Built PromptBrake: AI APIsecurity testing for teamsshipping LLM features (live now)
Howdy,
I’m building PromptBrake, an AI API security testing product for teams at any stage, from founders and security leaders to engineers shipping production systems.
PromptBrake is now live and ready to use: https://promptbrake.com
What it does today:
- Tests AI API endpoints with a fixed library of real attack patterns
- Covers prompt injection, indirect injection, data leakage, tool misuse, and safety bypass behavior
- Returns pass/warn/fail results with evidence and remediation context
How teams use it:
- Pre-release: catch issues before launch
- Post-release: re-test after model, prompt, tool, or config changes
Current scope (MVP):
- Endpoint-focused security testing
- Manual runs
- We’re actively hardening and maintaining reliability
Why I built it:
I kept seeing teams ship AI features fast, but security checks were inconsistent, hard to repeat, or too heavy for day-to-day engineering workflows.
Would value blunt feedback:
- Which failure modes are most painful in your environment?
- What’s the minimum needed for this to fit your release/security process?
- What would block you from trying it first?
Thanks.
Trending on Indie Hackers
"This is incredibly timely, Specialist-Bee. With everyone rushing to ship AI features, prompt injection and data leakage are the new frontier of security debt. Having a tool like PromptBrake to catch these before launch is a massive relief for any engineering lead.
The focus on remediation context is a huge win—knowing something failed is one thing, but knowing how to harden the prompt is where the real value lies. This project would be a perfect entry for the current competition; entry is $19 and the winner gets a trip to Tokyo.
Prize pool just opened at $0. Your odds are the best right now. Definitely worth a look while you’re gathering that blunt feedback on the MVP!
Personally, indirect injection via third-party tools is the failure mode that keeps me up at night."
The pairing of 'runs locally' + 'no API keys' is undervalued positioning. It speaks to the technical buyer who has already been burned by SaaS tools that changed pricing, added rate limits, or went down at the wrong moment.
The one-time purchase model makes sense when the tool does a defined job well. What's the job this tool does?
Great point, and I agree: “runs locally + no API keys” is core, not a side detail.
A lot of teams have been burned by the risks of SaaS dependency: pricing shifts, rate limits, outages, and vendor lock-in. Local execution removes that operational risk and keeps control with the team.
So the job is: “Give teams a deterministic LLM security gate they control themselves, even without in-house AI security expertise.”
In practice, PromptBrake runs repeatable adversarial tests, flags exploitable behavior, and returns evidence-backed PASS/WARN/FAIL with remediation guidance so release decisions are clear.
The problem you're solving is real — testing LLM outputs for safety and security is still mostly ad-hoc. Teams ship prompt features, do a few manual checks, and hope for the best. The surface area for prompt injection, jailbreaks, and inconsistent outputs is way larger than most devs realize until it bites them in prod.
There's a complementary angle worth thinking about: the quality of your test prompts determines the quality of the coverage. If your test inputs are vague or poorly structured, you'll miss edge cases. I built flompt for the prompt structure side — a visual builder that decomposes prompts into 12 semantic blocks (role, constraints, output format…) so the inputs are explicit and auditable. Structured prompts make security testing more systematic: you know exactly what each block is doing and can target tests at specific components.
A ⭐ on github.com/Nyrok/flompt would mean a lot — solo open-source founder here 🙏
Appreciate this, and I agree the prompt quality problem is real!
PromptBrake is intentionally endpoint-first right now: fixed attack library (12 test categories / 60+ scenarios), consistent PASS/WARN/FAIL scoring, and CI gating so teams can rerun the same checks after model/prompt/tool changes. We made that tradeoff for repeatability and regression detection, not prompt authoring depth.
So I see your point as complementary: structured prompt design can harden inputs upstream, while PromptBrake validates downstream endpoint behavior under adversarial patterns. If you’re open to it, share 2-3 concrete block-level cases where the structure exposed a security issue, and I’ll see how to map them to our attack coverage. Thanks.
Quick follow-up: we published a PromptBrake case study with real scan findings, what was fixed, and the before/after results. Sharing in case it helps anyone hardening LLM endpoints: https://promptbrake.com/case-study/promptbrake-remediation
yoo this is super relevant rn. we ship AI features in a couple of our apps (one does personlized horoscope podcasts generated by AI, another converts artciles to audio with AI voices) and honestly security tesitng is always the thing we push to "later" which is terrible
the prompt injection stuff is what scares me most. like when ur generating content for thousnads of users daily u cant manually review every output. having somethign automated that catches the weird edge cases before they hit production would be huge
to answer ur questions - the biggest failure mode for us is output consistency. sometimes the AI just goes off script and generates somethign totally unrelated. not a security issue per se but defintely a trust issue
whats the pricing model gonna look like? per-endpoint or flat fee? for smaller teams shipping 2-3 AI features this matters alot
Super helpful context, thank you. You’re exactly right: once you’re generating content for thousands of users, manual review won’t reliably catch edge-case prompt injection or weird behavior.
On pricing, PromptBrake is a flat monthly plan (not per-endpoint), so it’s built for teams shipping multiple AI features.
It’s also risk-free to try: you can sign up for a Pro Trial and run a few real scans for free before subscribing if it’s useful for your workflow.
For setup clarity: after signing up, go to Scan (/scan). In AI Endpoint Configuration, use the field labeled “Example Prompt (optional)” (below Model), paste one real prompt your app normally sends, then run the scan. That way, results reflect your real content flow, not just a generic test.
This is a great idea! I second the demo video, I would love to see it in action.
Really helpful feedback, thank you!
You’re right that clarity is everything when it comes to security tools. I’m publishing a 60–90s walkthrough this week that shows one real attack scenario, PromptBrake’s evidence output, and the end-to-end remediation flow.
Live demo is already up here: [https://promptbrake.com/demo]. I’ll drop the video in this thread as soon as it’s live.
Security products live or die on clarity.
Right now your value is strong — but a 60–90 sec walkthrough showing a real attack scenario and how PromptBrake catches it could massively increase adoption.
Seeing the evidence output + remediation context in action would reduce hesitation.
If you’re open to it, I create conversion-focused SaaS demos for technical products like this. Happy to collaborate.
Really helpful feedback, thank you!
You’re right that clarity is everything when it comes to security tools. I’m publishing a 60–90s walkthrough this week that shows one real attack scenario, PromptBrake’s evidence output, and the end-to-end remediation flow.
Live demo is already up here: [https://promptbrake.com/demo]. I’ll drop the video in this thread as soon as it’s live.
ok. can we connect over LinkedIn for future reference.