If you're writing system prompts for AI applications, there's now a free tool that checks them for security holes before an attacker finds them first.
AIUnbreakable's Prompt Vulnerability Scanner analyzes system prompts against 12 categories of prompt injection attacks (where a user crafts input designed to override your AI's instructions). You paste your prompt into the browser, it runs pattern matching locally, and you get a vulnerability score from A to F with specific recommendations.
The 12 attack categories it checks: instruction override, role manipulation, prompt extraction, data exfiltration, encoding bypass, delimiter injection, emotional manipulation, multi-language attacks, output hijacking, privilege escalation, logic bombs, and context overflow.
The privacy angle matters here. The scanner runs entirely client-side using JavaScript pattern matching. Your system prompt never leaves your browser - nothing is sent to a server, stored, or logged. For anyone building production AI features, that's a real concern when evaluating security tools, since pasting your system prompt into some third-party service could itself be a security risk.
According to the tool's documentation, most prompts initially score between 30 and 60 out of 100. A score of 85-100 earns a Grade A, meaning comprehensive defenses against most known attack vectors. The site also offers related tools including a secure prompt generator and an OWASP LLM Top 10 checker.
This won't replace a proper security audit, but it's a useful gut check. Most developers shipping AI features spend zero time thinking about prompt injection until something goes wrong. A 30-second scan that flags obvious gaps - like missing delimiter protection or no defense against role manipulation - is worth the effort.