Migrating from 42Crunch to middleBrick for Model information disclosure check

Migrating from a specialized model security tool to a general API scanner changes how you validate model information disclosure. middleBrick operates as a black-box scanner that requires no agents, SDKs, or code access. You submit a URL and receive a risk score from A to F with prioritized findings, including checks relevant to LLM security such as prompt injection and data exfiltration probes.

Instead of model-specific instrumentation, the scanner runs read-only methods (GET and HEAD) and text-only POST for LLM probes. Scan completion typically occurs in under a minute. This workflow fits into API security validation pipelines where you need fast feedback on whether an endpoint surface exposes model internals, without requiring instrumentation of your model serving layer.

The scanner evaluates 12 security categories aligned to the OWASP API Top 10 (2023), including input validation, rate limiting, data exposure, and LLM/AI Security. For model information disclosure, the LLM section includes 18 adversarial probes across three scan tiers: Quick, Standard, and Deep.

• System prompt extraction attempts.
• Instruction override and DAN/roleplay jailbreak checks.
• Data exfiltration and cost exploitation probes.
• Base64/ROT13 encoding bypass and translation-embedded injection tests.
• Token smuggling, nested instruction injection, and indirect prompt injection.

Because scanning is read-only, destructive payloads are never sent. The scanner focuses on detecting exposure surfaces and configuration issues that may facilitate information disclosure, mapping findings to OWASP API Top 10 where applicable.

If you provide an OpenAPI definition, middleBrick parses OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution. The tool cross-references spec definitions against runtime findings, surfacing mismatches such as undefined security schemes, sensitive fields in responses, deprecated operations, and missing pagination indicators.

This comparison helps you distinguish between actual information exposure and expected behavior documented in the spec. You can use this during migration to validate that documented security schemes align with observed behavior, and to identify areas where the specification is incomplete or overly permissive.

For endpoints that require authentication, middleBrick supports Bearer tokens, API keys, Basic auth, and cookies at the Starter tier and above. Domain verification is enforced via DNS TXT records or an HTTP well-known file, ensuring only the domain owner can run authenticated scans.

When credentials are provided, the scanner forwards a restricted allowlist of headers: Authorization, X-API-Key, Cookie, and X-Custom-*. This controlled forwarding reduces risk during credentialed scans and supports secure validation of model endpoints behind authentication boundaries.

The Web Dashboard centralizes scans, score trends, and downloadable compliance PDFs. The CLI offers JSON and text output via a command such as middlebrick scan <url>, enabling integration into local workflows. A GitHub Action is available to gate CI/CD when scores drop below a defined threshold.

For ongoing monitoring, the Pro tier provides scheduled rescans, diff detection across scans, email alerts rate-limited to one per hour per API, and HMAC-SHA256 signed webhooks with auto-disable after five consecutive failures. The MCP Server allows scanning from AI coding assistants such as Claude and Cursor.