LochBot is a free prompt injection vulnerability checker. It analyzes your chatbot's system prompt against 31 known attack patterns across seven categories: direct injection, context manipulation, delimiter attacks, data extraction, role play jailbreaks, encoding attacks, and prompt leaking.
LochBot does not test your system prompt against an actual AI model. Instead, it performs client-side pattern matching to check whether your prompt contains defensive language against known attack vectors. For each attack pattern, it looks for specific defensive phrases, structural elements (like XML delimiters), and refusal examples that research has shown to reduce injection success rates.
The tool scores your prompt from 0 to 100 and assigns a letter grade (A through F). Each failed test includes a specific fix suggestion you can add to your system prompt. Severity levels (critical, high, medium, low) determine how much each attack contributes to the overall score.
All analysis runs entirely in your browser. Your system prompt never leaves your machine. There are no API calls, no server-side processing, no analytics tracking your prompt content, and no data storage. You can verify this by checking the network tab in your browser's developer tools while running an analysis.
Pattern matching cannot predict how a specific LLM will respond to injection attempts. A prompt that scores well on LochBot may still be vulnerable to novel attacks, and a prompt that scores poorly may work fine with a well-aligned model. LochBot is a structural analysis tool, not a substitute for red-team testing against your actual model.
LochBot is part of the zovo.one developer tools collection. Related tools include ClaudHQ for Claude API management and InvokeBot for chatbot deployment workflows.