Purple Firefish logoPurple Firefish

Purple Firefish AI Pentesting Platform Overview

Purple Firefish is a local-first AI security gateway with a built-in, authorized AI pentesting workspace. It helps you test AI apps, RAG systems, agents, tool brokers, and local model runtimes with safe synthetic campaigns, then turn the results into redacted evidence, findings, and reports.

The simple version:

Firefish lets you prove how your AI system behaves under realistic AI attack pressure without using real secrets, unsafe payloads, or unapproved targets.

Authorized AI pentest platform means Firefish is scoped, local-first, synthetic by default, and built around evidence you can review without exposing raw secrets or unsafe payloads.

Can I Use It Now?

Yes. In the Docker review build, Security Workbench is enabled and ready to explore from the operator app.

Use it today for:

The feature remains behind FIREFISH_PENTEST_ENABLED so production deployments can keep it hidden until the operator chooses to enable it.

What Firefish Tests

Firefish focuses on AI-specific trust-boundary failures:

The tests use simulator-safe placeholders and synthetic canaries such as FIREFISH_CANARY_SECRET_001. They are designed for defensive validation, not for harmful exploitation.

How Security Workbench Works

Firefish organizes testing into practical security objects:

Available Module Families

The current module library includes:

Safe Local Lab Targets

Firefish ships deterministic fake targets for demos and tests:

These fixtures do not start services or call the internet. They produce repeatable protected/vulnerable outcomes so you can see how Firefish handles findings without touching real infrastructure.

Safety Model

Firefish pentesting is safe by default:

What You See In The App

Open the operator app and select Security Workbench. The page shows:

Core Workflow

sequenceDiagram
    participant Operator
    participant UI as Firefish Cockpit
    participant Safety as Safety Gate
    participant Module as Module Runner
    participant Target as Authorized Target
    participant Evidence as Evidence Store
    participant Report as Report Builder

    Operator->>UI: Choose engagement and target
    Operator->>UI: Select modules and limits
    UI->>Safety: Validate scope, run mode, and allowlist
    Safety-->>UI: Approved dry-run plan
    UI->>Module: Run bounded campaign
    Module->>Target: Send safe synthetic test
    Target-->>Module: Redacted behavior summary
    Module->>Evidence: Store hashes, canaries, and traces
    Evidence->>Report: Build findings and coverage summary
    Report-->>UI: Show redacted report

Reports And Coverage

Firefish reports include:

Raw prompts, secrets, credentials, full tool payloads, and unsafe sample text are not shown in normal report views.

Start Here