XtrinelXTRINEL
VAASTVAAST

Vulnerability Assessment for AI Security Testing

VAAST is the offensive-security platform for LLM-integrated applications. Map the surface, run the catalog, ship the findings.

Capabilities

Everything the attack surface demands.

Prompt Injection Catalog

Direct, indirect, and multi-turn variants with reproducible payloads. Covers system-prompt exfiltration, jailbreaks, and role-confusion attacks.

Tool-Call Surface Mapping

Agentic stacks expose tool surfaces as first-class APIs. VAAST's MCP Scanner enumerates callable tools and probes each one for parameter injection, privilege escalation, schema confusion, and unauthorized state changes.

RAG Corpus Inspection

Walks ingestion paths, tests for poisoned documents, and verifies retrieval behavior under adversarial queries.

Agentic Pipeline Tracing

Models plan-and-execute loops and long-horizon agents, then surfaces failure modes unique to autonomous workflows.

Authenticated Scanning

Run the catalog behind API key, Bearer, or Cookie authentication so you can test what your users actually see.

Reproducible Findings

Every finding exports as a minimal script your engineering team can replay in CI. No black-box claims.

Workflow

How an engagement runs.

01

Define scope

Register the target application with written authorization. VAAST will refuse to run without it.

02

Enumerate surface

Map tool calls, retrieval sources, and agent pipelines. VAAST produces a surface graph you can export.

03

Probe and report

Run the vulnerability catalog. Every finding is triaged, tagged, and exportable as a CI-runnable script.

Demo

See it in action.

Real scans. Real findings. No setup required.

VAAST Findings screenshot

Included with Pro: Xtriforce AI

Every finding, every intercepted request — Xtriforce explains it, so you don't have to dig through raw payloads alone.

Learn more about Xtriforce →

Pricing

Start free. Upgrade when you need depth.

Every tier includes the baseline payload library. Pro and Enterprise unlock live research sync, full report export, and authenticated scanning.

Free
$0/ month

Kick the tires on VAAST.

  • VAAST desktop app (Mac, Windows, Linux)
  • Baseline payload library (15 checks)
  • Prompt injection, tool-call, RAG, agentic categories
  • MCP Scanner (tool enumeration + adversarial probing)
  • Local scan history and workspaces
  • JSON findings export
  • Community research feed access
Get Started Free
Pro
Most popular
$24.99/ month

For individual practitioners.

  • Everything in Free
  • Xtriforce AI Analyst (findings analysis, attack scenarios, remediation)
  • Live payload library sync (new research checks as published)
  • Full report export (HTML + JSON)
  • Authenticated scanning (API key, Bearer, Cookie)
  • Direct email support
Start Pro
Enterprise
Custom/ month

For teams running VAAST together.

  • Everything in Pro
  • Custom seating for your team
  • SSO via SAML 2.0 supported
  • Org-level usage dashboard with audit logs
  • Member activity tracking — who scanned what and when
  • Onboarding call included
Contact Sales