ContextHound v1.8.0 is out 🎉

This release adds a Runtime Guard API - a lightweight wrapper that inspects your LLM calls in-process, before the request hits OpenAI or Anthropic.

Free and open-source. If this is useful to you or your team, a GitHub star or a small donation helps keep development going.
github.com/IulianVOStrut/ContextHound

#LLMSecurity #PromptInjection #CyberSecurity #OpenSource #AIRisk #AppSec #DevSecOps #GenAI #RuntimeSecurity #InfoSec #MLSecurity #ArtificialIntelligence

📡 **In the Wild** — every Monday ContextHound scans 6 popular open-source AI repos automatically.
• anthropic-cookbook — 3,919 findings
• promptflow — 3,749 findings
• crewAI — 1,588 findings
• LiteLLM — 1,155 findings
• openai-cookbook — 439 findings
• MetaGPT — 8 findings

🎮 **Try It** — paste any prompt or LLM code snippet and see findings instantly. No install needed. Runs entirely in your browser.

https://contexthound.com

#LLMSecurity #PromptInjection #AISecOps

ContextHound v1.7.0 — three releases shipped today:

v1.5.0: --format csv, --format junit
v1.6.0: supply chain rules, DOS detection, encoding obfuscation, MCP security
v1.7.0: --min-confidence flag (low/medium/high)

86 rules. 14 categories. 0 API calls. Fully offline. Runs in CI.

Website: live repo scans, daily CVE feed for AI packages, browser-based snippet demo.

https://github.com/IulianVOStrut/ContextHound

AppSec teams:

Your developers are shipping LLM features faster than you can review them.

ContextHound gives you automated prompt security scanning integrated into CI/CD, the same way you already use Semgrep, Bandit, or CodeQL.

Same workflow. New threat surface covered.

Guard every PR automatically:

```yaml
- uses: IulianVOStrut/ContextHound@v1
with:
fail-on: critical
```

Blocks on critical findings. Uploads results to GitHub Code Scanning. Works out of the box.

Your AI features don't ship until they pass the hound.

OWASP Top 10 for LLMs.

#1 threat: Prompt Injection.

Most AI apps ship without ever checking for it.

ContextHound is the static analysis tool that changes that same workflow as Semgrep or CodeQL, built specifically for LLM security.

For anyone who tried to install ContextHound before and got a 404:

I'm sorry. The npm package wasn't published. It's fixed now.

Three ways to use it today:

# Global (recommended)
npm install -g context-hound

# Per-project
npm install --save-dev context-hound

# Zero-install
npx context-hound scan

The VS Code extension auto-discovers whichever you have. If none, it falls back to npx automatically.

#npm #OpenSource #DevTools #Security

v0.1.0 is honest about being early. The icon is a placeholder. Quick-fix code actions are coming. First npx run takes ~10s. But the core works — and I'll keep shipping.

⭐ github.com/IulianVOStrut/ContextHound
📦 npmjs.com/package/context-hound
☕ buymeacoffee.com/I_VO_S

#Security #VSCode #LLM #PromptInjection #AI #OpenSource #DevTools

Under the hood: 70 rules across 11 categories.

Injection · Exfiltration · Jailbreak · Unsafe tools · Command injection · RAG poisoning · Encoding evasion · Output handling · Multimodal attacks · Skills marketplace · Agentic risks

All firing silently. All offline. All free.

What the extension does:

Every time you save a file, ContextHound runs a full background scan. Vulnerable lines get squiggles. Hover any squiggle and you see the exact remediation. The status bar shows your repo risk score (0–100) at all times.

🛡 Hound: 23/100 ✓ ← you're good
🛡 Hound: 72/100 ✗ ← something needs fixing

Click it → Problems panel with every finding.