01 / 10 · ROGUE
Measure every way a high-stakes
AI agent goes wrong.
Three failure modes, one engine: the model can be broken, the human gate can be meaningless, the skill memory can leak. ROGUE measures each against an independent, continuously-refreshed standard — reproducible, signed, one engine.
The live path today is the SDK or a scoped pilot; hosted scanning is in private beta.
Soren Obounou Nguia · Incheon · nguiasoren@gmail.com
02 / 10 · the problem
You find out you were jailbroken from your users, not before.
Every LLM you ship is a public attack surface. Prompt injection, jailbreaks, and tool-abuse land in production silently. The first signal is usually a screenshot on social media or an angry support ticket, long after the model already said the thing.
Silent failures
A model that complies with a malicious prompt throws no error. Nothing alerts. The breach is invisible until someone shows you.
Detection lag
By the time a jailbreak trends, it has been working against your deployment for days or weeks.
Your exact config
Generic safety benchmarks don't test your model × your system prompt × your tools. The risk that matters is the one specific to your stack.
03 / 10 · why now
Attack techniques evolve daily. Your red-team report is already stale.
Jailbreaks and injection patterns are published, remixed, and refined in the open every day, on Reddit, X, GitHub, Discord, and research feeds. A one-off pentest is a photograph of a moving target. The moment it ships, it's out of date.
the old way
One-off pentest, twice a year.
A consultant runs a fixed checklist, hands you a PDF, and leaves. The checklist ages out the day they finish.
the rogue way
Continuous harvest, daily diff.
New techniques are harvested from the open web every day and reproduced against your configs automatically. Your report is never older than yesterday.
04 / 10 · the solution
Wire ROGUE into your stack. Get a scored report with a verified fix.
No agents to install, no traffic to mirror. Give ROGUE your deployment config and it does the rest, continuously. Today that runs over the SDK or a scoped pilot; hosted scanning is in private beta.
Connect
Register your deployment, model, system prompt, and tools. Hosted, private, or via the SDK.
Scan
ROGUE reproduces live open-web attacks against that exact config, continuously, and grades every attempt with a calibrated judge.
Report
A scored security report with severity, the exact prompts that broke through, and concrete remediation, refreshed daily.
05 / 10 · how it works
Harvest → reproduce → diff.
A three-stage pipeline that turns the open web's newest attacks into a report about your stack.
Harvest
15 open-web sources · scraper-agnostic
Continuously collect fresh jailbreaks and prompt-injection from across the open web, normalized into a structured threat corpus of attack primitives.
Reproduce
Against your configs
Replay each attack against your model × system prompt × tools, escalate with an adaptive ladder, and grade every attempt with a calibrated judge.
Diff
Daily threat brief
Ship a CISO-readable diff of what's new, what regressed, and what to fix, the artifact you'd actually forward to your team.
459 attack primitives · 15 families · 8,321 reproduction trials run to date.
06 / 10 · the differentiator
One independent, signed standard across all three surfaces.
Anyone can run a checklist once. ROGUE measures the model, the human oversight gate, and the accumulated skill-memory against the same independent, continuously-refreshed open-web corpus — and emits a reproducible, signed record for every result. As the corpus grows, the standard re-tests itself; the moat is the standard, not a feature.
Model broken · human gate meaningless · skill memory leaks — measured, scored, and signed.
Each surface is graded against the same independent corpus that refreshes from the open web, so the standard is never your own marking your own homework, and never stale. Every result ships with a reproducible, signed record you can hand to an auditor. The model surface is mature today; the oversight and memory surfaces are measured and research-validated (signed, small-n), not yet turnkey.
Distributed over MCP too — Claude Desktop · Cursor · Windsurf query the same signed standard from inside your IDE.
07 / 10 · proof
Defensible numbers, every one traceable.
No inflated asterisks. These are the figures we stand behind, measured, sourced, and recalibrated under the current judge.
Judge v3: 79.5% precision · 95.5% recall · 89.3% human agreement on JailbreakBench. Adaptive ladder cuts cost per successful breach from $1.25 to $0.74 (−41%). Judge cost $0.0032 per call with caching + batch API.
08 / 10 · deployment
Four ways to run it.
From a hosted scan to fully air-gapped, ROGUE meets your security posture, not the other way around.
Hosted
The fastest path. We run the scans against your registered endpoint and serve the dashboard — hosted execution in private beta.
Private
Run ROGUE inside your own perimeter. Your prompts and traffic never leave your environment.
SDK
A Python client against a frozen v1 contract, wire ROGUE into your own CI or test harness.
MCP
Query the live threat DB from Claude Desktop, Cursor, or Windsurf, one-click connect.
09 / 10 · who it's for
Built for the people who own the risk.
Anyone shipping an LLM into production has an open attack surface. These are the five who feel it first.
AI / ML engineers
Shipping a model behind a system prompt and tools.
Security & red teams
Owning the LLM attack surface and the audit.
Platform teams
Running the gateway every other team ships through.
CISOs
Accountable for what the model says in production.
AI product leads
On the hook when the model goes off-script publicly.
Point ROGUE at your stack and threat model. Try the demo →
10 / 10 · let's talk
Find every way a high-stakes agent goes wrong, before your users do.
Bring your stack. We'll show you exactly what breaks through it — model, oversight, and memory — and what to fix.