Pricing reference · Free tier
Prompt-injection API with a real free tier
Most “free tier” prompt-injection APIs are a seven-day trial behind a credit-card wall. Glyphward’s free tier is 10 scans a day, every day, no card — enough to integrate in a weekend, enough to run the public FigStep and WhisperInject samples through it and see the output, and enough to keep serving a side project in production at low volume without upgrading.
TL;DR
Free: 10 scans/day, both image and audio endpoints, real API key, no credit card. Pro ($29/mo): 100k scans/month, webhook, SDK, email alerts on new attack vectors. Team ($99/mo): 1M scans/month, SSO-lite, compare reports, Slack alerts. Rate limit resets at UTC midnight. Overage policy: soft-cap with a 24-hour grace window, no surprise bills.
What “real free tier” means here
Three things distinguish a real free tier from a trial:
- No time bomb. The quota refills every day for as long as the account exists. A 14-day trial is a sales funnel; a daily refill is a product tier.
- No card wall. Sign up with an email, get an API key, call the endpoint. Billing details are only required when you choose to upgrade to Pro or Team.
- No feature starvation. Free-tier calls hit the same model, the same corpus, the same endpoints as paid calls. You are rate-limited, not capability-limited.
The free tier is rate-limited for one reason: the shared corpus compounds from every paying scan, and compounding requires paid scans in the system. 10/day is enough to integrate, test in dev, and run low-volume production side projects; past that, Pro at $29/mo is the natural step.
What you can do with 10 scans a day
- Ship an integration. Wire the API into your ingest path, run dev/test traffic against it, and validate your thresholds without touching a credit card.
- Scan the public attack corpus. Throw published FigStep, AgentTypo, and WhisperInject samples at it and see the risk scores. This is by far the fastest way to convince your team that text-only scanners are leaving modality gaps open.
- Run a low-volume side project in production. Many hobby projects and small agents do fewer than 10 image/audio scans per day. The free tier covers them indefinitely.
- Run manual spot checks. If your pipeline already has another defence and you want a second opinion on specific suspicious artefacts, 10 hand-scanned inputs a day is plenty.
When to upgrade to Pro or Team
The arithmetic is direct. If your product does more than ~300 image or audio scans a month, Pro at $29 is the right tier — you get 100k scans, a webhook for async workflows, the SDK, and email alerts when the corpus catches a new attack class so you can retune thresholds before an incident. At 1M+ scans a month, Team at $99 covers the volume and adds SSO-lite for team accounts, compare reports across API keys, and Slack alert integration. Both paid tiers get priority on the queue and the full set of signals in the response payload.
Full pricing reference with overage behaviour and the exact response payload shape lives on the Glyphward pricing page, and the comparison page puts it next to Lakera, LLM Guard, Azure Prompt Shields, and Promptfoo.
How to get started
Join the waitlist to claim an API key at launch. Free-tier keys ship with the first cohort; Pro and Team keys are available via Stripe Checkout the same week. No waiting list for the paid tiers once the scanner is public.
Related questions
Does the free tier include the audio endpoint?
Yes. Both image and audio endpoints are on the free tier under the same 10 scans/day quota. A scan is one image or one audio clip; a clip up to 30 seconds counts as one scan. Longer clips are chunked — see the pricing page for the exact rule.
What happens when I hit the daily limit?
Further calls return HTTP 429 with a `Retry-After` header pointing at UTC midnight. No bill, no drop to a degraded model, no silent failure — the API says “no” explicitly. If you upgrade mid-day, the new quota kicks in within a minute.
Is there a usage limit on the compounding-corpus benefit for free-tier users?
No. Free-tier scans benefit from the same corpus as paid scans; the only differences are rate limit and a few conveniences (webhook, SDK, alerts). The free tier is genuinely the same product, throttled.
Can I bring my own threshold, or is the risk score a black box?
Bring your own. The API returns a 0–100 risk score plus a list of firing signals (OCR, instruction-layout, visual-embedding NN, perturbation-detector for images; waveform-anomaly, transcript-filter for audio). Your integration picks the threshold for block / warn / allow.
Further reading
- Glyphward pricing — the full tier breakdown.
- Multimodal prompt-injection scanner pricing comparison — how the free tier stacks against Lakera, LLM Guard, Azure, and Promptfoo.
- Typographic prompt injection scanner — what you can use the free tier to run.
- Audio prompt-injection detection — the audio endpoint in detail.
- How the scanner works — the end-to-end integration flow.