Interactive tools and practical frameworks for evaluating LLM, agentic AI, MCP, and RAG systems.
These tools are designed to help practitioners think through AI system risk, tool access, retrieval, autonomy, and control mapping. They are simplified educational aids, not formal audits or certifications.
Answer a set of questions about your AI system and generate a basic risk profile covering exposure, data sensitivity, tool access, control gaps, and key recommended controls.
Select the tools an MCP-connected AI agent can access and see how risk changes across authorization scope, tool type, data sensitivity, and action impact.
An interactive checklist for securing MCP-connected AI agents — authorization, tool boundaries, human oversight, content trust, auditing, and supply chain. Track your coverage and copy the result.
Explore how untrusted instructions enter AI workflows through direct user input, retrieved documents, tool output, and external content — with annotated examples of each pattern.
Evaluate your retrieval architecture across retrieval trust, data source permissions, per-user authorization, source freshness, and exposure to indirect prompt injection.
Map security controls to each layer of an agentic AI system: model, agent, tool, data, action, logging, and human review. Identify gaps and explore control options per layer.
Tools are designed for security practitioners, developers, and AI adopters — not compliance officers. The goal is actionable thinking, not checkbox completion.
All tools run entirely in your browser. No data is sent anywhere, no account required, no session is stored.
Tools are inspired by CIS Controls Companion Guides, OWASP LLM Top 10, and NIST AI RMF — simplified and explained in plain language.