practice: unintended tool actions and cross-tenant/context data leakage.
To clarify the scope, PromptBrake is currently an MVP for manual endpoint security testing (not yet CI-integrated release gating), with evidence-backed PASS/WARN/FAIL outputs.
If useful, these pages show the current approach and coverage:
Would manual pre-release testing on your critical flows be useful as an interim step, or is CI integration a strict requirement before evaluation?
Also, based on feedback like yours, we’re currently exploring a thin CI-oriented workflow focused on pre-merge/deploy gating rather than a full CI platform.
Current scope under evaluation:
The objective is to validate a practical automated release check with minimal operational overhead.