Live Proxy
MODE
‹ Home
Chat with a real model wrapped in every guard: your message → Input Guard → model → Output Guard, with any tool calls routed through the Action Firewall. Type a message or pick an example below.

Catch malicious input before the model sees it

Paste any untrusted text — a user message, a RAG chunk, a tool result, an email. We strip obfuscation, match it against known attacks, and catch paraphrased injections.

Run a scan to see the verdict, the normalization trail, and signature hits.

Stop leaks in the model's response

Paste a model reply. We scan it for secrets, personal data, leaked system prompts, and the exfiltration canary shown below.

Protected system prompt
Canary token
Run a scan to see DLP findings.

Control what the agent is allowed to do

Text guards read words — this reads actions. Choose a tool and a destination, mark whether the data came from an untrusted source, and see the allow / approve / block decision.

Egress allowlist:
Configure or pick a scenario, then evaluate to see the policy decision and trail.

Scan an MCP server before you trust it

Paste an MCP server manifest. We flag tool-poisoning (instructions hidden in tool descriptions), dangerous capabilities (shell/exec, egress, destructive), over-broad scopes, and matches to the live threat feed — the supply-chain layer.

Paste a manifest or pick a sample to see per-tool findings.

Live event stream

SIEM export
TimeGateSourceDetailLatencyAction
No events yet. Run scans in the other tabs.

What this is

An interactive MVP of PRAETOR LAYER — a runtime security layer for LLM apps and AI agents. The whole detection pipeline runs in your browser; nothing you type leaves the page.

Input Guard

De-obfuscates and inspects everything entering the model — catches prompt injection and jailbreaks, even paraphrased ones.

Output Guard

Scans every response for secrets, personal data, leaked system prompts and exfiltration before it reaches the user.

Action Firewall

Governs what the agent can do. Tracks tainted data and blocks risky actions — the structural defense against indirect injection.

Live threat feed: loading… (HMAC-signed, anti-rollback). Now shipped: guard-model classifier tier, signed TI feed, MCP supply-chain scanner, and SIEM export (NDJSON/CEF). Roadmap: a neural guard-model, ed25519 feed signing, and the trustless $PRTR validator network.