Paste a system prompt, user message, or agent output. Rune scans with 52 regex patterns (L1) and 57 attack embeddings via vector similarity (L2) to catch both known and novel threats.
Scans use server-side L2 vector analysis when available (5 free/hour), with client-side L1 fallback. Content is never stored — processed and discarded instantly. Powered by @runesec/scanner + Cloudflare Workers AI.
L1 scans 52 regex patterns across 4 categories: prompt injection, PII, secrets, and command injection. L2 compares your input against 57 curated attack embeddings using vector similarity to catch novel attacks that don't match known patterns.
Yes, completely free with no signup required. You get 5 server-side L1+L2 scans per hour. After that, the scanner falls back to client-side L1 pattern matching with unlimited scans.
L1 regex scanning runs in under 5ms. Server-side L2 vector scanning adds roughly 100–200ms for embedding generation and similarity comparison.
Content is never stored. Server-side scans embed, compare, and discard your text instantly — nothing is logged or persisted. Client-side L1 scanning never leaves your browser.
L2 converts your text into a mathematical embedding and compares it against 57 known attack embeddings using cosine similarity. This catches semantically similar attacks even when the exact wording doesn't match any regex pattern — like novel prompt injections or paraphrased exfiltration attempts.
This free scanner provides L1 + L2 detection. The full Rune platform adds L3 LLM-based judgment, real-time alerting, a security dashboard, declarative YAML policies, and unlimited scans.