ROGUE

01 / 10 · ROGUE

Measure every way a high-stakes
AI agent goes wrong.

Three failure modes, one engine: the model can be broken, the human gate can be meaningless, the skill memory can leak. ROGUE measures each against an independent, continuously-refreshed standard — reproducible, signed, one engine.

The live path today is the SDK or a scoped pilot; hosted scanning is in private beta.

Soren Obounou Nguia · Incheon · nguiasoren@gmail.com

02 / 10 · the problem

You find out you were jailbroken from your users, not before.

Every LLM you ship is a public attack surface. Prompt injection, jailbreaks, and tool-abuse land in production silently. The first signal is usually a screenshot on social media or an angry support ticket, long after the model already said the thing.

Silent failures

A model that complies with a malicious prompt throws no error. Nothing alerts. The breach is invisible until someone shows you.

Detection lag

By the time a jailbreak trends, it has been working against your deployment for days or weeks.

Your exact config

Generic safety benchmarks don't test your model × your system prompt × your tools. The risk that matters is the one specific to your stack.

03 / 10 · why now

Attack techniques evolve daily. Your red-team report is already stale.

Jailbreaks and injection patterns are published, remixed, and refined in the open every day, on Reddit, X, GitHub, Discord, and research feeds. A one-off pentest is a photograph of a moving target. The moment it ships, it's out of date.

the old way

One-off pentest, twice a year.

A consultant runs a fixed checklist, hands you a PDF, and leaves. The checklist ages out the day they finish.

the rogue way

Continuous harvest, daily diff.

New techniques are harvested from the open web every day and reproduced against your configs automatically. Your report is never older than yesterday.

04 / 10 · the solution

Wire ROGUE into your stack. Get a scored report with a verified fix.

No agents to install, no traffic to mirror. Give ROGUE your deployment config and it does the rest, continuously. Today that runs over the SDK or a scoped pilot; hosted scanning is in private beta.

1

Connect

Register your deployment, model, system prompt, and tools. Hosted, private, or via the SDK.

2

Scan

ROGUE reproduces live open-web attacks against that exact config, continuously, and grades every attempt with a calibrated judge.

3

Report

A scored security report with severity, the exact prompts that broke through, and concrete remediation, refreshed daily.

05 / 10 · how it works

Harvest → reproduce → diff.

A three-stage pipeline that turns the open web's newest attacks into a report about your stack.

Harvest

15 open-web sources · scraper-agnostic

Continuously collect fresh jailbreaks and prompt-injection from across the open web, normalized into a structured threat corpus of attack primitives.

Reproduce

Against your configs

Replay each attack against your model × system prompt × tools, escalate with an adaptive ladder, and grade every attempt with a calibrated judge.

Diff

Daily threat brief

Ship a CISO-readable diff of what's new, what regressed, and what to fix, the artifact you'd actually forward to your team.

459 attack primitives · 15 families · 8,321 reproduction trials run to date.

06 / 10 · the differentiator

One independent, signed standard across all three surfaces.

Anyone can run a checklist once. ROGUE measures the model, the human oversight gate, and the accumulated skill-memory against the same independent, continuously-refreshed open-web corpus — and emits a reproducible, signed record for every result. As the corpus grows, the standard re-tests itself; the moat is the standard, not a feature.

Model broken · human gate meaningless · skill memory leaks — measured, scored, and signed.

Each surface is graded against the same independent corpus that refreshes from the open web, so the standard is never your own marking your own homework, and never stale. Every result ships with a reproducible, signed record you can hand to an auditor. The model surface is mature today; the oversight and memory surfaces are measured and research-validated (signed, small-n), not yet turnkey.

Distributed over MCP too — Claude Desktop · Cursor · Windsurf query the same signed standard from inside your IDE.

07 / 10 · proof

Defensible numbers, every one traceable.

No inflated asterisks. These are the figures we stand behind, measured, sourced, and recalibrated under the current judge.

459
attack primitives
298 open-web–harvested · 15 families · 15 sources
89.3%
judge–human agreement
JailbreakBench, v3 recalibrated
−41%
cost per successful breach
adaptive ladder vs fixed order
$0
default harvest cost
scraper-agnostic, keyless by default

Judge v3: 79.5% precision · 95.5% recall · 89.3% human agreement on JailbreakBench. Adaptive ladder cuts cost per successful breach from $1.25 to $0.74 (−41%). Judge cost $0.0032 per call with caching + batch API.

08 / 10 · deployment

Four ways to run it.

From a hosted scan to fully air-gapped, ROGUE meets your security posture, not the other way around.

Hosted

The fastest path. We run the scans against your registered endpoint and serve the dashboard — hosted execution in private beta.

Private

Run ROGUE inside your own perimeter. Your prompts and traffic never leave your environment.

SDK

A Python client against a frozen v1 contract, wire ROGUE into your own CI or test harness.

MCP

Query the live threat DB from Claude Desktop, Cursor, or Windsurf, one-click connect.

09 / 10 · who it's for

Built for the people who own the risk.

Anyone shipping an LLM into production has an open attack surface. These are the five who feel it first.

AI / ML engineers

Shipping a model behind a system prompt and tools.

Security & red teams

Owning the LLM attack surface and the audit.

Platform teams

Running the gateway every other team ships through.

CISOs

Accountable for what the model says in production.

AI product leads

On the hook when the model goes off-script publicly.

Point ROGUE at your stack and threat model. Try the demo →

10 / 10 · let's talk

Find every way a high-stakes agent goes wrong, before your users do.

Bring your stack. We'll show you exactly what breaks through it — model, oversight, and memory — and what to fix.