# EverHarden > EverHarden is a multi-agent prompt-injection scanner for websites visited by AI agents (ChatGPT, Claude, Copilot, Perplexity, Googlebot). Unlike single-fetch traditional scanners (Burp, ZAP, Snyk) which fetch each URL once and miss user-agent cloaking and per-agent payload tuning, EverHarden fetches your site as each AI agent in parallel and diffs the responses to surface hidden prompts, cloaked content, and adversarial alt-text. Free first scan. EverHarden checks if your site is hacking your visitors' AI agents — a new threat surface (OWASP LLM01:2025, Indirect Prompt Injection) that traditional security scanners structurally cannot detect because they fetch each URL only once. Web content can include hidden instructions designed to manipulate AI agents browsing the page on behalf of users (e.g., redirecting Claude or ChatGPT to perform unintended actions when summarizing the page). EverHarden detects these patterns: hidden text via CSS, adversarial alt-text, cloaked content served only to AI user-agents, and prompt-injection payloads in HTML and markdown. ## Primary - [Homepage](https://everharden.com/): Product overview — multi-agent prompt-injection scanning for the AI-agent web. Free first scan. - [Research index](https://everharden.com/research/): Primary technical research on indirect prompt injection — methodology, in-the-wild studies, EU AI Act compliance briefings, and the public test corpus. Curated entry point for defenders and red-teamers. ## Resources - [Blog index](https://everharden.com/blog/): Technical writing on AI-agent web security, indirect prompt injection, multi-agent scanning architecture. Two substantive posts per month. - [What the IMF May 2026 cyber-risk warning means for the public web](https://everharden.com/blog/imf-may-2026-systemic-cyber-risk-and-the-ai-agent-web.html): Regulator interpretation. The IMF May 7, 2026 statement named AI-driven systemic cyber risk for financial stability but did not name AI agents as new attack surface. This post connects the systemic-risk argument to the public-web threat surface and lists three implications for marketing-site operators ahead of late-2026 supervisory expectations. - [Why single-fetch scanners are structurally blind to AI-agent attacks](https://everharden.com/blog/single-fetch-scanners-blind-to-ai-agents.html): Category manifesto. The architectural gap between traditional scanners (Burp, ZAP, Snyk) and the AI-agent threat surface. Three attack classes only multi-agent fetching detects: user-agent cloaking, dynamic agent-conditional injection, agent-tuned payload variants. - [Prompt injection through website content](https://everharden.com/blog/prompt-injection-through-website-content.html): Six concrete attack vectors AI agents face when browsing webpages — CSS-hidden text, adversarial alt-text, HTML comments, SVG-embedded text, user-agent cloaking, markdown-as-instructions — and what traditional scanners miss. - [EverHarden test corpus](https://everharden.com/test-corpus/): A deliberately-injected public test target. Twelve labeled IPI patterns (zero-width Unicode, 1px font, transparent ARIA, off-screen positioning, canvas-rendered text, HTML comments, CSS display:none, noscript, white-on-white, SVG title/desc, JSON-LD injection, UA cloaking — last is server-side, planned) for tool evaluation. Each seeded instruction is benign and only directs an agent to emit a labeled `TEST_PATTERN_NN` string. Use this URL to evaluate any scanner, including ours. ## Legal - [Impressum](https://everharden.com/impressum.html): Operator information per §5 TMG. - [Datenschutz](https://everharden.com/datenschutz.html): GDPR/DSGVO privacy notice. ## Operator - Provider: EverHarden - Region: EU (Germany hosted) - Language: English (primary) - Use cases: web security teams, content site owners, AI integration teams, compliance officers concerned about prompt-injection threats from AI-agent traffic, financial-services operators preparing for late-2026 IMF-aligned cyber stress-test expectations. - Threat surface covered: hidden CSS text, adversarial alt-text, AI-user-agent cloaking, HTML/Markdown prompt injection payloads, indirect prompt injection (OWASP LLM01:2025), dynamic agent-conditional injection, agent-tuned payload variants. - Architecture: multi-agent parallel fetching with DOM-aware response diff and signature library. Distinct from single-fetch traditional scanners (Burp, ZAP, Snyk). - Regulatory framing: IMF May 7, 2026 statement on AI-driven systemic cyber risk; OWASP LLM Top 10 (2025), entry LLM01:2025; EU AI Act provisions on systemic-risk GPAI obligations and August 2026 high-risk system compliance deadline.