Protect and pentest AI systems before trust boundaries break.
Purple Firefish is a local-first AI security gateway for LLM apps, RAG systems, and tool-using agents. It scans inputs, retrieved content, tool calls, and outputs before untrusted instructions become trusted behavior.
Two jobs. One local control plane.
- Gateway: enforce source-aware prompt, content, tool-call, and output policy.
- Pentest platform: run authorized AI/LLM campaigns with modules, evidence, findings, and reports.
- Local-first: keep default operation self-contained with safe synthetic canaries.
Local-first AI security gateway
Firefish protects AI application paths where prompts, retrieved sources, model outputs, and agent tool calls cross security boundaries. The policy engine remains final authority, while local judge/runtime components are advisory and optional.
Firefish-native AI pentesting
Firefish adds engagement, session, target, module, campaign, run, finding, evidence, report, and audit workflows for authorized testing of AI assets.
Pentest your AI assets before attackers do.
Use discoverable modules to test fake or authorized AI targets, group those modules into campaigns, preserve redacted evidence, normalize findings, and generate reports mapped to OWASP LLM Top 10 2025 and MITRE ATLAS.
Modules
Recon, prompt injection, RAG, tool governance, output handling, data exposure, and resource-consumption probes.
Campaigns
Dry-run-first plans with target compatibility, safety limits, and approval metadata before execution.
Evidence
Redacted traces, hashes, synthetic canary IDs, and safe summaries instead of raw unsafe payloads.
Reports
JSON, Markdown, HTML, SARIF-like summaries, and coverage matrices for internal review and CI gates.
