WAST Scanner Pushes into AI Security Frontier with LLM Prompt Injection Detection Engine

The WAST web application security scanner is moving to directly target the emerging threat of AI-powered applications. A core development task is now to build an `LLMPromptInjectionScanner`, a dedicated engine designed to detect indirect prompt injection attacks through web form inputs. This capability, listed as a top-priority P0 item, represents the foundational next step for the tool's expansion into AI-specific vulnerability detection, moving beyond merely identifying LLM-powered endpoints to actively probing them for critical weaknesses.

The new scanner module, to be implemented in `pkg/scanner/prompti.go`, will leverage the existing `llmdetect.go` component. That detector already uses heuristics—like response timing, streaming patterns, and specific headers—to identify endpoints likely powered by large language models. Once an LLM endpoint is found, the new scanner will automatically inject crafted prompt injection payloads through form parameters, testing whether user-supplied input can manipulate or subvert the AI's behavior. This approach mirrors the established architecture for detecting classic vulnerabilities like SQLi and XSS, using the existing `aggregator.go` framework for a clean integration.

This development signals a strategic shift for WAST from general web security into the specialized arena of AI application security. The successful implementation of this prompt injection detection engine is explicitly framed as the necessary foundation for all subsequent planned AI security features, including stored content injection detection, system prompt extraction, and jailbreak detection. It positions the open-source tool at the forefront of practical, automated testing for one of the most novel and dangerous attack vectors introduced by the widespread integration of LLMs.