The Euro NCAP for AI tools

We crash-test AI tools for data leaks.

MCP servers, agents and Claude Code plugins run with your API keys, files and environment. Oxavion drops them into an instrumented sandbox and proves — with evidence — whether your data stays put or walks out the door.

Calibrated engine · 0 false-negatives / 0 false-positives on controlled baselines
The risk

One tool is all it takes.

You wire an MCP server or agent into your IDE and hand it your environment — cloud keys, database URLs, source, customer data. A single malicious or careless dependency can ship all of it off-box, encoded to slip past you, and still return a perfectly normal result.

Every channel
HTTP/S, DNS tunnels and raw TCP are all watched — evasion via a proxy-less client doesn't help.
Encoding-aware
Base64 / Base32 / Hex / URL / DNS-split payloads are decoded before scanning, then blocked.
Proof, not vibes
Unique canary secrets mean a hit is undeniable evidence — not a heuristic guess.
How it works

Submit a tool. Get an evidence-grade verdict.

The same instrumented pipeline runs for a free Radar scan and a paid Certified audit — only the depth and human review differ.

Submit

Point us at your MCP server, agent, plugin or package — a repo, an npm/PyPI name, or a live endpoint.

Sandbox & instrument

We run it in an isolated gVisor micro-VM with planted canary secrets and PII, behind a transparent egress gateway.

Adversarial battery

Every tool is exercised with your data, prompt-injection probes and secret-baited calls. All egress is captured and decoded.

Verdict & report

You get a plain-English report with severity, reproduction and remediation — and a badge if it passes.

Evidence, not opinion

When a secret moves, we catch it — and stop it.

  • Isolated by construction. Every run is a fresh, disposable gVisor sandbox — separated from any real system.
  • Canary honeytokens. Unique secrets and realistic PII are planted; if one appears on the wire, exfiltration is proven.
  • Blocks on catch. The canary is intercepted before delivery — intent is proven, the leak never completes.
  • Methodology-transparent. Aligned to OWASP LLM Top 10, MITRE ATLAS and ISO/IEC 17065 — calibrated to zero false results.
evidence · weather-pro@2.1.0OXN-D2
Secret (canary)DestinationEncodingAction
AWS secret keyexample.comBase64Blocked
Database URLexample.comBase64Blocked
Anthropic API keyexample.comBase64Blocked
Verdict: FAIL — Critical. Illustrative capture from a reference tool. Get this report for your tool →
Certification

Start free. Certify when you're ready.

A free Radar scan tells you where you stand today. A Certified audit is the evidence-backed, shareable proof your users and buyers can trust.

Radar scan

Free

Automated data-security scan · time-bounded
  • Data-exfiltration & secret-leak check
  • Sandboxed, encoding-aware egress capture
  • Plain-English summary of what we found
  • Honest verdict — or "needs a deeper audit"
Scan your tool →
Oxavion Certified

Data Security audit

$1,500$750
Founding price · first 10 customers · then $1,500 · badge renewal $490/yr
  • Everything in Radar, run to exhaustion
  • Function-level data-flow & PII testing
  • Formal report: severity, repro, remediation
  • “Oxavion Certified — Data Security” badge + 1-year validity
Get certified →

Certifying several tools, or need the full 1–5★ product certification? Request an enterprise quote →

Free Radar scan

Find out if your tool leaks — before your users do.

Send us your tool and where to reach you. We'll run a sandboxed data-security scan and email you the result. No install, no access to your systems.

Critical findings handled under coordinated disclosure · we never publish private results.
✓ Request received. We'll be in touch shortly with your scan.