LLMBreaker

LLMBreaker is an AI-powered security testing tool that stress-tests your LLM APIs with real-time analysis and advanced attack agents. "Break your LLM before hackers do."

Comment

Inspiration

I noticed that LLM applications are being deployed faster than companies can secure them. Traditional security tools don’t understand prompt injections or jailbreaks. Developers are shipping models without knowing if they’re exposed.
I wanted a tool that anyone could run instantly — paste a cURL, press start, and watch an AI attack your API. That idea became LLMBreaker.

What it does

LLMBreaker is an AI-powered security testing framework for LLM APIs. It runs 8 specialized security agents that simulate real attacks: jailbreaks, prompt injection, PII leaks, credential exposure, hate speech generation, bias, token smuggling, and system prompt extraction.
Tests run in real time through SSE, with scores, risk levels, the malicious payload used, your model’s response, and clear remediation steps.
Break your LLM before hackers do.

How I built it

  • I built the backend inside VSCode using the Gemini CLI with Vibe Coding, which accelerated planning and implementation.
  • The security analysis layer uses Genkit, where Gemini acts as the expert AI security analyst.
  • Users paste a cURL command containing <PROMPT>, and LLMBreaker injects malicious payloads automatically.
  • Each response is streamed back through Server-Sent Events, providing live results.
  • The UI was created in Google AI Studio, allowing anyone to trigger tests without setup or installation.

Challenges I ran into

  • Designing attack prompts that were effective across multiple models and safety policies.
  • Keeping SSE stable for long-running and heavy test cycles.
  • Translating raw output into useful, developer-friendly security reports.
  • Ensuring the tool stayed zero-config and simple to use.

Accomplishments that I’m proud of

  • I built the entire platform in one weekend.
  • It successfully exposed real vulnerabilities in tested endpoints.
  • Truly no setup: just paste a cURL and run.
  • Automated security analysis powered by Gemini — no regexes, no pattern scripts.

What I learned

  • Most LLM APIs are far more vulnerable than expected.
  • Real security requires reasoning, not keyword detection.
  • VSCode + Gemini CLI Vibe Coding dramatically increased my productivity.
  • Genkit is powerful for orchestrating AI-driven workflows.

What’s next for LLMBreaker

  • Expand the agent suite for multi-turn attacks and RAG security.
  • Add CI/CD integration and automatic re-testing after fixes.
  • Build a dashboard for historical reports and trend analysis.
  • Grow an open-source community around LLM security testing.
  • Possibly launch an enterprise tier with support for multiple leading LLMs, advanced attack modules, and deeper compliance features.

Built With

Share this project:

Updates