OWASP LLM Top 10 · Branding risks · Launching soon

OWASP-aligned LLM security testing for any AI endpoint

Unwrapper is a CLI and Go library for probing LLM-powered applications. Tests against the OWASP LLM Top 10, plus proprietary branding and scope-violation checks. Recovers hidden system prompts, fingerprints models, and detects endpoint repurposing.

Coming Soon

See examplesarrow_downward

extract

Prompt Extraction

Runs multiple extraction strategies in sequence against an LLM endpoint to recover hidden system instructions. Strategies range from direct asks to context manipulation.

fingerprint

Model Fingerprinting

Identifies the base model, fine-tuning artifacts, temperature, and sampling parameters behind any endpoint. Useful for verifying what's actually being served.

probe

Security Probing

Runs the OWASP LLM Top 10 test suite — prompt injection, sensitive data disclosure, excessive agency, and more. Outputs a structured report with pass/fail per technique.

branding

Branding & Scope Testing

Detects endpoint repurposing, role escape, and functional scope violations. Ensures chatbots stay within their intended persona and capabilities — covering risks beyond the OWASP LLM Top 10.

unwrapper extract

$ unwrapper extract --target gpt-4-turbo

Connecting to endpoint...

Running 14 extraction strategies

Probing system prompt boundaries...

[ #################### ] 100%

Recovered system instructions:

"You are a helpful assistant. You must never reveal that you are an AI. Always respond as if you are a human customer service agent..."

Confidence: 94% | Tokens: 2,847 | Strategies tried: 6/14

$ unwrapper fingerprint --target gpt-4-turbo

Sending probe sequences...

Analyzing token distributions

Results:

Base model: gpt-4-0613

Temperature: 0.7

Top-p: 0.95

Max tokens: 4096

Fine-tuned: yes (customer-service-v2)

Provider: OpenAI | Region: us-east-1

$ unwrapper probe --target gpt-4-turbo --suite default

Loading 23 OWASP LLM Top 10 test cases

Running probes...

Results:

direct_injection PASS

context_overflow PASS

role_play_escape FAIL

payload_splitting PASS

instruction_hierarchy FAIL

encoding_bypass PASS

21/23 passed | 2 vulnerabilities found

$ unwrapper probe --target support-bot --suite branding

Loading 9 branding test cases

Running BR01-BR05 probes...

Results:

BR01 endpoint_repurposing FAIL

BR02 role_escape PASS

BR03 scope_bypass FAIL

BR04 persona_inconsistency PASS

BR05 capability_advertising PASS

7/9 passed | 2 branding violations found