IPI-Scanner: Detecting Indirect Prompt Injection Attacks Before Your LLM Reads Them

An open-source security tool for RAG pipelines and agentic AI systems The Problem: The Silent Attack Vector You've probably heard about prompt injection attacks. But here's what most people don't realize: 80% of prompt injection attacks are indirect . They don't target your prompt. They target your data . An attacker poisons a document that your RAG system later retrieves. When your LLM reads it, hidden instructions execute silently. No alerts. No warnings. Just compromised output. Real Examples EchoLeak : Malicious email to a Copilot user leaked passwords via invisible instructions HashJack : URL fragments with hidden instructions steered AI summaries Perplexity Comet : Reddit posts with invisible text exfiltrated user data CVE-2025-53773 : GitHub Copilot RCE via PR description injection The cost? $2.3 billion in global losses (2025). OWASP lists prompt injection as the #1 vulnerability in LLM systems. The Solution: IPI-Scanner I built IPI-Scanner – an open-source tool that detects in