Guardrails and firewalls block attacks — DoesItDefend proves whether yours actually hold, with reproducible findings and signed evidence.
Run OWASP LLM Top 10 against your AI endpoints and OWASP Web Top 10 against the apps around them — one platform, one evidence trail.
See the coverage viewEvery finding ships the real evidence: the HTTP request that broke a web app, or the prompt-and-response that bypassed an AI guardrail.
Open a sample runFor AI findings we generate a system-prompt patch and a guardrail config — then replay the attack to confirm the fix actually closes the bypass.
How remediation worksEvery run ships a sealed evidence pack: SHA-256 hashes, a trace_id chain, conversation transcripts and a remediation playbook.
What is in a packProbes come from a version-locked corpus, not improvised per run. Anyone can replay a finding from the published artifacts.
The calibration methodOne-click Sigma rule per finding so your SIEM gets a starter detection the moment the engine flags a gap. No engineering ticket.
See an exampleBlock PRs that regress your LLM defenses. didk_ API keys + `doesitdefend scan` + diff-aware probe selection — quality gate that fits the dev loop.
Read the CI guideFindings auto-derive frameworks they constitute evidence for — EU AI Act, NIST AI RMF, SOC 2, ISO 27001, PCI-DSS, HIPAA, LGPD/GDPR. Evidence pack ships per-framework SARIF.
See the mappingEmbed a live score badge in your README. Sandbox-only, cached, refreshed every 5 min — the PLG hook your security team already wanted.
See a sample badgeDetect malicious Service Workers, SMTP credential exposure, and PHP/server information disclosure. Drive-by Compromise coverage.
See T1189 coverageIdentify exposed SQLite/SQL files and PII (CPF, email, phone) in directory listings and unprotected endpoints.
See T1530 coverageMarker-based command injection probes via GET query + POST body. Detects ; | $() `` substitution patterns.
See T1059 coverage