IntelStrike Docs

IntelStrike is the autonomous security testing platform that covers OWASP LLM Top 10, web application vulnerabilities, and API security — in one scanner. Run 185+ probes across 17 vulnerability categories against LLM endpoints, RAG pipelines, agent frameworks, web applications, and REST APIs.

Key Capabilities

• 190+ security probes across 18 vulnerability categories (LLM, Web, API, Agent-to-Agent)
• Autonomous Red Teaming Engine — multi-turn, AI-powered adaptive attack sequences with budget management
• Full OWASP LLM Top 10 coverage (LLM01–LLM10) plus RAG and AI Agent attack categories
• Full OWASP Web Top 10 coverage (WEB01–WEB10) — SQL injection, XSS, SSRF, RCE, XXE, path traversal, CSRF, open redirect, and more
• 9 scan profiles: quick, owasp-llm-top10, rag-full, agent-strict, agent-network, autonomous, owasp-web-top10, api-security, full-spectrum
• Parallel probe execution for 5x faster scans
• SDK support for Node.js (Python and Go coming soon)
• CLI for local testing and CI/CD pipeline integration
• REST API for custom integrations and automation
• Real-time dashboard with KPIs, vulnerability tracking, usage analytics, and SSE progress streaming
• SARIF 2.1.0 output for GitHub Security tab and security tool interoperability
• HTML report export — printable, self-contained, compliance-ready
• Native integrations with Slack, Jira, Linear, PagerDuty, GitHub, Teams, Datadog, and generic webhooks with HMAC-SHA256 signing
• Role-based access control (RBAC) with owner/admin/member/viewer roles
• Enterprise audit logs with filtering, pagination, and CSV export
• GitHub Actions CI/CD workflow with SARIF upload and severity-based gating
• Stripe-integrated billing with Free, Pro, and Enterprise tiers
• Compliance mapping: SOC 2, PCI DSS v4.0, ISO 27001:2022, GDPR, NIST CSF 2.0
• Scheduled/recurring scans (daily, weekly, monthly)
• Email notifications: critical alerts, scan completion, weekly digest

How It Works

IntelStrike sends adversarial probes against your AI endpoints, analyzes the responses for vulnerabilities, and classifies findings by OWASP LLM attack vector. Each finding includes a severity rating, evidence of the vulnerability, and step-by-step remediation guidance.

Get up and running with IntelStrike in under 5 minutes. Install the SDK, grab your API key, and run your first scan.

1. Install the SDK

npm install @intelstrike/sdk

2. Get Your API Key

Sign up at intel-strike.com, navigate to Dashboard → API Keys, and create a new key. Set it as an environment variable:

export INTELSTRIKE_API_KEY=isk_live_...

3. Run Your First Scan

npx intelstrike scan \
  --endpoint https://your-api.com/chat \
  --api-key $INTELSTRIKE_API_KEY \
  --profile owasp-llm-top10

4. Review Findings

Findings appear in your IntelStrike dashboard with severity ratings (Critical, High, Medium, Low), OWASP classification, evidence, and step-by-step remediation guidance.

This tutorial walks you through scanning OWASP Juice Shop — a deliberately vulnerable web application perfect for testing IntelStrike's capabilities. You'll deploy it locally, run a full security scan, review findings, and export a report.

Step 1: Deploy OWASP Juice Shop

Juice Shop is a realistic vulnerable application that runs on Node.js. Deploy it locally using Docker:

docker run -d --name juice-shop -p 3000:3000 bkimminich/juice-shop

Verify it's running:

curl http://localhost:3000

Alternatively, install via npm if you prefer:

npm install juice-shop
npx juice-shop

Step 2: Create an IntelStrike Account

If you haven't already, sign up at intelstrike.vercel.app and create an API key from the dashboard.

export INTELSTRIKE_API_KEY=isk_live_...

Step 3: Configure Your Scan

Navigate to Dashboard → New Scan in the IntelStrike dashboard, or use the CLI. For Juice Shop, configure:

Or via CLI:

npx intelstrike scan \
  --endpoint http://localhost:3000 \
  --profile owasp-web-top10 \
  --request-type web \
  --method GET \
  --inject-in query

Step 4: Run the Scan

Click 'Start Scan' in the dashboard or run the CLI command. IntelStrike will execute 50+ probes covering:

• SQL Injection (including JSON field name injection)
• Cross-Site Scripting (reflected, event-handler, javascript: URL)
• Server-Side Request Forgery (AWS/GCP metadata, localhost)
• Authentication Bypass and IDOR
• Command Injection and RCE
• Security Header checks
• Path Traversal
• Open Redirect

The scan typically takes 2-5 minutes depending on your target.

Step 5: Review Findings

Once complete, you'll see findings organized by severity:

Each finding includes:

• OWASP category (e.g., WEB01: SQL Injection)
• Attack vector and payload used
• Confidence score (0-100%)
• Evidence from the response
• Step-by-step remediation guidance
• References to official documentation

Step 6: Export Your Report

Download reports from the dashboard or via API:

curl -H "Authorization: Bearer $INTELSTRIKE_API_KEY" \
  https://api.intel-strike.com/v1/scans/{scanId}/report \
  -o report.pdf

curl -H "Authorization: Bearer $INTELSTRIKE_API_KEY" \
  https://api.intel-strike.com/v1/scans/{scanId}/sarif \
  -o results.sarif

Step 7: Automate with CI/CD

Add IntelStrike to your GitHub Actions pipeline to run scans on every push:

name: Security Scan

on: [push, pull_request]

jobs:
  intelstrike:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run IntelStrike
        env:
          INTELSTRIKE_API_KEY: ${{ secrets.INTELSTRIKE_API_KEY }}
        run: |
          npx intelstrike scan \
            --endpoint ${{ vars.TARGET_URL }} \
            --fail-on critical,high \
            --json > results.json

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.json

Next Steps

• Scan your own APIs using the techniques learned here
• Explore other scan profiles like owasp-llm-top10 for AI endpoints
• Set up scheduled scans for continuous security monitoring
• Integrate with Slack, Jira, or Linear for team notifications
• Review the full documentation for advanced features

The IntelStrike CLI is distributed via npm and can be used with npx or installed globally.

npm install -g @intelstrike/cli

intelstrike scan

Run a security scan against an AI endpoint.

# Scan with custom headers (e.g., auth token)
npx intelstrike scan \
  --endpoint https://api.example.com/v1/chat \
  --headers '{"Authorization": "Bearer sk-..."}' \
  --profile owasp-llm-top10

# CI/CD gate — fail on critical or high findings
npx intelstrike scan \
  --endpoint $LLM_ENDPOINT \
  --fail-on critical,high \
  --json

# Autonomous red teaming — AI-powered adaptive attacks
npx intelstrike scan \
  --endpoint https://api.example.com/v1/chat \
  --profile autonomous \
  --max-turns 10

intelstrike profiles

List or inspect available scan profiles.

# List all profiles
npx intelstrike profiles list

# Show profile details
npx intelstrike profiles show owasp-llm-top10

intelstrike report

Generate a report from a previous scan.

# Generate HTML report
npx intelstrike report --scan-id scn_abc123 --format html

# Generate PDF report
npx intelstrike report --scan-id scn_abc123 --format pdf

intelstrike init

Initialize an IntelStrike configuration file in the current directory.

npx intelstrike init

intelstrike version

npx intelstrike version

IntelStrike currently provides a native Node.js SDK. Python and Go SDKs are on the roadmap. All SDKs will expose the same core capabilities: scanning, result retrieval, and webhook management.

Node.js SDK

import { IntelStrike } from "@intelstrike/sdk";

const client = new IntelStrike({
  apiKey: process.env.INTELSTRIKE_API_KEY,
});

// Run a scan
const scan = await client.scans.create({
  endpoint: "https://your-api.com/chat",
  profile: "owasp-llm-top10",
});

// Poll for results
const results = await client.scans.get(scan.id);
console.log(results.findings);

// List all scans
const scans = await client.scans.list({ limit: 10 });

Python SDK (Coming Soon)

# Coming soon — planned interface
from intelstrike import IntelStrike

client = IntelStrike(api_key="isk_live_...")

scan = client.scans.create(
    endpoint="https://your-api.com/chat",
    profile="owasp-llm-top10",
)

results = client.scans.get(scan.id)
print(results.summary())

Go SDK (Coming Soon)

// Coming soon — planned interface
package main

import (
    "fmt"
    "github.com/intelstrike/go-sdk"
)

func main() {
    client := intelstrike.NewClient("isk_live_...")

    scan, err := client.Scans.Create(&intelstrike.ScanParams{
        Endpoint: "https://your-api.com/chat",
        Profile:  "owasp-llm-top10",
    })
    if err != nil {
        panic(err)
    }

    results, _ := client.Scans.Get(scan.ID)
    fmt.Println(results.Summary())
}

SDK Methods

The IntelStrike REST API is available at https://api.intel-strike.com/v1. All requests require an API key passed in the Authorization header.

curl https://api.intel-strike.com/v1/scans \
  -H "Authorization: Bearer isk_live_..."

Endpoints

Create a Scan

POST /v1/scans accepts the following body parameters:

# LLM endpoint scan
curl -X POST https://api.intel-strike.com/v1/scans \
  -H "Authorization: Bearer isk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "proj_abc123",
    "endpoint": "https://your-api.com/chat",
    "profile": "owasp-llm-top10",
    "requestType": "llm",
    "targetHeaders": {
      "Authorization": "Bearer your-llm-key"
    }
  }'

# Web application scan
curl -X POST https://api.intel-strike.com/v1/scans \
  -H "Authorization: Bearer isk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "endpoint": "https://your-app.com/search",
    "profile": "owasp-web-top10",
    "requestType": "web",
    "method": "GET",
    "injectIn": "query"
  }'

# Autonomous red teaming scan
curl -X POST https://api.intel-strike.com/v1/scans \
  -H "Authorization: Bearer isk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "proj_abc123",
    "endpoint": "https://your-api.com/chat",
    "profile": "autonomous",
    "requestType": "llm",
    "targetDescription": "Customer support chatbot with tool access",
    "budget": { "maxTokens": 100000, "maxTurns": 10 }
  }'

Response Format

{
  "id": "scn_abc123",
  "status": "completed",
  "profile": "owasp-llm-top10",
  "endpoint": "https://your-api.com/chat",
  "created_at": "2026-03-18T10:00:00Z",
  "completed_at": "2026-03-18T10:04:32Z",
  "summary": {
    "total_findings": 7,
    "critical": 1,
    "high": 2,
    "medium": 3,
    "low": 1
  },
  "findings": [
    {
      "id": "fnd_xyz789",
      "owasp_id": "LLM01",
      "title": "Direct Prompt Injection",
      "severity": "critical",
      "evidence": "...",
      "remediation": "..."
    }
  ]
}

Rate Limits

IntelStrike can be configured via a configuration file, environment variables, or CLI flags. The configuration file takes the lowest precedence, followed by environment variables, then CLI flags.

Configuration File

Run npx intelstrike init to generate an intelstrike.config.json file in your project root.

{
  "apiKey": "$INTELSTRIKE_API_KEY",
  "endpoint": "https://your-api.com/chat",
  "profile": "owasp-llm-top10",
  "options": {
    "concurrency": 5,
    "timeout": 300,
    "failOn": ["critical", "high"],
    "headers": {
      "Authorization": "Bearer $LLM_API_KEY"
    }
  },
  "webhooks": {
    "onComplete": "https://your-webhook.com/intelstrike"
  }
}

Environment Variables

Scan Profiles

IntelStrike integrates into your CI/CD pipeline to gate deployments when critical AI vulnerabilities are detected. Use the --fail-on flag to set your severity threshold.

GitHub Actions

name: AI Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Run IntelStrike scan
        env:
          INTELSTRIKE_API_KEY: ${{ secrets.INTELSTRIKE_API_KEY }}
        run: |
          npx intelstrike scan \
            --endpoint ${{ vars.LLM_ENDPOINT }} \
            --fail-on critical,high \
            --json > results.json

      - name: Upload results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: intelstrike-results
          path: results.json

GitLab CI

ai-security-scan:
  stage: test
  image: node:20
  script:
    - npx intelstrike scan
        --endpoint $LLM_ENDPOINT
        --fail-on critical,high
        --json > results.json
  artifacts:
    paths:
      - results.json
    when: always

Jenkins

pipeline {
    agent any
    environment {
        INTELSTRIKE_API_KEY = credentials('intelstrike-api-key')
    }
    stages {
        stage('AI Security Scan') {
            steps {
                sh '''
                    npx intelstrike scan \
                      --endpoint $LLM_ENDPOINT \
                      --fail-on critical,high
                '''
            }
        }
    }
}

IntelStrike provides full coverage of the OWASP Top 10 for LLM Applications. Every attack vector is automated, classified, and includes remediation guidance.

Push scan results and findings to your existing tools in real-time. IntelStrike supports webhooks and native integrations with popular platforms.

Webhook Configuration

const webhook = await client.webhooks.create({
  url: "https://your-app.com/webhooks/intelstrike",
  events: ["scan.completed", "finding.critical"],
  secret: "whsec_...",  // Used to verify webhook signatures
});

Webhook Events

Webhook Payload

{
  "event": "scan.completed",
  "timestamp": "2026-03-25T09:00:00Z",
  "data": {
    "scanId": "scn_abc123",
    "endpoint": "https://your-app.com/api/chat",
    "profile": "owasp-web-top10",
    "riskScore": 74,
    "findings": [
      {
        "id": "fnd_xyz789",
        "title": "SQL Injection via JSON field name",
        "severity": "critical",
        "category": "WEB01"
      }
    ]
  },
  "signature": "sha256=a1b2c3d4e5f6..."
}

Verifying Signatures (Node.js)

Every webhook delivery includes an X-IntelStrike-Signature header. Verify it with HMAC-SHA256 before processing the payload.

import crypto from "crypto";

function verifyWebhookSignature(
  rawBody: Buffer,
  signatureHeader: string,
  secret: string
): boolean {
  const expected = "sha256=" + crypto
    .createHmac("sha256", secret)
    .update(rawBody)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signatureHeader)
  );
}

app.post("/webhooks/intelstrike", express.raw({ type: "*/*" }), (req, res) => {
  const sig = req.headers["x-intelstrike-signature"] as string;
  if (!verifyWebhookSignature(req.body, sig, process.env.WEBHOOK_SECRET!)) {
    return res.status(401).send("Invalid signature");
  }
  const event = JSON.parse(req.body.toString());
  // handle event.event ("scan.completed", "finding.critical", etc.)
  res.sendStatus(200);
});

Native Integrations

IntelStrike exports scan results in SARIF 2.1.0 (Static Analysis Results Interchange Format), the industry standard for security tools. SARIF files can be uploaded to GitHub Security tab, viewed in VS Code SARIF Viewer, or consumed by any SARIF-compatible tool.

Download SARIF via API

# Via API key
curl -H "Authorization: Bearer isk_live_..." \
  https://api.intel-strike.com/api/v1/scan/SCAN_ID/sarif \
  -o results.sarif

SARIF in CI/CD

- name: Run IntelStrike Scan
  run: npx intelstrike scan --endpoint ${{ secrets.TARGET_URL }} --format sarif --output results.sarif

- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

SARIF Contents

• Tool metadata (IntelStrike version, scan profile)
• Rules with OWASP LLM Top 10 taxonomy relationships
• Results with severity levels (error, warning, note, none)
• Invocation metadata (endpoint, duration, success status)
• Security-severity scores for prioritization

IntelStrike includes enterprise-grade access control and compliance features. Role-based access control (RBAC) restricts actions by team role, while audit logs provide a complete trail of all actions taken in your organization.

Role Hierarchy

Permission Examples

Audit Logs

Every significant action is recorded in the audit log with: timestamp, user, action type, affected resource, and metadata. Audit logs support filtering by action type and resource, pagination, and CSV export for compliance reporting.

• scan.created, scan.completed, scan.failed
• api_key.created, api_key.revoked
• vulnerability.resolved, vulnerability.ignored
• member.invited, member.removed, member.role_changed
• integration.created, integration.updated, integration.deleted
• webhook.created, webhook.deleted
• sarif.downloaded
• billing.subscription_created, billing.subscription_cancelled

IntelStrike is designed to work with any LLM endpoint that accepts HTTP requests. Below are the supported runtimes, providers, and system requirements.

Supported Runtimes

Supported LLM Providers

• OpenAI (GPT-4, GPT-4o, GPT-3.5 Turbo)
• Anthropic (Claude 4.5, Claude 4, Claude 3.5)
• Azure OpenAI Service
• Google Vertex AI (Gemini)
• Cohere (Command R+)
• AWS Bedrock
• Hugging Face Inference Endpoints
• Self-hosted models (vLLM, TGI, Ollama, LMStudio)
• Any HTTP endpoint that accepts chat/completion requests

Supported Frameworks

• LangChain / LangGraph
• LlamaIndex
• CrewAI
• AutoGen
• Semantic Kernel
• Custom agent frameworks (via HTTP endpoint scanning)

System Requirements

IntelStrike follows semantic versioning (semver). The API version is specified in the URL path (/v1). SDK versions track the API version they support.

Current Versions

Recent Changes

v1.5.0 — March 2026

• Autonomous Red Teaming Engine — multi-turn AI-powered adaptive attacks with budget management
• Parallel probe execution (5x faster scans with configurable concurrency)
• Stripe billing integration (Free, Pro $49/endpoint/mo, Enterprise)
• Real-time dashboard with KPIs wired to live data
• API key management with SHA-256 hashing and usage tracking
• Added --max-turns flag for autonomous mode

v1.4.0 — March 2026

• Added agent abuse scan profiles (LLM07, LLM08)
• Roadmap: LangChain and LlamaIndex integration planned for Python SDK
• Improved prompt injection detection with multi-turn context analysis
• Added --proxy flag to CLI for corporate network support

v1.3.0 — February 2026

• RAG-specific scan profile with retrieval poisoning detection
• Webhook signature verification helpers in Node.js SDK
• Performance improvements: 40% faster scans with parallel probing

v1.2.0 — January 2026

• HTML and PDF report generation via CLI
• PagerDuty native integration
• Custom scan profiles support
• API rate limiting improvements

IntelStrike covers 17 vulnerability categories across two domains: AI/LLM (12 categories) and Web/API (10 categories). Each category maps to one or more OWASP classifications.

AI / LLM Categories

Web / API Categories

Every finding IntelStrike produces is automatically mapped to the relevant controls in SOC 2 Type II, PCI DSS v4.0, ISO 27001:2022, GDPR, and NIST CSF 2.0. Use the compliance report to generate audit evidence in one click.

Framework Coverage by Category

The IntelStrike API uses standard HTTP status codes. All error responses include a JSON body with a code string and a human-readable message.

{
  "error": {
    "code": "SCAN_LIMIT_EXCEEDED",
    "message": "Free plan allows 5 scans per month. Upgrade to Pro for unlimited scans.",
    "status": 429
  }
}

Frequently Asked Questions

Does IntelStrike send real attacks to my endpoint?

IntelStrike sends adversarial probes designed to test your endpoint's defenses. These are non-destructive — they do not modify data, trigger side effects, or cause damage. However, they may generate unusual log entries. We recommend running initial scans in a staging environment.

Can I scan endpoints behind a VPN or firewall?

Yes. Use the --proxy flag to route scans through your corporate proxy, or whitelist IntelStrike's IP ranges in your firewall. Contact support for the current IP list.

How long does a scan take?

With parallel probe execution (default concurrency of 5), a full OWASP LLM Top 10 scan typically takes 1-2 minutes. The 'quick' profile runs in under 30 seconds. Autonomous red teaming scans take 5-15 minutes depending on the number of turns and budget.

Can I scan multiple endpoints?

Yes. Use the SDK to programmatically scan multiple endpoints, or run multiple CLI scans in parallel in your CI/CD pipeline.

Troubleshooting

Scan times out

• Increase timeout with --timeout 600
• Reduce concurrency with --concurrency 2
• Ensure the target endpoint is reachable and responding within expected latency
• Check if a firewall or WAF is blocking IntelStrike probes

Authentication errors (401/403)

• Verify your API key is set correctly: echo $INTELSTRIKE_API_KEY
• Ensure the key has not been revoked in Dashboard → API Keys
• Check that you're using the correct key type (live vs. test)

No findings detected

• This may indicate strong defenses — review the scan report for details
• Try a more targeted profile (e.g., prompt-injection) for deeper testing
• Ensure the endpoint is returning actual LLM responses (not cached or static)
• Increase concurrency for more comprehensive probing