awesome-ai-agents-security
Enrichment pendingA living map of the AI agent security ecosystem.
GraphCanon updated today · GitHub synced today
Verify the decision
Maintenance and security
Full trust report- Maintenance
- Steady (32d since push)
- As of today
- Provenance
- Not a fork · Organization account
- As of today
- Security (OSV)
- No lockfile
- As of today
Public GitHub metadata and optional OSV scans. Signals, not a guarantee. Trust methodology.
Install
git clone https://github.com/ProjectRecon/awesome-ai-agents-securitySimilar tools
Same-category neighbours. No typed graph edges are catalogued for this tool yet.
Evidence and technical details
Sourced facts, taxonomy, compatibility claims, README excerpt, and machine-readable endpoints.
Overview
A living map of the AI agent security ecosystem.
Capability facts
No sourced capability facts yet. Facts appear after ingest scans repo manifests (Dockerfile, package.json, MCP configs).
Categories
Compatibility
Sourced claims from the README excerpt - not unsourced marketing copy.
Source: README excerpt (regex_v1, Jul 15, 2026)
x-ai/agentic-radar)** - A static analysis tool that visualizes agent workflows (LangGraph, CrewAI, AutoGen). It detects risky tool usage, permission loops, and maps themSource link
Tags
README
Awesome AI Agents Security
A curated list of open-source tools, frameworks, and resources for securing autonomous AI agents.
This list is organized by the security lifecycle of an autonomous agent, covering red teaming, runtime protection, sandboxing, and governance.
📖 Table of Contents
- Agent Firewalls & Gateways (Runtime Protection)
- Red Teaming & Vulnerability Scanners
- Static Analysis & Linters
- Sandboxing & Isolation Environments
- Guardrails & Compliance
- Benchmarks & Datasets
- Identity & Authentication
- Contributing
🛡️ Agent Firewalls & Gateways (Runtime Protection)
Tools that sit between the agent and the world to filter traffic, prevent unauthorized tool access, and block prompt injections.
- AgentGateway - A Linux Foundation project providing an AI-native proxy for secure connectivity (A2A & MCP protocols). It adds RBAC, observability, and policy enforcement to agent-tool interactions.
- Envoy AI Gateway - An Envoy-based gateway that manages request traffic to GenAI services, providing a control point for rate limiting and policy enforcement.
- Immunity Agent - Security-focused AI agent runtime for scanning prompt injection, MCP risks, unsafe package installs, and dangerous agent actions before execution.
⚔️ Red Teaming & Vulnerability Scanners
Offensive tools to test agents for security flaws, loop conditions, and unauthorized actions.
- Strix - An autonomous AI agent designed for penetration testing. It runs inside a docker sandbox to actively probe applications and generate verified exploit capabilities.
- PyRIT - Microsoft's open-source red teaming framework for generative AI. It automates multi-turn adversarial attacks to test if an agent can be coerced into harmful behavior.
- Agentic Security - A dedicated vulnerability scanner for agent workflows and LLMs capable of running multi-step jailbreaks and fuzzing attacks against agent logic.
- Garak - The "Nmap for LLMs." A vulnerability scanner that probes models for hallucination, data leakage, and prompt injection susceptibilities.
- A2A Scanner - A scanner by Cisco designed to inspect "Agent-to-Agent" communication protocols for threats, validating agent identities and ensuring compliance with communication specs.
- Cybersecurity AI (CAI) - A framework for building specialized security agents for offensive and defensive operations, often used in CTF (Capture The Flag) scenarios.
🔍 Static Analysis & Linters
Tools to analyze agent configuration and logic code before deployment.
- Aguara - A static security scanner for AI agent skills and MCP server configurations. Detects prompt injection, credential leaks, data exfiltration, and supply-chain attacks with 173 built-in rules, 4 analysis layers, and remediation guidance.
- Agentic Radar - A static analysis tool that visualizes agent workflows (LangGraph, CrewAI, AutoGen). It detects risky tool usage, permission loops, and maps them to known vulnerabilities.
- Agent Bound - A design-time analysis tool that calculates "Agentic Entropy"—a metric to quantify the unpredictability and risk of infinite loops or unconstrained actions in agent architectures.
- **[Checkov](https
For agents
This page has a .md twin and JSON over the API.