RUNE

Automated AI red teaming that attacks your vibe-coded apps before hackers do. Find prompt injections, generates fixes, and alerts your team in Slack.

Comment

Inspiration

According to Wiz, somewhere between 25% and 70% of working coding outputs from leading models contain vulnerabilities.

We kept seeing AI apps go viral on Twitter with massive security vulnerabilities: exposed API keys, prompt injections, PII leaks. Developers ship fast without testing for AI-specific attacks. We wanted to build the security layer that catches vulnerabilities before production.

What it does

RUNE is an automated AI red teaming platform. Upload your AI app code, and RUNE uses Google Gemini to generate sophisticated prompt injection attacks, jailbreaks, and exploit attempts. It detects vulnerabilities like exposed system prompts, leaked API keys, and PII extraction, then auto-generates secure fixes and sends instant Slack alerts to your team.

How we built it

React + TypeScript frontend with a live attack dashboard. Node.js backend orchestrating Gemini API calls to both generate attack vectors and produce remediation code. We built custom parsers to extract AI components from codebases and a sandboxed attack engine that safely executes exploits. Planning on integrated Slack webhooks for real-time notifications.

Challenges we ran into

The main challenge we faced was developing a robust backend to ensure Gemini accurately detected security vulnerabilities. To validate its performance, we benchmarked our system against numerous pieces of intentionally vulnerable code, manually labeling each issue. Our testing showed that Gemini successfully identified 100% of the vulnerabilities across all test cases.

Accomplishments that we're proud of

We’re proud of building a fully functional end to end AI security platform within a single hackathon weekend. RUNE not only detects vulnerabilities but also provides automated, Gemini-generated fixes and real-time alerts. We also had time to benchmark our product and achieve a 100% detection rate across all benchmarked vulnerabilities validated both our system design and the power of combining LLM reasoning with programmatic testing.

What we learned

We gained experience in safely sandboxing LLM-driven exploits, managing asynchronous API orchestration, and designing user experiences for real-time AI vulnerability monitoring. Most importantly, we learned that securing AI systems isn’t just a backend problem, it’s a full-stack responsibility that requires creativity, testing, and collaboration.

What's next for Rune

We’re currently working on implementing Slack webhooks to provide instant alerts for detected vulnerabilities. Next, we plan to integrate RUNE directly into CI/CD pipelines, enabling automated AI security checks on every commit. We also aim to develop continuous monitoring for deployed models as prompts and data evolve over time. Future updates will include broader support for additional LLMs beyond Gemini and a dashboard for vulnerability analytics.

Built With

Share this project:

Updates