Documentation
canar.ai is an open source framework that detects AI agents visiting your site and tests whether they follow hidden instructions they shouldn't.
For site owners
Embed a single script tag to monitor AI agents visiting your pages. See which agents are vulnerable to prompt injection and how they interact with hidden content.
Get started →For AI providers
Test your agent against our 12 injection vectors across web and API surfaces. Use our hardening guide to build resilience before attackers find the gaps.
Hardening guide →Quickstart
Add the script tag to your site and start testing in under a minute.
How It Works
The 4-phase lifecycle: detect, inject, trigger, remediate.
Injection Vectors
Reference for all 8 web and 4 API injection techniques.
Hardening Your Agent
5 principles for protecting AI agents against prompt injection.