Security & trust, one engine
Every attack surface.
One security engine.
ANTHRION red-teams AI agents, web apps, APIs and Web3 — plus code and endpoint trust — in a single scanner. Normalized findings, real-time results, crypto-native, pay per scan.
AI/Web/API/Web3/Code/Endpoint
- Prompt injection: direct instruction overrideprompt-injectionCritical
- System prompt leakage: verbatim disclosuresystem-prompt-leakageHigh
- Tool execution without user approvalexcessive-agencyHigh
One engine for indie builders, crypto communities and AI-agent developers — from a single prompt-injection probe to a full multi-surface audit.
- 9
- Scan types
- 6
- Attack surfaces
- LLM01–10
- OWASP-aligned
- USDC
- Base & Solana
01Scanners
Every surface your agents touch.
One engine, one report format. Run a single probe or a full multi-surface audit — findings come back normalized, severity-ranked, with remediation.
AI / LLM attack scan
An adaptive AI red-team engine that attacks your agent the way a real adversary would — static probes escalate into an adaptive attacker. Point it at a live endpoint, or paste a system prompt to test it before you ship.
- Prompt injection
- Jailbreaks
- System-prompt leakage
- Excessive agency
- Insecure output
Web app scan
Dynamic testing of a live site in a real browser — injection, XSS, auth and misconfiguration on the rendered surface.
API security scan
Probes an API endpoint for broken auth, injection and data exposure across its routes.
Web3 dApp scan
Wallet-injection and frontend checks plus on-chain context — what a malicious dApp could ask a wallet to sign.
Code & repo
White-box taint analysis, leaked-secret detection, code-similarity and a GitHub trust score — from a repo URL.
Endpoint trust
Verify an x402 endpoint before you pay it, monitor its health over time, and check it against the public trust registry.
02How it works
From target to report, in real time.
- 01
Choose a target
A live endpoint, a public repo, or paste a system prompt. Pick one scan or queue several across surfaces.
- 02
Pay per scan
USDC on Base or Solana — one free scan per wallet. Or let an AI agent pay autonomously over x402, no human in the loop.
- 03
Watch it run, live
The engine streams progress as it works — probes, then an adaptive attacker — so you see findings the moment they land.
- 04
Get the report
Normalized severity, evidence and remediation for every finding. Download it, or share a link.
- Static probesLayer 1 · completed
- Adaptive attackerLayer 2 · completed
- Evaluating responsesLayer 2 · category · running
Streamed live as the scan runs.
03x402
Paid by agents — and trust for x402 itself.
ANTHRION uses x402 to get paid: agents settle a scan autonomously, no human in the loop. And ANTHRION is itself trust infrastructure for x402 — it verifies, monitors and registers endpoints so the ecosystem knows what is safe to pay.
Agents pay autonomously
An AI agent calls the scanner and settles payment over x402 — machine to machine.
- agentPOST /scan
- server402 Payment Required
- agentpays USDC via x402
- serverscan started · streaming
- serverscan DONE
Illustrative exchange — no human in the loop.
Trust layer for x402
ANTHRION verifies, monitors and registers other x402 endpoints — so agents know what is safe to pay.
- Endpoint reachableOK
- 402 handshake well-formedOK
- Payment details consistentOK
- No anomalies detectedOK
Illustrative — verify, monitor & register. An indicator, not a guarantee.
04Pricing
Pay per scan. Nothing else.
No seats, no subscriptions. You pay for the scans you run, on-chain — the way a crypto-native product should work.
Free
during launch · then pay-per-scan
- One free scan per wallet to start
- USDC on Base & Solana — no card, no KYC
- No subscription, no balance lock-in
- AI agents can pay autonomously over x402
An indicator of risk — not a guarantee of security.
05FAQ
Questions, answered.
Crypto-native, non-custodial, and built for agents as much as for people.
AI agents and LLM endpoints, web apps, APIs and Web3 dApps — plus code and repos and the trust of x402 endpoints. One engine, one normalized report format across every surface.
It is an adaptive red-team, not a checklist: static probes escalate into an adaptive attacker that adapts to your agent. You can point it at a live endpoint or paste a system prompt to test it before you ship. Coverage is aligned to the OWASP LLM Top-10 — prompt injection, jailbreaks, system-prompt leakage, excessive agency and more.
You pay per scan in USDC on Base or Solana — there is one free scan per wallet to start, and during launch scans are free. No card, no KYC, no subscription. You only pay for the scans you run.
No. Payments are on-chain and per-scan. ANTHRION never custodies your funds or your wallet; there is no balance to top up and nothing to withdraw.
Yes. The scan API is x402-native, so an autonomous agent can call a scanner, pay for it, and receive the results with no human in the loop. It is the same engine the dashboard uses.
Sign in with email or a wallet — it is lightweight. Each scan runs in an isolated, throwaway environment, ANTHRION never modifies your target, and your reports stay private to your account.
Find the holes before they do.
Run your first scan free. Every surface, one engine, results in real time.