Best AI tools for< attack surface mapping >

Equixly is a virtual hacker that helps you secure your API by testing your running APIs and identifying technical and logical vulnerabilities. It uses AI-powered bots to regularly scan your API to spot flaws early, so fixes are smaller in scale and can be integrated less time-consuming. Equixly also provides a plain reporting model that includes API endpoints' security risks and their exposed sensitive data to track regulatory requirements and reduce your attack surface.

Horizon3.ai Solutions offers the NodeZero™ Platform, an AI-powered autonomous penetration testing tool designed to enhance cybersecurity measures. The platform combines expert human analysis by Offensive Security Certified Professionals with automated testing capabilities to streamline compliance processes and proactively identify vulnerabilities. NodeZero empowers organizations to continuously assess their security posture, prioritize fixes, and verify the effectiveness of remediation efforts. With features like internal and external pentesting, rapid response capabilities, AD password audits, phishing impact testing, and attack research, NodeZero is a comprehensive solution for large organizations, ITOps, SecOps, security teams, pentesters, and MSSPs. The platform provides real-time reporting, integrates with existing security tools, reduces operational costs, and helps organizations make data-driven security decisions.

Rebuff AI is a self-hardening prompt injection detector that gets stronger as it is attacked. It is designed to protect AI models from malicious inputs and to help developers build more robust and secure AI applications.

Vectra AI is a leading AI security platform that helps organizations stop advanced cyber attacks by providing an integrated signal for extended detection and response (XDR). The platform arms security analysts with real-time intelligence to detect, prioritize, investigate, and respond to threats across network, identity, cloud, and managed services. Vectra AI's AI-driven detections and Attack Signal Intelligence enable organizations to protect against various attack types and emerging threats, enhancing cyber resilience and reducing risks in critical infrastructure, cloud environments, and remote workforce scenarios. Trusted by over 1100 enterprises worldwide, Vectra AI is recognized for its expertise in AI security and its ability to stop sophisticated attacks that other technologies may miss.

Cleerly is a digital healthcare company transforming the way clinicians approach the treatment of heart disease. Our clinically-proven, AI-based digital care platform works with coronary computed tomography angiography (CCTA) imaging to help clinicians precisely identify and define atherosclerosis earlier, so they can provide personalized, life-saving treatment plans for all patients throughout their care continuum. We measure atherosclerosis - plaque build-up in the heart's arteries - not indirect markers such as risk factors and symptoms of disease. Our AI-enabled digital care pathway offers simpler, faster, more accurate heart disease evaluation and reporting that's tailored to each stakeholder, improving overall clinical and financial outcomes.

Cyguru is an all-in-one cloud-based AI Security Operation Center (SOC) that offers a comprehensive range of features for a robust and secure digital landscape. Its Security Operation Center is the cornerstone of its service domain, providing AI-Powered Attack Detection, Continuous Monitoring for Vulnerabilities and Misconfigurations, Compliance Assurance, SecPedia: Your Cybersecurity Knowledge Hub, and Advanced ML & AI Detection. Cyguru's AI-Powered Analyst promptly alerts users to any suspicious behavior or activity that demands attention, ensuring timely delivery of notifications. The platform is accessible to everyone, with up to three free servers and subsequent pricing that is more than 85% below the industry average.

SafeWaters.ai is a weather app that provides shark activity forecasts. It leverages artificial intelligence to analyze 200+ years of shark attack and marine weather data to predict the risk of a shark attack on a given day and location. The app is designed to help swimmers, surfers, and beachgoers make informed decisions about whether to enter the water. SafeWaters.ai also donates 5% of its profits to ocean cleanup and conservation efforts.

MagicBid LLC is a web, mobile app, and CTV monetization platform that utilizes new age technology and AI-driven strategies to enhance profits for app and web publishers. The platform offers services such as app monetization, web monetization, and CTV monetization, empowering publishers with tools like Auto AdPilot, in-app bidding app monetization, growth intelligence, power ad servers, demand control center, privacy, and fraud protection. MagicBid aims to optimize ad revenue potential through a single SDK integration, connecting with 200+ top ad demand sources, ensuring impressive fill rates, zero latency, and battery drain. The platform also provides attack protection, privacy, and fraud protection services, complying with industry standards like IAB, GDPR, COPPA, and CCPA.

Blackbird.AI is a narrative and risk intelligence platform that helps organizations identify and protect against narrative attacks created by misinformation and disinformation. The platform offers a range of solutions tailored to different industries and roles, enabling users to analyze threats in text, images, and memes across various sources such as social media, news, and the dark web. By providing context and clarity for strategic decision-making, Blackbird.AI empowers organizations to proactively manage and mitigate the impact of narrative attacks on their reputation and financial stability.

Instafill.ai is a website that provides a security service to protect itself from online attacks. It uses a variety of techniques to detect and block malicious traffic, including IP blocking, web application firewall, and bot detection. Instafill.ai also provides a variety of security features, such as two-factor authentication, SSL encryption, and malware scanning.

Facia.ai is a cutting-edge AI tool that offers the fastest 3D liveness detection technology for businesses globally. The platform provides solutions such as face recognition, face matching, age verification, and iris recognition. Facia.ai caters to various industries, including retail, government, healthcare, education, and more, with customizable and integrable deployment options. The tool ensures secure data storage, quick and accurate verification, and protection against deepfakes and spoof attacks.

Lakera is the world's most advanced AI security platform designed to protect organizations from AI threats. It offers solutions for prompt injection detection, unsafe content identification, PII and data loss prevention, data poisoning prevention, and insecure LLM plugin design. Lakera is recognized for setting global AI security standards and is trusted by leading enterprises, foundation model providers, and startups. The platform is powered by a proprietary AI threat database and aligns with global AI security frameworks.

FileDrop is a file or document manager that allows you to drag and drop files into a document with automatic linking and save them to Google Drive. It also offers features like OCR, translation, and AI integration. With FileDrop, you can easily insert, save, and link files in Google Sheets cells, Docs, and Slides.

Aporia is an AI control platform that provides real-time guardrails and security for AI applications. It offers features such as hallucination mitigation, prompt injection prevention, data leakage prevention, and more. Aporia helps businesses control and mitigate risks associated with AI, ensuring the safe and responsible use of AI technology.

DataVisor is a modern, end-to-end fraud and risk SaaS platform powered by AI and advanced machine learning for financial institutions and large organizations. It helps businesses combat various fraud and financial crimes in real time. DataVisor's platform provides comprehensive fraud detection and prevention capabilities, including account onboarding, application fraud, ATO prevention, card fraud, check fraud, FinCrime and AML, and ACH and wire fraud detection. The platform is designed to adapt to new fraud incidents immediately with real-time data signal orchestration and end-to-end workflow automation, minimizing fraud losses and maximizing fraud detection coverage.

DataVisor is a modern, end-to-end fraud and risk SaaS platform powered by AI and advanced machine learning for financial institutions and large organizations. It provides a comprehensive suite of capabilities to combat a variety of fraud and financial crimes in real time. DataVisor's hyper-scalable, modern architecture allows you to leverage transaction logs, user profiles, dark web and other identity signals with real-time analytics to enrich and deliver high quality detection in less than 100-300ms. The platform is optimized to scale to support the largest enterprises with ultra-low latency. DataVisor enables early detection and adaptive response to new and evolving fraud attacks combining rules, machine learning, customizable workflows, device and behavior signals in an all-in-one platform for complete protection. Leading with an Unsupervised approach, DataVisor is the only proven, production-ready solution that can proactively stop fraud attacks before they result in financial loss.

Teleport is a platform that provides secure access to infrastructure, applications, and workloads. It is designed to be easy to use and manage, and it can be deployed in the cloud, on-premises, or as a hybrid solution. Teleport uses a zero-trust approach to security, which means that it does not rely on passwords or other secrets to authenticate users. Instead, Teleport uses cryptographic identities to verify the identity of users and devices. This makes it much more difficult for attackers to gain access to your infrastructure.

Abnormal is a cloud-based email security platform that uses artificial intelligence (AI) to protect organizations from email and email-like attacks. It offers a range of features, including inbound email security, email account takeover protection, email security posture management, and email security operations. Abnormal is trusted by more than 10% of the Fortune 500 and has been proven to provide a 278% return on investment.

Dexa.ai is an AI-powered security service that protects websites from online attacks by enabling cookies and blocking malicious activities. It helps website owners to safeguard their online presence and data integrity. The tool identifies and blocks suspicious activities such as submitting certain words or phrases, SQL commands, or malformed data. Dexa.ai utilizes advanced AI algorithms to provide real-time security solutions and prevent cyber threats effectively.

MixMode is the world's most advanced AI for threat detection, offering a dynamic threat detection platform that utilizes patented Third Wave AI technology. It provides real-time detection of known and novel attacks with high precision, self-supervised learning capabilities, and context-awareness to defend against modern threats. MixMode empowers modern enterprises with unprecedented speed and scale in threat detection, delivering unrivaled capabilities without the need for predefined rules or human input. The platform is trusted by top security teams and offers rapid deployment, customization to individual network dynamics, and state-of-the-art AI-driven threat detection.

Awesome-Segment-Anything is a powerful tool for segmenting and extracting information from various types of data. It provides a user-friendly interface to easily define segmentation rules and apply them to text, images, and other data formats. The tool supports both supervised and unsupervised segmentation methods, allowing users to customize the segmentation process based on their specific needs. With its versatile functionality and intuitive design, Awesome-Segment-Anything is ideal for data analysts, researchers, content creators, and anyone looking to efficiently extract valuable insights from complex datasets.

The 'awesome-mobile-robotics' repository is a curated list of important content related to Mobile Robotics and AI. It includes resources such as courses, books, datasets, software and libraries, podcasts, conferences, journals, companies and jobs, laboratories and research groups, and miscellaneous resources. The repository covers a wide range of topics in the field of Mobile Robotics and AI, providing valuable information for enthusiasts, researchers, and professionals in the domain.

AIKit is a one-stop shop to quickly get started to host, deploy, build and fine-tune large language models (LLMs). AIKit offers two main capabilities: Inference: AIKit uses LocalAI, which supports a wide range of inference capabilities and formats. LocalAI provides a drop-in replacement REST API that is OpenAI API compatible, so you can use any OpenAI API compatible client, such as Kubectl AI, Chatbot-UI and many more, to send requests to open-source LLMs! Fine Tuning: AIKit offers an extensible fine tuning interface. It supports Unsloth for fast, memory efficient, and easy fine-tuning experience.

LoLLMs WebUI (Lord of Large Language Multimodal Systems: One tool to rule them all) is a user-friendly interface to access and utilize various LLM (Large Language Models) and other AI models for a wide range of tasks. With over 500 AI expert conditionings across diverse domains and more than 2500 fine tuned models over multiple domains, LoLLMs WebUI provides an immediate resource for any problem, from car repair to coding assistance, legal matters, medical diagnosis, entertainment, and more. The easy-to-use UI with light and dark mode options, integration with GitHub repository, support for different personalities, and features like thumb up/down rating, copy, edit, and remove messages, local database storage, search, export, and delete multiple discussions, make LoLLMs WebUI a powerful and versatile tool.

AiTreasureBox is a versatile AI tool that provides a collection of pre-trained models and algorithms for various machine learning tasks. It simplifies the process of implementing AI solutions by offering ready-to-use components that can be easily integrated into projects. With AiTreasureBox, users can quickly prototype and deploy AI applications without the need for extensive knowledge in machine learning or deep learning. The tool covers a wide range of tasks such as image classification, text generation, sentiment analysis, object detection, and more. It is designed to be user-friendly and accessible to both beginners and experienced developers, making AI development more efficient and accessible to a wider audience.

The 'llms-tools' repository is a comprehensive collection of AI tools, open-source projects, and research related to Large Language Models (LLMs) and Chatbots. It covers a wide range of topics such as AI in various domains, open-source models, chats & assistants, visual language models, evaluation tools, libraries, devices, income models, text-to-image, computer vision, audio & speech, code & math, games, robotics, typography, bio & med, military, climate, finance, and presentation. The repository provides valuable resources for researchers, developers, and enthusiasts interested in exploring the capabilities of LLMs and related technologies.

STRIDE GPT is an AI-powered threat modelling tool that leverages Large Language Models (LLMs) to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application details, such as the application type, authentication methods, and whether the application is internet-facing or processes sensitive data. The model then generates its output based on the provided information. It features a simple and user-friendly interface, supports multi-modal threat modelling, generates attack trees, suggests possible mitigations for identified threats, and does not store application details. STRIDE GPT can be accessed via OpenAI API, Azure OpenAI Service, Google AI API, or Mistral API. It is available as a Docker container image for easy deployment.

The Prompt Fuzzer is an open-source tool that helps you assess the security of your GenAI application's system prompt against various dynamic LLM-based attacks. It provides a security evaluation based on the outcome of these attack simulations, enabling you to strengthen your system prompt as needed. The Prompt Fuzzer dynamically tailors its tests to your application's unique configuration and domain. The Fuzzer also includes a Playground chat interface, giving you the chance to iteratively improve your system prompt, hardening it against a wide spectrum of generative AI attacks.

Awesome AI GPTs is an open repository that collects resources and fun ways to use OpenAI GPTs. It includes databases, search tools, open-source projects, articles, attack and defense strategies, installation of custom plugins, knowledge bases, and community interactions related to GPTs. Users can find curated lists, leaked prompts, and various GPT applications in this repository. The project aims to empower users with AI capabilities and foster collaboration in the AI community.

Awesome_GPT_Super_Prompting is a repository that provides resources related to Jailbreaks, Leaks, Injections, Libraries, Attack, Defense, and Prompt Engineering. It includes information on ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, and Adversarial Machine Learning. The repository contains curated lists of repositories, tools, and resources related to GPTs, prompt engineering, prompt libraries, and secure prompting. It also offers insights into Cyber-Albsecop GPT Agents and Super Prompts for custom GPT usage.

NGCBot is a WeChat bot based on the HOOK mechanism, supporting scheduled push of security news from FreeBuf, Xianzhi, Anquanke, and Qianxin Attack and Defense Community, KFC copywriting, filing query, phone number attribution query, WHOIS information query, constellation query, weather query, fishing calendar, Weibei threat intelligence query, beautiful videos, beautiful pictures, and help menu. It supports point functions, automatic pulling of people, ad detection, automatic mass sending, Ai replies, rich customization, and easy for beginners to use. The project is open-source and periodically maintained, with additional features such as Ai (Gpt, Xinghuo, Qianfan), keyword invitation to groups, automatic mass sending, and group welcome messages.

This repository contains code and results for jailbreaking leading safety-aligned LLMs with simple adaptive attacks. We show that even the most recent safety-aligned LLMs are not robust to simple adaptive jailbreaking attacks. We demonstrate how to successfully leverage access to logprobs for jailbreaking: we initially design an adversarial prompt template (sometimes adapted to the target LLM), and then we apply random search on a suffix to maximize the target logprob (e.g., of the token ``Sure''), potentially with multiple restarts. In this way, we achieve nearly 100% attack success rate---according to GPT-4 as a judge---on GPT-3.5/4, Llama-2-Chat-7B/13B/70B, Gemma-7B, and R2D2 from HarmBench that was adversarially trained against the GCG attack. We also show how to jailbreak all Claude models---that do not expose logprobs---via either a transfer or prefilling attack with 100% success rate. In addition, we show how to use random search on a restricted set of tokens for finding trojan strings in poisoned models---a task that shares many similarities with jailbreaking---which is the algorithm that brought us the first place in the SaTML'24 Trojan Detection Competition. The common theme behind these attacks is that adaptivity is crucial: different models are vulnerable to different prompting templates (e.g., R2D2 is very sensitive to in-context learning prompts), some models have unique vulnerabilities based on their APIs (e.g., prefilling for Claude), and in some settings it is crucial to restrict the token search space based on prior knowledge (e.g., for trojan detection).

OpenPromptInjection is an open-source toolkit for attacks and defenses in LLM-integrated applications, enabling easy implementation, evaluation, and extension of attacks, defenses, and LLMs. It supports various attack and defense strategies, including prompt injection, paraphrasing, retokenization, data prompt isolation, instructional prevention, sandwich prevention, perplexity-based detection, LLM-based detection, response-based detection, and know-answer detection. Users can create models, tasks, and apps to evaluate different scenarios. The toolkit currently supports PaLM2 and provides a demo for querying models with prompts. Users can also evaluate ASV for different scenarios by injecting tasks and querying models with attacked data prompts.

This repository is a curated list of papers focused on the detection of Large Language Models (LLMs)-generated content. It includes the latest research papers covering detection methods, datasets, attacks, and more. The repository is regularly updated to include the most recent papers in the field.

Blackjack Dealer with an Attitude

Debate expert analyzing arguments for attack and defense. Agent of pure reason

Ask me anything about the ATT&CK

Expert in BloodHound CE, Cypher, SharpHound, and related tech

Asistente especializado en el manejo de la parada cardiorespiratoria según las recomendaciones del ERC (2021) y del ILCOR (2023).

Your expert caddy for hole-specific golf strategies.

An informative guide on strokes.

Attach transaction reports from exchanges to calculate capital gains. It will even generate a file you can upload to turbo tax.

First attach the rules and then ask!

Provides technical analysis and trading insights. Attach a TradingView chart to get started!

Your personal Ethereum magician — Simply ask a question or provide a code sample for insights into vulnerabilities, gas optimizations, and best practices. Don't be shy to ask about tooling and legendary attacks.

I'm PhishCatcher, an expert in identifying phishing attempts.

Analyzes emails for phishing risks.

Feed me any input and i'll match it with the relevant MITRE ATT&CK techniques and tactics (@mthcht)

Cyber security analyst with a focus on threat intelligence and phishing

Analista detalhado de ameaças cibernéticas e planejador

Engagingly clarifies web security topics with interactive questions.

Your personal security tool

Assistant for pentesting apis

Quality Cyber Security Advice, Tricks, & Tips