frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: PromptSonar – Static analysis for LLM prompt security

https://github.com/meghal86/promptsonar
1•meghal86•2h ago
I built PromptSonar because I kept seeing LLM security discussions focus entirely on runtime interception — but nobody was scanning the prompt strings written directly into source code before they ship.

PromptSonar is a static analyzer that scans your codebase for prompt injection, jailbreaks, PII leaks, and privilege escalation patterns in LLM prompt strings. It works across TypeScript, JavaScript, Python, Go, Rust, Java, and C#.

What it catches: - Direct prompt injection and jailbreak patterns - Unicode evasion: Cyrillic homoglyphs, zero-width character injection, Base64-encoded jailbreaks - PII exposure in prompts (SSN, credit card, API keys) - Privilege escalation and role manipulation - RAG poisoning patterns - Insecure output handling

Maps findings to OWASP LLM Top 10. Outputs SARIF v2.1.0 for GitHub Code Scanning integration. 100% local, zero telemetry, no API calls.

Available as VS Code extension, CLI, and GitHub Action.

npx @promptsonar/cli scan ./src

I wrote up the Unicode evasion detection methodology separately if anyone is interested in how the normalization pipeline works: https://medium.com/@meghal86/detecting-unicode-homoglyph-and...

Comments

selfradiance•1h ago
Nice idea — prompt injection is one of those problems that gets hand-waved until it's in production. The CI/CD gating (fail hard on Critical) is the right call. Most security tooling only warns; blocking the pipeline is what actually changes behavior.

The Road Not Taken: A World Where IPv4 Evolved

https://owl.billpg.com/ipv4x/
1•billpg•1m ago•0 comments

NEXUS.Pulse: A Binary-First Broadcast Service. 1M Entities Streamed in 11.8µs

https://telemetry.intelligentaudio.net
1•NexusCore•1m ago•1 comments

Show HN: Sigyn – OSS native macOS secrets manager to replace .env (GUI+CLI)

https://connorguy.github.io/sigyn/
1•conguy•1m ago•0 comments

Asia rolls out 4-day weeks, WFH to solve fuel crisis caused by Iran war

https://fortune.com/2026/03/11/iran-war-fuel-crisis-asia-work-from-home-closed-schools-price-caps/
2•speckx•1m ago•0 comments

Chardet dispute shows how AI will kill software licensing

https://www.theregister.com/2026/03/06/ai_kills_software_licensing/
1•DGAP•2m ago•0 comments

Show HN: jj-benchmark – Evaluating AI agents on Jujutsu version control

https://tabbyml.github.io/jj-benchmark/
1•wsxiaoys•2m ago•0 comments

agent-shell 0.47 updates

https://xenodium.com/agent-shell-0-47-1-updates
1•xenodium•3m ago•0 comments

AI Is Heroin

https://pancake.bearblog.dev/2026-03-11-ai-is-heroin/
2•speckx•3m ago•0 comments

Show HN: Open-source project management tool

https://github.com/MislavNovalic/Axelo
1•mnovalic•3m ago•0 comments

Adding internationalization to a SaaS is easier than it used to be

1•LeanVibe•6m ago•0 comments

Show HN: An Embeddable SQLite Parser

https://github.com/sqliteai/liteparser
1•marcobambini•6m ago•0 comments

Show HN: I made PythonStarter so I could launch faster with no Next.js or React

https://pythonstarter.co/
1•dan_easterman•8m ago•1 comments

Grand jury subpoena for Signal user data in the United States District Court

https://signal.org/bigbrother/district-of-columbia/
4•nobody9999•9m ago•0 comments

The Marginal Hire

https://tomtunguz.com/marginal-hire/
1•vinhnx•11m ago•0 comments

AMD and KDE improve Linux HDR/color, co-developed using Claude Code

https://www.phoronix.com/news/AMD-More-HDR-KWin-Claude-Code
1•speckx•11m ago•0 comments

Show HN: Search 7,500 MCP servers across NPM, PyPI, and the official registry

https://api.rhdxm.com/blog/crawled-7500-mcp-servers
2•c5huracan•11m ago•1 comments

Ask Maps and Immersive Navigation: New AI Features in Google Maps

https://blog.google/products-and-platforms/products/maps/ask-maps-immersive-navigation/
1•emschwartz•11m ago•0 comments

BigQuery Graph Series – Query and Visualize Your Graph

https://medium.com/google-cloud/bigquery-graph-series-2e35bb203aac
1•tanelpoder•11m ago•0 comments

Inside the cutthroat competition for the best baguette in Paris

https://www.washingtonpost.com/travel/2026/02/27/best-baguette-paris-contest/
2•bookofjoe•12m ago•1 comments

A Good Startup Idea Checklist (2016)

https://www.tillett.info/2016/01/27/a-good-idea-checklist/
1•matthieu_bl•13m ago•0 comments

Entangl – Post-quantum secure communication protocol for AI agents

https://github.com/amitb-quantum/entangl
1•xmas123•13m ago•1 comments

MCP server that audits AI agent reasoning before decisions commit

https://espiradev.org/blog/sentinel-ai-reasoning-observatory.html
1•aespira•13m ago•1 comments

OpenClaw agents always freeze. We fixed it by building ClaWatch

https://github.com/GENWAY-AI/clawatch
4•GalDayan•14m ago•4 comments

LLMs generate billing race conditions. Every one catches it when asked

https://forward.deployed.agency/blog/check-call-deduct
1•grandSpecial•14m ago•0 comments

Show HN: Riventa.Dev – AI-native DevOps that acts, not just alerts

https://www.riventa.dev/
2•christopherAs•14m ago•0 comments

Custom programming languages make agents good

https://blog.firetiger.com/custom-programming-languages-make-agents-really-really-smart/
3•matsur•14m ago•0 comments

A Large-Scale Synthetic Dataset Generated from Programming Concept Seeds

https://huggingface.co/blog/nvidia/synthetic-code-concepts
1•ibobev•14m ago•0 comments

Show HN: View WhoisHiring post ranked against your resume using a CLI

https://github.com/jsonresume/jsonresume.org/tree/master/packages/job-search
1•thomasfromcdnjs•15m ago•0 comments

Firefly128/sparccord: Discord client for Solaris 7 SPARC

https://github.com/firefly128/sparccord
1•surprisetalk•16m ago•0 comments

OverTheWire: Wargames

https://overthewire.org/wargames/
1•surprisetalk•16m ago•0 comments