XIPE v4.1 — Autonomous AI Security · CLI + Platform

AI Security.
Automated.
End to End.

From a single CLI command to a full security operations platform. XIPE scans any AI target, chains findings into attack narratives, monitors endpoints with lightweight agents, and delivers professional PDF reports — without human intervention.

→ Explore Products GitHub

XIPE Active Scan · Authorized Assessment

CRITICAL System prompt writable via unauthenticated POST HIGH API documentation publicly exposed — 186 endpoints CRITICAL SQL injection in JSON field names — DB read confirmed HIGH JWT algorithm confusion — RS256 → HS256 downgrade CRITICAL Indirect prompt injection via RAG document upload MEDIUM Missing HSTS — HTTP downgrade attack possible HIGH Unauthenticated write endpoint — 22 found CRITICAL API key exposed in JavaScript bundle CRITICAL System prompt writable via unauthenticated POST HIGH API documentation publicly exposed — 186 endpoints CRITICAL SQL injection in JSON field names — DB read confirmed HIGH JWT algorithm confusion — RS256 → HS256 downgrade CRITICAL Indirect prompt injection via RAG document upload MEDIUM Missing HSTS — HTTP downgrade attack possible HIGH Unauthenticated write endpoint — 22 found CRITICAL API key exposed in JavaScript bundle

Two Ways to Deploy

CLI or Platform.
Your choice.

XIPE CLI v4.1 — Open Source

Scanner.
One Command.

Point at any URL. Get a professional PDF report in under 2 minutes. Blackbox, greybox or whitebox — pass credentials and XIPE authenticates automatically.

4-phase intelligent assessment

17 parallel security modules

Brain auto-classifies any target

Blackbox / greybox / whitebox modes

Chain Engine — attack narratives

PDF + HTML reports + Teams alerts

Self-updating: bash update.sh

→ GitHub

$ python main.py --config config.yaml

🧠 Brain: wordpress (95%) — 17 modules

🚨 HIGH: /wp-config.php exposed

🔗 CHAIN: User enum → brute force path

✅ PDF + JSON in output/ — 1m 52s

$ bash update.sh # pull latest version

XIPE Platform — SaaS

Dashboard.
Scans. Portal.

Full security operations platform. Launch scans for any target from the browser, track results across clients, download PDF reports — no CLI required.

Admin dashboard — all clients, all scans

Launch scan from browser — any URL

Live progress screen with phase tracker

PDF download with one click

Client portal — each client sees their own

Lightweight agents on endpoints

FastAPI + DynamoDB + ECS Fargate + ALB

→ Live Demo

① Enter URL + client name in browser

② ECS Fargate spins up — scan starts

③ Live phase tracker: recon → modules

④ Results appear automatically

✅ PDF ready to download in ~2 min

Architecture

Four phases.
One intelligent flow.

XIPE doesn't run everything blindly. Brain classifies first, selects only relevant modules, executes in parallel, then chains findings into attack narratives.

PHASE 01

Reconnaissance

Passive fingerprinting of tech stack, endpoints, and AI indicators.

→ System type

→ Tech stack

→ AI platform?

→ API present?

→ CloudFront/WAF

PHASE 02

Assessment Plan

Brain selects modules and explains every decision. No blind execution.

→ Module selection

→ Priority checks

→ API surface size

→ Prompt layer risk

→ Skip reasons

PHASE 03

Execution

5 modules in parallel. Scope validator on every request.

→ Web + TLS + API

→ AI attacks

→ API Mapper

→ Prompt Hunter

→ Trustworthiness

PHASE 04

Chain + Report

Chain Engine connects findings. Brain writes the narrative. PDF auto-delivered.

→ Attack chains

→ Priority scoring

→ PDF + HTML

→ S3 + Teams

→ Training data

Chain Engine — v4.1

Findings don't live
in isolation.

Real attackers chain vulnerabilities. XIPE connects them automatically — showing the full attack path and real business impact, not just a flat list of issues.

API Docs Exposed → Full surface mapped

Swagger/OpenAPI docs publicly accessible. Complete endpoint list, methods, and parameters — before touching a single one.

Unauthenticated Write Endpoint → DB access

Among documented endpoints, several require no auth. One write endpoint concatenates JSON field names into SQL — the vector standard scanners miss.

SQL Injection in JSON Keys → Read + Write

Not injection in values — in field names. Iterative blind enumeration reveals production data. Write access confirmed. System prompts in the same DB.

⛓ Attack Chain — Business Impact

Full database read and write access. System prompts modifiable with a single HTTP request — no code changes, no deployment, no audit trail. Every user receives AI responses that can be silently poisoned.

Coverage — v4.1

Every attack surface.
Including the prompt layer.

01 / WEB SECURITY

Web Security

Headers, CORS, sensitive paths, verbose errors, cookies, information disclosure, HTTP methods. Auto-activates WordPress module on CMS detection.

A02A05HSTSCSPCORS

02 / API MAPPER ACTIVE

API Mapper

Parses Swagger/OpenAPI. Finds unauthenticated write ops. Tests SQL injection in JSON field names — the vector standard scanners miss.

JSON-key SQLiSwaggerAPI1A03

03 / PROMPT HUNTER ACTIVE

Prompt Hunter

Finds system prompt storage. Tests if writable. Extracts hardcoded prompts from JS bundles. Tests indirect injection via RAG uploads.

Write accessCrown JewelLLM07

04 / AI SECURITY

AI / LLM Security

Prompt injection, jailbreak, data extraction, excessive agency. Auto-registers accounts. Full OWASP LLM Top 10 coverage.

LLM01LLM02LLM06LLM07

05 / PROMPT INJECTION ACTIVE

Prompt Injection

Direct and indirect prompt injection attacks against any chat endpoint. System prompt leakage probes. 20+ attack templates per category.

LLM01DirectIndirectLLM08

06 / RAG TESTER ACTIVE

RAG Security

RAG poisoning via document upload, data extraction from retrieval layer, tenant isolation bypass, sensitive data leakage in context.

LLM04PoisoningExtraction

07 / AGENT TESTER ACTIVE

Agent Security

Tool misuse, excessive agency, approval workflow bypass, sensitive data extraction via chained agent actions. OWASP LLM06.

LLM06Tool abuseAgency

08 / AUTH + JWT

Auth & JWT

Login brute force, IDOR, privilege escalation, session fixation, JWT algorithm confusion (RS256→HS256), weak secrets, token replay.

A07JWTIDORA01

09 / SSRF + XXE + GraphQL

Injection Suite

SSRF to cloud metadata, blind SSRF detection, XXE file read, GraphQL introspection + depth bombs + batch abuse. All with 90s hard deadline.

SSRFXXEGraphQLA03

10 / CHAIN ENGINE ACTIVE

Chain Engine

Connects findings into attack narratives. Shows real business impact of combined vulnerabilities. CORS + prompt exposure = cross-origin data theft.

ChainingEscalationnarrative

Phase 2 Roadmap

Building the
custom model.

Every scan stores structured data in S3. After enough engagements, this trains a custom model — zero external API dependency, zero per-scan cost.

Collect

Every scan saves attack prompts, AI responses, vulnerability labels, tech stack, and severity. Currently — records.

Train

Fine-tune a domain-specific model on the XIPE dataset. Specialized for AI security — better signal-to-noise than any general model.

Deploy

Custom model runs on ECS alongside XIPE. Zero external API calls. Zero per-scan cost. Full control over the intelligence layer.

Open Source · Production Ready

Choose your path.

CLI for fast assessments. Platform for full operations.

XIPE CLI

Scanner

One command. Any target. Professional PDF report in under 2 minutes. Open source, runs on AWS.

→ Get Started

XIPE Platform — Live

Platform

Full security operations. Dashboard, client portal, endpoint agents, live logs, multi-engagement management. Running on AWS.

→ Request Access

    $ xipe https://any-ai-platform.com "Client"

    🧠 Brain: ai_platform (90% confidence)

    🚨 CRITICAL: System prompts writable

    🔗 2 attack chains identified

    ✅ PDF: ~/Downloads/XIPE_ENG-AUTO-2026.pdf

AI Security.Automated.End to End.

CLI or Platform.Your choice.

Four phases.One intelligent flow.

Findings don't livein isolation.

Every attack surface.Including the prompt layer.

Any target.Auto-detected.

Building thecustom model.