ForceField AI Security Scanner

Detect prompt injection, PII leaks, and security vulnerabilities in prompts, LLM outputs, and configuration files -- directly inside VS Code.

ForceField uses an ML ensemble (TF-IDF + DeBERTa transformer) backed by 352 WAF rules to catch threats before they reach production.

Features

Scan Current File

Open any file containing prompts, system messages, or LLM output and run ForceField: Scan Current File from the Command Palette (Ctrl+Shift+P).

Scan Selection

Select any block of text, right-click, and choose ForceField: Scan Selection to check a specific snippet.

Self-Test

Run ForceField: Run Self-Test (121 attack prompts) to verify your installation against 121 known attack vectors covering jailbreaks, data exfiltration, role hijacking, and more.

Scan on Save

Enable forcefield.scanOnSave to automatically scan every file when you save.

Diagnostics Integration

Blocked content appears as VS Code diagnostics (Problems panel), so threats surface alongside your normal linting workflow.

Requirements

• Python 3.9+
• ForceField SDK: pip install forcefield

Quick Start

1. Install ForceField SDK: pip install forcefield
2. Install this extension from the VS Code Marketplace
3. Open a file and run Ctrl+Shift+P > ForceField: Scan Current File

Extension Settings

Commands

Supported Languages

Activates automatically for Python, YAML, JSON, and Markdown files. All commands are available for any file type via the Command Palette.

Links

• ForceField SDK on PyPI
• ForceField Website
• GitHub
• GitHub Action

License

Apache-2.0