What is the zeroleaks Package

The zeroleaks npm package is the open-source AI security scanner that powers ZeroLeaks. It provides programmatic and CLI access to run extraction and injection scans against system prompts and deployed agents.

Features

• runSecurityScan() — One-line scan: pass a system prompt, get vulnerability and score
• createScanEngine() — Full control over turns, tree depth, Best-of-N, callbacks
• CLI — zeroleaks scan, zeroleaks probes, zeroleaks techniques
• Multi-agent architecture — Strategist, Attacker, Evaluator, Mutator, Inspector, Orchestrator
• 100+ probes — 15+ attack categories (direct, encoding, persona, social, technical, crescendo, many-shot, cot-hijack, ascii-art, policy-puppetry, hybrid, tool-exploit, injection, garak-inspired)
• Extraction and injection modes — Test prompt leakage and instruction override
• OpenRouter — LLM access via OpenRouter (attacker, evaluator, target models)

Architecture

zeroleaks uses a TAP (Tree of Attacks with Pruning) methodology with multiple specialized agents:

Research Foundation

zeroleaks incorporates techniques from:

• TAP — Tree of Attacks with Pruning (Mehrotra et al.)
• PAIR — Prompt Automatic Iterative Refinement
• Crescendo — Multi-turn gradual escalation
• TombRaider — Dual-agent defense fingerprinting
• Siren Framework — Multi-turn human jailbreak simulation
• Echo Chamber — Gradual escalation patterns
• Best-of-N — Semantic sampling for jailbreaking
• Garak — NVIDIA Garak-inspired probes

Use Cases

• CI/CD — Run scans on system prompt changes before deployment
• Local development — Test prompts without the ZeroLeaks dashboard
• Custom tooling — Integrate scans into your own pipelines
• Research — Access probe library and knowledge base programmatically

Next Steps

• Installation — Install via bun or npm
• Quick Start — Basic scan example
• CLI — Command-line usage
• Scan Engine — Advanced configuration