#Ai-security
Showing 60 of 146 repositories tagged #ai-security, ranked by stars
Open-source AI penetration testing tool to find and fix your appβs vulnerabilities.
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. π₯ Also check: https://hackertraining.org
π’ Open-Source Evaluation & Testing library for LLM Agents
The most comprehensive Claude Code guide: agentic workflows, hooks, skills, MCP servers, quizzes, and production-ready templates. 430K+ lines.
A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
Sandbox any AI agent in seconds - zero setup, zero latency.
Learn to code securely while having fun through our popular open source in-editor experience, designed for developers, students, and anyone curious about security. Get started for free in under 2 minutes, playing right from your browser.
Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.
ToolHive is an enterprise-grade platform for running and managing Model Context Protocol (MCP) servers.
Open-source AI-powered Security Operations Center β alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.
A curated list of useful resources that cover Offensive AI.
Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.
a security scanner for custom LLM applications
AI Captcha Bypass
Agent-driven automated CVE discovery platform for source code auditing, vulnerability verification, and report generation.
A security scanner for your LLM agentic workflows
Enterprise AI bastion host for secure AI API and MCP access, with unified proxying, RBAC, audit logs, rate limiting, and cost tracking across OpenAI, Anthropic, Gemini, and self-hosted LLMs.
Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling endβtoβend engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AIβassisted summaries, it delivers faster, more structured, and highβquality security assessments.
AI-first security scanner. NEW in v2026.7: Claude Code compromise detection β vet .claude/ hooks, permissions & skills before you clone β plus an always-on AI attack-signature scanner and native Rust & PHP rules. Also: medusa scan --git to vet any repo, medusa secrets scan for leaked API keys. 40,000+ patterns, zero setup.
A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.
Open-source AI agent firewall for MCP security and agent egress. Scans mediated HTTP, MCP, A2A, and WebSocket traffic for exfiltration, SSRF, and prompt injection, and emits mediator-signed action receipts: verifiable audit evidence from outside the agent.
Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
DianXing - AI-Driven End-to-End Code Security Auditing
Krawl is a customizable, lightweight, cloud-native web deception server and anti-crawler that creates fake web applications with low-hanging vulnerabilities using realistic, randomly generated decoy data and AI-generated HTML templates.
MCP Monitoring with eBPF
AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs
vArmor is a cloud-native container hardening system that leverages AppArmor/BPF/Seccomp and NetworkProxy technologies to enforce access control from system calls to application protocols β protecting workloads including AI Agents.
Deterministic safety solutions for probabilistic AI agents
Action-aware permissions for coding agents. A deterministic safety guard that keeps you in the flow.
Curated Web3 security learning hub for smart contract auditors and protocol teams: roadmaps, audit tools, public reports, fuzzing, formal verification, AI-assisted workflows, offchain security, incident response, and launch checklists.
The AI Agent for Cyber Security.
Project CodeGuard is an AI model-agnostic security framework and ruleset that embeds secure-by-default practices into AI coding workflows (generation and review). It ships core security rules, translators for popular coding agents, and validators to test rule compliance.
Execution-Layer Security (ELS) for AI agents β policy-enforced shell with audit.
AI EDR for developer workstations and autonomous agent fleets. Build Swarm Detection & Response platforms with Clawdstrike.
Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.
βοΈ Community maintained directory, MCP and API of 3,000+ active bug bounty programs and VDPs
Container-free, deny-by-default sandbox for AI coding agents. Kernel-enforced filesystem, network, and syscall isolation for Linux and macOS
LLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks β 190+ probes, 28 providers, single Go binary
A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.
Runtime security for Agents. Blocks dangerous commands, prevent secret leaks, stop prompt injection, gate risky package installs and visibility and control over tool calls.
Source code teardowns of 15 AI coding agents. What is actually inside Claude Code, Dify, OpenHands, Cline, MemPalace, oh-my-codex, Goose, Codex CLI, and 7 more. Architecture diagrams, design patterns. Every claim fact-checked.
Red Teaming python-framework for testing chatbots and GenAI systems.
Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups β 18 vuln classes, no private reports needed
Project Tapestry aims to give every nation and participant frontier AI they can call their own β uniting a global consortium to train a shared frontier model from which partners build and own sovereign models aligned to their national, socio-cultural, and industrial needs.
PyInstaCrack: Ultimate Instagram hacking suite. Python-driven, AI-enhanced, brute-force chaos. Stealth ops, ethical only. Slice through defenses like a cyber god! β οΈ
AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.
An open-source knowledge base of defensive countermeasures to protect AI/ML systems. Features interactive views and maps defenses to known threats from frameworks like MITRE ATLAS, MAESTRO, and OWASP.
Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and folks who want to know what's going on inside the LLM-based app they use daily
Agentic AI research papers, benchmarks, frameworks, and tools curated across 24 domains.
Zero-knowledge secrets infrastructure built for AI agents to operate, not just consume.
ToolHive is an application that allows you to install, manage and run MCP servers and connect them to AI agents
Test, secure, and monitor MCP servers before agents depend on them.
[CCS'24] SafeGen: Mitigating Unsafe Content Generation in Text-to-Image Models
Open-source EDR for AI agents. Monitor processes, files, network, and behavior of autonomous AI agents.
AI Agent Security Middleware β 8-layer defense, DLP data flow, prompt injection detection, zero dependencies. SDK + MCP server for Claude Code, Cursor, LangChain, Hermes Agent & more.
Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
AspGoat is an intentionally vulnerable ASP.NET Core application for learning and practicing web application security.
AI Security Platform: Defense (61 Rust engines + Micro-Model Swarm) + Offense (39K+ payloads)