#Ai-security

Showing 60 of 146 repositories tagged #ai-security, ranked by stars

usestrix
usestrix
strix

Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.

Score
100
β˜… 39.8k β‘‚ 4.2k +443/day
Python
The-Art-of-Hacking
The-Art-of-Hacking
h4cker

This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. πŸ”₯ Also check: https://hackertraining.org

Score
100
β˜… 28.3k β‘‚ 5.3k +135/day
Jupyter Notebook
Giskard-AI
Giskard-AI
giskard-oss

🐒 Open-Source Evaluation & Testing library for LLM Agents

Score
86
β˜… 5.5k β‘‚ 482 +5/day
Python
FlorianBruniaux
FlorianBruniaux
claude-code-ultimate-guide

The most comprehensive Claude Code guide: agentic workflows, hooks, skills, MCP servers, quizzes, and production-ready templates. 430K+ lines.

Score
100
β˜… 5.4k β‘‚ 706 +5/day
Python
Tencent
Tencent
AI-Infra-Guard

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

Score
98
β˜… 4.1k β‘‚ 393 β€”
Python
shuvonsec
shuvonsec
claude-bug-bounty

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

Score
99
β˜… 3.9k β‘‚ 692 +42/day
Python
nolabs-ai
nolabs-ai
nono

Sandbox any AI agent in seconds - zero setup, zero latency.

Score
100
β˜… 3.0k β‘‚ 204 +5/day
Rust
skills
skills
secure-code-game

Learn to code securely while having fun through our popular open source in-editor experience, designed for developers, students, and anyone curious about security. Get started for free in under 2 minutes, playing right from your browser.

Score
97
β˜… 2.8k β‘‚ 368 +5/day
JavaScript
0xSteph
0xSteph
pentest-ai-agents

Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.

Score
95
β˜… 2.0k β‘‚ 388 +30/day
Shell
stacklok
stacklok
toolhive

ToolHive is an enterprise-grade platform for running and managing Model Context Protocol (MCP) servers.

Score
100
β˜… 1.9k β‘‚ 242 β€”
Go
beenuar
beenuar
AiSOC

Open-source AI-powered Security Operations Center β€” alert fusion, purple-team drills, agent-assisted triage, MITRE ATT&CK investigation. MIT-licensed, self-hostable.

Score
94
β˜… 1.5k β‘‚ 149 +1/day
Python
jiep
jiep
offensive-ai-compilation

A curated list of useful resources that cover Offensive AI.

Score
100
β˜… 1.4k β‘‚ 163 β€”
HTML
0xSteph
0xSteph
pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

Score
93
β˜… 1.3k β‘‚ 246 +26/day
Python
utkusen
utkusen
promptmap

a security scanner for custom LLM applications

Score
100
β˜… 1.2k β‘‚ 127 +4/day
Python
aydinnyunus
aydinnyunus
ai-captcha-bypass

AI Captcha Bypass

Score
91
β˜… 1.1k β‘‚ 123 +8/day
Python
larlarua
larlarua
AutoCVE

Agent-driven automated CVE discovery platform for source code auditing, vulnerability verification, and report generation.

Score
71
β˜… 1.1k β‘‚ 70 +160/day
Python
splx-ai
splx-ai
agentic-radar

A security scanner for your LLM agentic workflows

Score
0
β˜… 994 β‘‚ 137 +3/day
Python
ThinkWatchProject
ThinkWatchProject
ThinkWatch

Enterprise AI bastion host for secure AI API and MCP access, with unified proxying, RBAC, audit logs, rate limiting, and cost tracking across OpenAI, Anthropic, Gemini, and self-hosted LLMs.

Score
50
β˜… 957 β‘‚ 21 β€”
Rust
reconmap
reconmap
reconmap

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AI‑assisted summaries, it delivers faster, more structured, and high‑quality security assessments.

Score
90
β˜… 938 β‘‚ 133 +1/day
JavaScript
Pantheon-Security
Pantheon-Security
medusa

AI-first security scanner. NEW in v2026.7: Claude Code compromise detection β€” vet .claude/ hooks, permissions & skills before you clone β€” plus an always-on AI attack-signature scanner and native Rust & PHP rules. Also: medusa scan --git to vet any repo, medusa secrets scan for leaked API keys. 40,000+ patterns, zero setup.

Score
57
β˜… 912 β‘‚ 152 +19/day
Python
Commando-X
Commando-X
vuln-bank

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

Score
92
β˜… 779 β‘‚ 289 +6/day
HTML
luckyPipewrench
luckyPipewrench
pipelock

Open-source AI agent firewall for MCP security and agent egress. Scans mediated HTTP, MCP, A2A, and WebSocket traffic for exfiltration, SSRF, and prompt injection, and emits mediator-signed action receipts: verifiable audit evidence from outside the agent.

Score
75
β˜… 751 β‘‚ 87 +1/day
Go
toby-bridges
toby-bridges
api-relay-audit

Local security audit for AI API relays and LLM proxies: detects prompt injection, model substitution, tool-call rewriting, SSE anomalies, error leakage, and Web3 wallet risks.

Score
43
β˜… 748 β‘‚ 72 +10/day
Python
cyproxio
cyproxio
mcp-for-security

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

Score
85
β˜… 619 β‘‚ 99 β€”
TypeScript
tianchong-zerotemp
tianchong-zerotemp
dianxing

DianXing - AI-Driven End-to-End Code Security Auditing

Score
89
β˜… 610 β‘‚ 57 +165/day
BlessedRebuS
BlessedRebuS
Krawl

Krawl is a customizable, lightweight, cloud-native web deception server and anti-crawler that creates fake web applications with low-hanging vulnerabilities using realistic, randomly generated decoy data and AI-generated HTML templates.

Score
88
β˜… 548 β‘‚ 42 β€”
Python
alex-ilgayev
alex-ilgayev
MCPSpy

MCP Monitoring with eBPF

Score
81
β˜… 514 β‘‚ 79 β€”
C
Vyntral
Vyntral
god-eye

AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs

Score
50
β˜… 511 β‘‚ 69 β€”
Go
bytedance
bytedance
vArmor

vArmor is a cloud-native container hardening system that leverages AppArmor/BPF/Seccomp and NetworkProxy technologies to enforce access control from system calls to application protocols β€” protecting workloads including AI Agents.

Score
86
β˜… 485 β‘‚ 64 +1/day
Go
SponsioLabs
SponsioLabs
Sponsio

Deterministic safety solutions for probabilistic AI agents

Score
29
β˜… 466 β‘‚ 28 +1/day
Python
manuelschipper
manuelschipper
nah

Action-aware permissions for coding agents. A deterministic safety guard that keeps you in the flow.

Score
14
β˜… 453 β‘‚ 26 β€”
Python
Raiders0786
Raiders0786
web3-security-resources

Curated Web3 security learning hub for smart contract auditors and protocol teams: roadmaps, audit tools, public reports, fuzzing, formal verification, AI-assisted workflows, offchain security, incident response, and launch checklists.

Score
100
β˜… 424 β‘‚ 66 β€”
Python
FrancescoStabile
FrancescoStabile
numasec

The AI Agent for Cyber Security.

Score
84
β˜… 419 β‘‚ 49 +4/day
TypeScript
project-codeguard
project-codeguard
rules

Project CodeGuard is an AI model-agnostic security framework and ruleset that embeds secure-by-default practices into AI coding workflows (generation and review). It ships core security rules, translators for popular coding agents, and validators to test rule compliance.

Score
77
β˜… 409 β‘‚ 57 β€”
Python
canyonroad
canyonroad
agentsh

Execution-Layer Security (ELS) for AI agents β€” policy-enforced shell with audit.

Score
83
β˜… 357 β‘‚ 15 +6/day
Go
backbay-labs
backbay-labs
clawdstrike

AI EDR for developer workstations and autonomous agent fleets. Build Swarm Detection & Response platforms with Clawdstrike.

Score
82
β˜… 283 β‘‚ 34 β€”
TypeScript
agamm
agamm
claude-code-owasp

Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.

Score
78
β˜… 278 β‘‚ 25 +8/day
lissy93
lissy93
bug-bounties

βš”οΈ Community maintained directory, MCP and API of 3,000+ active bug bounty programs and VDPs

Score
80
β˜… 267 β‘‚ 39 +3/day
TypeScript
GreyhavenHQ
GreyhavenHQ
greywall

Container-free, deny-by-default sandbox for AI coding agents. Kernel-enforced filesystem, network, and syscall isolation for Linux and macOS

Score
88
β˜… 254 β‘‚ 31 +5/day
Go
praetorian-inc
praetorian-inc
augustus

LLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks β€” 190+ probes, 28 providers, single Go binary

Score
25
β˜… 252 β‘‚ 32 +3/day
Go
SecurityClaw
SecurityClaw
SecurityClaw

A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors OpenSearch/Elasticsearch data, builds RAG-based behavioral memory, and validates real-time anomalies using LLMs.

Score
76
β˜… 251 β‘‚ 26 +1/day
Python
PrismorSec
PrismorSec
prismor

Runtime security for Agents. Blocks dangerous commands, prevent secret leaks, stop prompt injection, gate risky package installs and visibility and control over tool calls.

Score
75
β˜… 227 β‘‚ 18 +5/day
Python
NeuZhou
NeuZhou
awesome-ai-anatomy

Source code teardowns of 15 AI coding agents. What is actually inside Claude Code, Dify, OpenHands, Cline, MemPalace, oh-my-codex, Goose, Codex CLI, and 7 more. Architecture diagrams, design patterns. Every claim fact-checked.

Score
50
β˜… 220 β‘‚ 18 +1/day
D2
LLAMATOR-Core
LLAMATOR-Core
llamator

Red Teaming python-framework for testing chatbots and GenAI systems.

Score
90
β˜… 216 β‘‚ 21 +1/day
Python
shuvonsec
shuvonsec
public-skills-builder

Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups β€” 18 vuln classes, no private reports needed

Score
72
β˜… 201 β‘‚ 44 +3/day
Python
The-AI-Alliance
The-AI-Alliance
tapestry

Project Tapestry aims to give every nation and participant frontier AI they can call their own β€” uniting a global consortium to train a shared frontier model from which partners build and own sovereign models aligned to their national, socio-cultural, and industrial needs.

Score
95
β˜… 192 β‘‚ 27 +18/day
Python
RozhakDev
RozhakDev
PyInstaCrack

PyInstaCrack: Ultimate Instagram hacking suite. Python-driven, AI-enhanced, brute-force chaos. Stealth ops, ethical only. Slice through defenses like a cyber god! ☠️

Score
74
β˜… 172 β‘‚ 35 +1/day
Python
Agent-Field
Agent-Field
sec-af

AI-native code security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.

Score
75
β˜… 170 β‘‚ 37 β€”
Python
edward-playground
edward-playground
aidefense-framework

An open-source knowledge base of defensive countermeasures to protect AI/ML systems. Features interactive views and maps defenses to known threats from frameworks like MITRE ATLAS, MAESTRO, and OWASP.

Score
73
β˜… 159 β‘‚ 36 β€”
JavaScript
Repello-AI
Repello-AI
whistleblower

Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and folks who want to know what's going on inside the LLM-based app they use daily

Score
62
β˜… 157 β‘‚ 26 β€”
Python
mahmoudrabie
mahmoudrabie
agentic-ai

Agentic AI research papers, benchmarks, frameworks, and tools curated across 24 domains.

Score
86
β˜… 154 β‘‚ 4 +1/day
The-17
The-17
agentsecrets

Zero-knowledge secrets infrastructure built for AI agents to operate, not just consume.

Score
100
β˜… 152 β‘‚ 15 +2/day
Go
stacklok
stacklok
toolhive-studio

ToolHive is an application that allows you to install, manage and run MCP servers and connect them to AI agents

Score
62
β˜… 149 β‘‚ 22 +10/day
TypeScript
KryptosAI
KryptosAI
mcp-observatory

Test, secure, and monitor MCP servers before agents depend on them.

Score
38
β˜… 142 β‘‚ 24 +1/day
TypeScript
LetterLiGo
LetterLiGo
SafeGen_CCS2024

[CCS'24] SafeGen: Mitigating Unsafe Content Generation in Text-to-Image Models

Score
81
β˜… 138 β‘‚ 12 β€”
Python
antropos17
antropos17
Aegis

Open-source EDR for AI agents. Monitor processes, files, network, and behavior of autonomous AI agents.

Score
68
β˜… 134 β‘‚ 21 β€”
JavaScript
jnMetaCode
jnMetaCode
shellward

AI Agent Security Middleware β€” 8-layer defense, DLP data flow, prompt injection detection, zero dependencies. SDK + MCP server for Claude Code, Cursor, LangChain, Hermes Agent & more.

Score
67
β˜… 122 β‘‚ 20 +6/day
TypeScript
sinewaveai
sinewaveai
agent-security-scanner-mcp

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

Score
65
β˜… 112 β‘‚ 10 +1/day
JavaScript
Soham7-dev
Soham7-dev
AspGoat

AspGoat is an intentionally vulnerable ASP.NET Core application for learning and practicing web application security.

Score
59
β˜… 106 β‘‚ 91 β€”
JavaScript
DmitrL-dev
DmitrL-dev
AISecurity

AI Security Platform: Defense (61 Rust engines + Micro-Model Swarm) + Offense (39K+ payloads)

Score
66
β˜… 105 β‘‚ 17 β€”
Python
Related Topics
#security#mcp#cybersecurity#llm-security#penetration-testing#ai#llm#ai-agents#security-tools#claude-code#agent-security#prompt-injection

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly