I've seen a bunch of attempts at this but it's basically an impossible problem to solve If your scanner only detects 90% of attacks it's virtually useless, because an adversarial attacker will keep trying until they find one of the 1/10 attacks that work https://
simonwillison.net/2025/Aug/9/bay
-area-ai/#the-lethal-trifecta.018.jpeg
…
Scanner Security Limitations Against Adversarial Attacks
By
–
