ShakerScanRun Public DAST Preview

AI Security Risk

Prompt injection testing that can block unsafe releases.

Prompt injection matters when an AI system follows untrusted instructions over trusted policy. ShakerScan tests that behavior and records evidence for a release decision.

Run Public DAST PreviewInstall GitHub App

Sample gate decision

block

System instruction bypass

The target followed malicious instructions that conflicted with its system policy. The blocked decision is tied to transcript evidence.

prompt:ignore previous instructions
response:protected policy excerpt returned
target:support-chat-api
policy:ai-gate-release
evidence hash:sha256:8b7c...e21f
1

Run prompt-injection probes against the target AI surface.

2

Capture transcript evidence and classifier or judge rationale.

3

Map the result to policy thresholds.

4

Verify allow, block, or needs_approval in CI/CD.

Why ShakerScan

The output is a release control, not just a report.

ShakerScan is built around release evidence: a tested target, a policy result, a verifier command, and an approval path when risk needs human review.

Signed evidence

Evidence hashes and AI Gate attestations bind the decision to the target, environment, policy, probe pack, and release scope when signing is configured.

CI-verifiable decision

GitHub Actions or the shakerscan CLI can verify that the decision matches the expected repo, commit, branch, environment, target, policy, and evidence hash.

Approval workflow

When an eligible workflow is approved, scoped approval tokens record the reason, audience, expiry, and decision path instead of bypassing the gate silently.

Checklist

Remediation checklist

Separate trusted instructions from untrusted user or retrieved content.

Constrain tools and high-risk actions behind explicit approvals.

Reduce sensitive context exposure in prompts and retrieval output.

Retest after changing prompts, models, retrieval, or tool policy.

Limitations

What this page does not claim

ShakerScan does not replace human security review, threat modeling, or a scoped penetration test.

AI Gate decisions depend on the configured target, probe pack, policy, scan profile, and available evidence.

Production targets require authorization, safe scope, rate limits, and operational approval.

FAQ

Is ShakerScan an AI pentesting replacement?

No. ShakerScan is a verifiable security gate for release workflows. It complements deeper manual testing by producing repeatable runtime evidence and CI-verifiable allow, block, or needs_approval decisions.

Can ShakerScan scan any target?

No. Targets must be owned by the customer or explicitly authorized. Production scans should use safe profiles, rate limits, and defined scope.