Catch malicious input before the model sees it
Paste any untrusted text — a user message, a RAG chunk, a tool result, an email. We strip obfuscation, match it against known attacks, and catch paraphrased injections.
Stop leaks in the model's response
Paste a model reply. We scan it for secrets, personal data, leaked system prompts, and the exfiltration canary shown below.
Control what the agent is allowed to do
Text guards read words — this reads actions. Choose a tool and a destination, mark whether the data came from an untrusted source, and see the allow / approve / block decision.
Scan an MCP server before you trust it
Paste an MCP server manifest. We flag tool-poisoning (instructions hidden in tool descriptions), dangerous capabilities (shell/exec, egress, destructive), over-broad scopes, and matches to the live threat feed — the supply-chain layer.
Live event stream
| Time | Gate | Source | Detail | Latency | Action |
|---|
What this is
An interactive MVP of PRAETOR LAYER — a runtime security layer for LLM apps and AI agents. The whole detection pipeline runs in your browser; nothing you type leaves the page.
Input Guard
De-obfuscates and inspects everything entering the model — catches prompt injection and jailbreaks, even paraphrased ones.
Output Guard
Scans every response for secrets, personal data, leaked system prompts and exfiltration before it reaches the user.
Action Firewall
Governs what the agent can do. Tracks tainted data and blocks risky actions — the structural defense against indirect injection.
Live threat feed: loading… (HMAC-signed, anti-rollback). Now shipped: guard-model classifier tier, signed TI feed, MCP supply-chain scanner, and SIEM export (NDJSON/CEF). Roadmap: a neural guard-model, ed25519 feed signing, and the trustless $PRTR validator network.