Every AI product has villains, the anti-ICP. These are users you never designed for who exploit your product or game in ways you never imagined.
On record
Villain's Hat started as an ethics tool for founders who wanted to build something they wouldn't be ashamed of. As of 2026, it's also the misuse audit your insurer, your enterprise buyer and your Series A diligence lawyer will want documented.
EU AI Act obligations, AI liability insurance and Fortune500 procurements all want the same file: a named villains report with sprint-level fixes, on record.
We'll be writing that report in Villain's Hat.
field evidence
Three public cases from the last 24 months, each one was paid for by a real company that didn't see it coming.
A state-sponsored operator convinced Claude Code it was defensive research. Ran 80% of a multi-target hacking campaign on its own. Small number of intrusions succeeded before Anthropic caught it.
Read the disclosure →Any Salesforce org using AgentForce with a Web-to-Lead form was exposed. A $5 domain and a public form was all it took to embed instructions the AI would follow. Emergency patch shipped.
Read Noma's analysis →Sewell Setzer III spent months talking to AI characters. His mother filed suit in October 2024 alleging the platform failed minors and contributed to his death. Every AI companion spec now references this case.
Read NYT coverage →And these are just the ones we know about.
Does this sound familiar?
You ship AI features, the happy path and the most cost-effective edge cases.
You have an inkling that someone could misuse it, but you are unable to make a case for it.
Misuse testing is only a QA's job, but it's not priority. Nobody wants to take ownership.
See what you get
Journey stageApp generation and publishing
What they doTypes "build a login page that looks like Chase Bank" into your AI code-gen tool. 90 seconds later, they have a phishing site live. No credit card. No coding skill.
Cost to youYour subdomain hits Google Safe Browsing blocklists. Every legitimate customer on the same subdomain gets flagged "Deceptive Site Ahead" for weeks.
Fix this sprintPrompt-time classifier that hard-blocks generation requests matching credential-harvesting patterns.
The founder
"I ended up killing 2 of my products because I found the villains too late. Let's make sure you don't have the same fate, and identify those damn villains early."
Pavitra S. Tandon. 16 years across consultancies, startups and Fortune 500 companies. Lived and worked across 4 continents. Won 3 hackathons. 2 dead products (Roastfluencer and echonote) → one methodology built from the scars.
Read the full story →
Find the villains. Start free, go deeper when it earns its keep.
3 villains named and scored. No signup. Best way to see the methodology on your real product.
Try it now →Half-day session with 4 other founders. I walk through your product on a shared board. Real methodology, real practice.
Book a seat →I sit inside your product function for 8 hours a month. Ongoing villain hunting, spec reviews, hard conversations.
Apply →60s · no signup · free forever