What is an LLM vulnerability scanner?

An LLM vulnerability scanner sends batteries of adversarial probes — jailbreaks, prompt injections, PII extraction attempts, harmful-content requests — at a target LLM and grades the responses. The output is a vulnerability + optimization report with per-probe evidence, severity, and a prioritized fix list.

Which LLMs can I scan with FilterPrompt?

OpenAI, Anthropic, Google Gemini, Azure OpenAI, plus any OpenAI-compatible endpoint — Ollama, Groq, Mistral, Together AI, OpenRouter, Perplexity, Hugging Face, vLLM, or your own custom endpoint. Bring your own keys per tenant.

What kinds of vulnerabilities does FilterPrompt test for?

Jailbreaks (DAN, role hijack, translation smuggling), direct and indirect prompt injection, system-prompt extraction, harmful-content compliance, PII / secret leakage, bias & fairness, RAG poisoning, agent/tool abuse, output quality, and robustness — categories map to the OWASP LLM Top 10.

How are probes graded?

Each probe declares an evaluator: regex match, refusal-check, contains-check, or an AI judge (Gemini 3 Flash). Pass/fail comes with severity, category, the exact prompt sent, the model's full response, and the evaluator's reason — fully auditable.

How much does a scan cost?

1 credit per probe executed. New accounts get 1 welcome credit on signup. Pay-as-you-go credit packs after that — credits never expire. Connecting LLMs and creating tenants is free.

Network Security vs Application Security in 2026

Strategy · 2026-06-15 · 13 min read · FilterPrompt Security Team

How network security and application security differ in 2026, what tools and network security companies to use for each layer, and how to combine them.

Network security and application security solve adjacent but distinct problems, and the lines between them have shifted as workloads moved to the cloud. This guide covers what each discipline is in 2026, which network security companies and application security tools matter, and how to combine them effectively in a Zero-Trust era where the network perimeter is mostly identity, not IP.

Definitions in 2026

Network security protects the data path — segmentation, firewalls, encryption-in-transit, VPN/SASE, intrusion detection, and east-west traffic visibility. Application security protects the workloads and APIs that data flows to and from — secure coding, dependency management, runtime protection, WAF, and API security. The classic model put a firewall at the network edge and trusted everything inside; modern Zero Trust assumes the network is hostile and pushes security closer to identity and application.

Network security tools and companies

Next-gen firewalls — Palo Alto NGFW, Fortinet FortiGate, Check Point, Cisco Firepower
SASE / SSE — Zscaler, Cloudflare, Netskope, Palo Alto Prisma Access
Network detection and response — Darktrace, Vectra, ExtraHop, Corelight
Microsegmentation — Illumio, Akamai Guardicore, VMware NSX
DDoS protection — Cloudflare, Akamai, Imperva, AWS Shield

Leading network security companies in 2026 include Palo Alto Networks, Fortinet, Cisco, Check Point, Cloudflare, and Zscaler. Boutiques and specialists include Darktrace (NDR), Illumio (microsegmentation), and Cato Networks (SASE).

Application security tools and companies

SAST — Semgrep, SonarQube, Checkmarx, Veracode
DAST — Burp Suite, Invicti, Qualys WAS
SCA — Snyk, GitHub Dependabot, Mend
API security — Salt Security, Noname, Traceable
Runtime protection — Contrast, Imperva RASP
WAF — Cloudflare, AWS WAF, Imperva, F5
AI app security — FilterPrompt, Lakera, Robust Intelligence

How they overlap and where they diverge

WAFs sit at the boundary — they are network-layer products that inspect application-layer traffic, and most network security companies (Cloudflare, F5, Imperva) sell them. API security overlaps similarly — north-south API protection looks like network security, east-west API protection looks like application security. The cleanest mental model in 2026: anything that inspects packets without business-logic understanding is network security; anything that understands the application's business logic and APIs is application security.

Zero Trust and the changing perimeter

Zero Trust shifts the trust boundary from network location to identity + device + context. The network firewall does not disappear — it shrinks in scope and is supplemented by identity-aware proxies (Cloudflare Access, Zscaler Private Access). For internal applications, network security becomes 'verify identity and device on every request' rather than 'allow if on the corporate VPN'. Application security still owns business-logic authorisation, input validation, and output encoding — those do not move to the network layer.

Combining the two layers effectively

Map each application's data flow end-to-end and identify what each layer protects against
Apply network controls first (segmentation, WAF, DDoS) — they are cheaper and broader
Apply application controls inside the network boundary (input validation, authorisation, secure dependencies)
Wire telemetry from both layers into one SIEM so attack chains are visible across both
Test the combination annually with a red team engagement

Cloud-specific considerations

In cloud environments, network security and application security blur further — security groups and VPC routing belong to network security, but they are configured by application teams. CSPM tools (Wiz, Prisma Cloud) cover the configuration plane; CWPP covers the runtime plane; WAF and API security cover the request plane. Most cloud-native organisations need at least one tool from each plane.

FAQ

Which matters more in 2026?

Application security failures are the more common breach root cause; network security failures often have larger blast radius. Fund both, weighted to the threat model.

Do I need a network firewall in a Zero Trust model?

Yes — for outbound filtering, segmentation between trust zones, and DDoS absorption. The role shrinks, it does not disappear.

Where does AI security fit?

AI application security is an application security adjacency — same disciplines (input validation, output handling, secure development), different threat catalogue (OWASP LLM Top 10 instead of OWASP Top 10).

Conclusion

Network security and application security remain complementary disciplines with shifting boundaries. The competent security architect understands what belongs to each, where they overlap (WAF, API security), and how to wire them together in a Zero Trust era. The newest application-layer responsibility — securing LLM-powered features — slots neatly into the application security category.