Purple Firefish logoPurple Firefish
Local-first AI security

Protect and pentest AI systems before trust boundaries break.

Purple Firefish is a local-first AI security gateway for LLM apps, RAG systems, and tool-using agents. It scans inputs, retrieved content, tool calls, and outputs before untrusted instructions become trusted behavior.

Two jobs. One local control plane.

  • Gateway: enforce source-aware prompt, content, tool-call, and output policy.
  • Pentest platform: run authorized AI/LLM campaigns with modules, evidence, findings, and reports.
  • Local-first: keep default operation self-contained with safe synthetic canaries.

Local-first AI security gateway

Firefish protects AI application paths where prompts, retrieved sources, model outputs, and agent tool calls cross security boundaries. The policy engine remains final authority, while local judge/runtime components are advisory and optional.

Firefish-native AI pentesting

Firefish adds engagement, session, target, module, campaign, run, finding, evidence, report, and audit workflows for authorized testing of AI assets.

Authorized testing only

Pentest your AI assets before attackers do.

Use discoverable modules to test fake or authorized AI targets, group those modules into campaigns, preserve redacted evidence, normalize findings, and generate reports mapped to OWASP LLM Top 10 2025 and MITRE ATLAS.

Modules

Recon, prompt injection, RAG, tool governance, output handling, data exposure, and resource-consumption probes.

Campaigns

Dry-run-first plans with target compatibility, safety limits, and approval metadata before execution.

Evidence

Redacted traces, hashes, synthetic canary IDs, and safe summaries instead of raw unsafe payloads.

Reports

JSON, Markdown, HTML, SARIF-like summaries, and coverage matrices for internal review and CI gates.