Chaos monkey for AI agents

BREAK YOUR
AGENTS BEFORE

Wire a single decorator. Fire targeted adversarial attacks acrossprompt injection, goal hijacking, memory poisoning, tool abuse, and jailbreak variants.

Ship agents that survive 1,000 disasters before production.

Initiate Attack Run →
watchllm-chaos-worker · PID 8492
● LIVE
Prompt InjectionGoal HijackingMemory PoisoningTool AbuseBoundary TestingJailbreak VariantsRunaway Cost DetectionInfinite Loop GuardDB Drop PreventionPrompt InjectionGoal HijackingMemory PoisoningTool AbuseBoundary TestingJailbreak VariantsRunaway Cost DetectionInfinite Loop GuardDB Drop Prevention
// How it works
THREE LINES.
ZERO SURPRISES.
01
Wire the Decorator
Drop one line above your agent function. WatchLLM intercepts all LLM calls transparently — no refactoring, no SDK swap.
@watchllm.monitor(agent_fn)
02
Define Attack Scenarios
Choose from 40+ adversarial templates or write custom payloads. Configure severity, injection vectors, and target tool surfaces.
mode=chaos
attacks=["goal_hijack","tool_abuse"]
03
Read the Autopsy
Structured failure reports with reproduction steps, vulnerability classification, and a hardening checklist. Git-style replay for every failure.
→ report.json
3 critical · 7 high · 12 passed
// Attack surface coverage
EVERY VECTOR.
BEFORE PROD.
ATK-01
Prompt Injection
Adversarial instructions hidden in tool outputs, memory, or user input that override system intent.
Critical
ATK-02
Goal Hijacking
Mid-session manipulation that redirects the agent away from its assigned objective toward attacker goals.
Critical
ATK-03
Memory Poisoning
Corruption of vector store or conversation history to plant false context that persists across sessions.
Critical
ATK-04
Tool Abuse
Tricking the agent into calling dangerous tools — DROP TABLE, rm -rf, mass-delete — via social engineering prompts.
High
ATK-05
Boundary Testing
Systematic probing of scope constraints, permission boundaries, and refusal behaviors under adversarial pressure.
High
ATK-06
Jailbreak Variants
40+ known jailbreak patterns including DAN, roleplay-based, token smuggling, and multilingual bypass attempts.
Medium