{"data":{"slug":"projectrecon-awesome-ai-agents-security","name":"awesome-ai-agents-security","tagline":"A living map of the AI agent security ecosystem.","github_url":"https://github.com/ProjectRecon/awesome-ai-agents-security","owner":"ProjectRecon","repo":"awesome-ai-agents-security","owner_avatar_url":"https://avatars.githubusercontent.com/u/248424543?v=4","primary_language":null,"stars":54,"forks":62,"topics":["ai-agents","ai-security","autonomous-agents","awesome","awesome-list","cybersecurity","generative-ai","guardrails","jailbreak","large-language-models","llm","llm-ops","llm-security","prompt-injection","red-teaming","runtime-protection","sandboxing","secure-ai","static-analysis","vulnerability-scanners"],"archived":false,"github_pushed_at":"2026-06-12T10:52:03+00:00","maintenance_label":"Steady","url":"https://www.graphcanon.com/tools/projectrecon-awesome-ai-agents-security","markdown_url":"https://www.graphcanon.com/tools/projectrecon-awesome-ai-agents-security.md","api_url":"https://www.graphcanon.com/api/graphcanon/tools/projectrecon-awesome-ai-agents-security","graph_url":"https://www.graphcanon.com/api/graphcanon/graph?tool=projectrecon-awesome-ai-agents-security","description":"A living map of the AI agent security ecosystem.","homepage_url":null,"license":"Other","open_issues":50,"watchers":1,"ai_summary":null,"readme_excerpt":"# Awesome AI Agents Security \n\n\n\n\n\nA curated list of open-source tools, frameworks, and resources for securing autonomous AI agents.\n\nThis list is organized by the **security lifecycle** of an autonomous agent, covering red teaming, runtime protection, sandboxing, and governance.\n\n## 📖 Table of Contents\n- [Agent Firewalls & Gateways (Runtime Protection)](#-agent-firewalls--gateways-runtime-protection)\n- [Red Teaming & Vulnerability Scanners](#-red-teaming--vulnerability-scanners)\n- [Static Analysis & Linters](#-static-analysis--linters)\n- [Sandboxing & Isolation Environments](#-sandboxing--isolation-environments)\n- [Guardrails & Compliance](#-guardrails--compliance)\n- [Benchmarks & Datasets](#-benchmarks--datasets)\n- [Identity & Authentication](#-identity--authentication)\n- [Contributing](#-contributing)\n\n---\n\n## 🛡️ Agent Firewalls & Gateways (Runtime Protection)\n*Tools that sit between the agent and the world to filter traffic, prevent unauthorized tool access, and block prompt injections.*\n\n- **[AgentGateway](https://github.com/agentgateway/agentgateway)** - A Linux Foundation project providing an AI-native proxy for secure connectivity (A2A & MCP protocols). It adds RBAC, observability, and policy enforcement to agent-tool interactions.\n- **[Envoy AI Gateway](https://gateway.envoyproxy.io/)** - An Envoy-based gateway that manages request traffic to GenAI services, providing a control point for rate limiting and policy enforcement.\n- **[Immunity Agent](https://github.com/PrismorSec/immunity-agent)** - Security-focused AI agent runtime for scanning prompt injection, MCP risks, unsafe package installs, and dangerous agent actions before execution.\n\n## ⚔️ Red Teaming & Vulnerability Scanners\n*Offensive tools to test agents for security flaws, loop conditions, and unauthorized actions.*\n\n- **[Strix](https://github.com/usestrix/strix)** - An autonomous AI agent designed for penetration testing. It runs inside a docker sandbox to actively probe applications and generate verified exploit capabilities.\n- **[PyRIT](https://github.com/Azure/PyRIT)** - Microsoft's open-source red teaming framework for generative AI. It automates multi-turn adversarial attacks to test if an agent can be coerced into harmful behavior.\n- **[Agentic Security](https://github.com/msoedov/agentic_security)** - A dedicated vulnerability scanner for agent workflows and LLMs capable of running multi-step jailbreaks and fuzzing attacks against agent logic.\n- **[Garak](https://github.com/leondz/garak)** - The \"Nmap for LLMs.\" A vulnerability scanner that probes models for hallucination, data leakage, and prompt injection susceptibilities.\n- **[A2A Scanner](https://github.com/cisco-ai-defense/a2a-scanner)** - A scanner by Cisco designed to inspect \"Agent-to-Agent\" communication protocols for threats, validating agent identities and ensuring compliance with communication specs.\n- **[Cybersecurity AI (CAI)](https://github.com/aliasrobotics/cai)** - A framework for building specialized security agents for offensive and defensive operations, often used in CTF (Capture The Flag) scenarios.\n\n## 🔍 Static Analysis & Linters\n*Tools to analyze agent configuration and logic code before deployment.*\n\n- **[Aguara](https://github.com/garagon/aguara)** - A static security scanner for AI agent skills and MCP server configurations. Detects prompt injection, credential leaks, data exfiltration, and supply-chain attacks with 173 built-in rules, 4 analysis layers, and remediation guidance.\n- **[Agentic Radar](https://github.com/splx-ai/agentic-radar)** - A static analysis tool that visualizes agent workflows (LangGraph, CrewAI, AutoGen). It detects risky tool usage, permission loops, and maps them to known vulnerabilities.\n- **[Agent Bound](https://github.com/ElPaisano/agent-bound)** - A design-time analysis tool that calculates \"Agentic Entropy\"—a metric to quantify the unpredictability and risk of infinite loops or unconstrained actions in agent architectures.\n- **[Checkov](https","github_created_at":"2025-12-08T07:58:57+00:00","created_at":"2026-07-15T10:44:51.245472+00:00","updated_at":"2026-07-15T10:44:54.200878+00:00","categories":[{"slug":"ai-agents","name":"AI Agents","url":"https://www.graphcanon.com/categories/ai-agents","markdown_url":"https://www.graphcanon.com/categories/ai-agents.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/ai-agents"},{"slug":"llm-frameworks","name":"LLM Frameworks","url":"https://www.graphcanon.com/categories/llm-frameworks","markdown_url":"https://www.graphcanon.com/categories/llm-frameworks.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/llm-frameworks"},{"slug":"vector-databases","name":"Vector Databases","url":"https://www.graphcanon.com/categories/vector-databases","markdown_url":"https://www.graphcanon.com/categories/vector-databases.md","api_url":"https://www.graphcanon.com/api/graphcanon/categories/vector-databases"}],"tags":[{"slug":"ai-agents","name":"ai-agents"},{"slug":"ai-security","name":"ai-security"},{"slug":"autonomous-agents","name":"autonomous-agents"},{"slug":"awesome","name":"awesome"},{"slug":"awesome-list","name":"awesome-list"},{"slug":"cybersecurity","name":"cybersecurity"},{"slug":"generative-ai","name":"generative-ai"},{"slug":"guardrails","name":"guardrails"}],"trust":{"provenance":{"is_fork":false,"github_id":1112142779,"owner_type":"Organization","methodology":"github_public_v1","parent_repo":null,"near_duplicate_slugs":[]},"computed_at":"2026-07-15T10:44:52.230Z","maintenance":{"label":"Steady","score":60,"methodology":"github_public_v1","releases_90d":0,"days_since_push":32,"last_release_at":null},"security_summary":{"status":"no_lockfile","scanner":null,"low_count":0,"high_count":0,"last_scan_at":"2026-07-15T10:44:52.678Z","medium_count":0,"scan_profile":"none","critical_count":0}},"capability_facts":{"scan":{"source":"repo_scan","observed_at":"2026-07-15T10:44:51.987Z"},"license_spdx":{"value":"Other","source":"github.license","observed_at":"2026-07-15T10:44:51.987Z"}}}}