Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.benchspan.com/llms.txt

Use this file to discover all available pages before exploring further.

Benchspan is a real-time classifier that blocks prompt injection attacks aimed at your AI agent. Drop the SDK into your existing LangChain, CrewAI, OpenAI Agents, Vercel AI, or Google ADK stack and every tool output and user message gets scanned before it reaches the LLM.
  • Inline. Runs as a callback or middleware in your existing framework, not a separate service to orchestrate.
  • Built for the agent era. Detects indirect prompt injection hiding in tool outputs, HTML, and email, not just user jailbreaks.
  • Free up to 50,000 requests / month, forever. No credit card to start.

Quickstart

Install the SDK and run your first scan in under 2 minutes.

How it works

What Benchspan scans, what it blocks, and the verdicts it returns.

Framework integrations

LangChain, CrewAI, OpenAI Agents, Vercel AI, Google ADK, raw SDKs.

REST API

Use Benchspan directly from any language. Full HTTP reference.

At a glance

Python
from benchspan import BenchGuard
from langchain_anthropic import ChatAnthropic

guard = BenchGuard(api_key="ag_live_...")
llm = ChatAnthropic(model="claude-sonnet-4-6")

# Injection in any message will raise InjectionDetectedError before Claude is called.
result = llm.invoke(messages, config={"callbacks": [guard]})
TypeScript
import { BenchGuard } from "@benchspan/sdk";

const guard = new BenchGuard({ apiKey: "ag_live_..." });

const { injection, verdict } = await guard.scan(toolOutput, { role: "tool" });
if (injection) throw new Error("Blocked by Benchspan");

Who uses Benchspan

Teams shipping agents in production that read untrusted content: email, uploaded documents, web pages, third-party tool outputs. The attack surface expanded the moment your agent started calling tools. Benchspan sits between the tool and the model.