Promptfoo has introduced a new AI security product focused on code scanning for vulnerabilities related to large language models (LLMs), specifically targeting sensitive information disclosure, jailbreak risk, and prompt injection. This tool is initially available as a GitHub Action that reviews pull requests for security issues in LLM interactions, using security-focused AI agents to evaluate code changes. The tool has already proven effective in identifying issues that other reviewers missed due to its specialized focus on specific problematic patterns. It addresses the unique security challenges presented by LLM apps, such as their propensity for injection vulnerabilities, by tracing input and output flows through the application to assess potential risks. The scanner has been tested on real-world cases, such as CVEs involving code execution and database query injection, demonstrating its ability to flag vulnerabilities accurately. While it provides default guidance, users can customize its settings to align with their security practices, thus balancing between avoiding alert fatigue and ensuring thorough vulnerability detection.