Ship AI-generated code you can trust.
A security layer for every LLM call. It stops prompt injection and jailbreaks going in, and catches insecure code, leaked secrets, risky dependencies, and unsafe commands coming out — with clear findings, before anything runs.
Real-time · no added latency · your code never leaves your environment
Every way an AI call can hurt you, covered
It checks the prompt before your model sees it and the generated code before it runs — so the same input always gets the same answer you can trust.
Prompt injection & jailbreaks
Stops hidden instructions in user input, tool results, or fetched pages from hijacking your agent and overriding your system prompt.
Insecure generated code
Catches the vulnerabilities your model just wrote — injection, path traversal, unsafe deserialization, and more — before they reach your repo.
Leaked secrets & data exfiltration
Flags hardcoded keys and credentials, and code that quietly ships your data to an endpoint you don't control.
Risky dependencies
Checks every package the model adds for malicious, typosquatted, or known-vulnerable dependencies before they land.
Unsafe shell commands
Catches dangerous generated commands — pipe-to-shell installers, reverse shells, credential writes — so they never run on your machines.
Real-time, zero added cost
Runs inline with your request with no latency your users feel, and no extra model or tokens. The same input always gets the same answer you can trust.
Wrap the call you already make
Your key plus our endpoint — scan the prompt on the way in, scan the generated code on the way out. It's a plain authenticated HTTP call, like Stripe or OpenAI.
POST /v1/scan/inputInboundDetects prompt injection and jailbreaks hidden in user input, tool results, or fetched content.
your LLMGenerateYour model call is untouched — any provider, any framework. The guard wraps it, it doesn't replace it.
POST /v1/scan/outputOutboundCatches insecure code, leaked secrets, risky dependencies, and unsafe commands in the exact lines the model produced.
const scan = (path, body) =>
fetch(`${BASE_URL}${path}`, {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.ORION_SECURITY_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify(body),
}).then((r) => r.json());
// 1. Scan the prompt before it reaches the model.
const inbound = await scan("/v1/scan/input", {
config: { input_mode: "strict" },
prompt,
});
if (inbound.blocks) throw new Error(inbound.block_message ?? "Blocked.");
// 2. Your existing LLM call — unchanged.
const code = await llm.complete(prompt);
// 3. Scan what the model generated before anything runs.
const verdict = await scan("/v1/scan/output", {
config: { output_mode: "strict" },
tool_call: { name: "write_file", input: { content: code } },
});
if (verdict.blocks) return verdict.findings; // strict: stop hereA verdict you can act on
Every scan returns structured findings — detector, location, severity, and a standards reference — so you decide what to surface and what to block.
- Structured findings — never a yes/no black box
- Line numbers mapped to the exact generated code
- A CWE plus OWASP / LLM-risk reference on every finding
- Advisory or strict: surface, warn, or block the call
[secrets]Hardcoded AWS access key(line 12)
[CWE-798 · OWASP-LLM05]
[sast]SQL query built from untrusted input(line 34)
[CWE-89 · OWASP-LLM05]
[shell]curl piped directly into bash(line 58)
[CWE-78 · OWASP-LLM05]
[dependency]Typosquatted package 'reqeusts'(line 3)
[CWE-829 · OWASP-LLM03]
[heuristics]Base64-encoded payload near eval()(line 71)
[CWE-506 · OWASP-LLM05]
Frequently asked questions
What is Orion Security?
A security layer you wrap around any LLM call. It checks the prompt for attacks before it reaches the model, and checks the generated code, secrets, dependencies, and commands before anything runs — handing you clear findings to surface, warn on, or block.
Will it slow down my product?
No. It runs in real time, inline with the request you already make — there's no second model in the loop, so your users feel no added latency and you pay no extra tokens.
Can I trust the results?
Yes. The same input always gets the same answer, so a result you sign off on today behaves identically in production tomorrow — no surprise verdicts, nothing flaky to chase down.
What does a finding look like?
Each finding tells you what was caught, where (down to the line), how serious it is, and the matching security standard — so your team can triage it instead of staring at a yes/no black box.
Can it block, or only warn?
Both — you choose per call. In advisory mode it surfaces findings and lets the call through; in strict mode a critical finding stops the call before the generated code or command ever executes.
How hard is it to integrate?
You wrap your existing model call with one authenticated API call — scan the prompt going in, scan the output coming out. Create a key, point at the endpoint with an Authorization header, and you're done — like calling Stripe or OpenAI. No SDK to install, no lock-in, and your prompts and code never leave your environment.
Self-hosted or hosted?
Either. Point your key at our hosted endpoint, or run the service entirely inside your own environment and point at that base URL instead — same API, same protection, same results, your choice of where it lives.
Ship AI-generated code without shipping its risks
Wrap your model calls today with one API call — your key and our endpoint, no added latency for your users, and nothing leaves your environment.
