Claude Code Specific

• awesome-ai-agents-security - Living map of the AI agent security ecosystem covering orchestration risks.
• OWASP Top 10 for Agentic Applications - 2026 standard: agent goal hijacking, tool misuse, identity abuse, delegation risks.
• Fortune: AI's Triple Act at Black Hat/DEF CON - Coverage of agent-to-agent interaction risks and shadow AI attack surfaces.

Vendor Research

• claude-code-safety-net Rules Reference - Custom rules reference for defining safe/dangerous command patterns.

Vendor Research

• awesome-claude-code - Comprehensive Claude Code resource: skills, hooks, plugins, applications.
• awesome-llm-security - LLM security tools, documents, and research.
• awesome-ai-security - Broad AI security resources: offensive, defensive, governance.
• awesome-mcp-servers - MCP server directory for the ecosystem.
• awesome-cybersecurity-agentic-ai - Cybersecurity + agentic AI resources.
• Awesome LLM Agent Security - Agent-specific attacks, vulnerabilities, exploitation techniques.

Vendor Research

• GitHub Agentic Security Principles - Autonomy limits, access controls, code scanning, agent governance.
• Google MCP Security Servers - Security Operations and Threat Intelligence MCP servers.
• Contrast Security MCP - Application security vendor MCP integration for vulnerability remediation.
• Palo Alto + NeMo Guardrails - AI Runtime Security integration with enterprise guardrails.

Claude Code Specific

• Microsoft Agent Governance Toolkit - Zero-trust policy enforcement, identity management, execution sandboxing. Covers OWASP Agentic Top 10.
• GitHub Enterprise AI Controls - GA agent control plane: MCP allowlists, audit logs, RBAC, session monitoring for Copilot.
• GitHub AI Governance Framework - Creating organizational AI policy and governance for coding assistants.
• IBM + Anthropic Enterprise Partnership - Enterprise governance integration with IBM security and compliance capabilities.
• NVIDIA Safety for Agentic AI - Blueprint for improving safety, security, and privacy at build, deploy, and run stages.
• Claude Enterprise Deployment Guide - Enterprise security configurations and deployment controls explained.

Secrets Scanners

• OWASP Top 10 for LLM Applications (2025) - Industry standard for LLM security risks. Prompt injection is #1.
• OWASP AI Vulnerability Scoring System (AIVSS) - Standardized framework for scoring AI-specific security vulnerabilities.
• OWASP AI Security Verification Standard (AISVS) - Structured checklist for verifying AI application security.
• OWASP AI Exchange - 300+ page reference on AI threats and controls.
• NIST AI Risk Management Framework - Federal guidance on AI risk management.
• MITRE ATLAS - Adversarial Threat Landscape for AI Systems — knowledge base of adversary tactics and techniques.
• Agentic AI Top 10 Vulnerability (CSA/OWASP) - Community documentation for OWASP/CSA red teaming work.

Anthropic Engineering & Blog

• Trail of Bits claude-code-config - Opinionated production defaults from a top security firm: sandboxing, permissions, hooks, skills, MCP server configs. The gold standard for secure setups.
• claude-code-security - Progressive hardening framework covering agent config protection, hooks, runtime security, injection prevention, and supply chain controls.
• everything-claude-code - Performance optimization system with security components: skills, instincts, memory, and research-first development patterns.
• Claude Code Ultimate Guide - Comprehensive documentation with production-ready templates including security hardening configs.
• Hardening Claude Code: Security Review Framework - Security review methodology with a ready-to-use audit prompt.
• StepSecurity: Securing Claude Code in GitHub Actions - Harden-Runner integration for network monitoring and tamper-proof logs in CI.
• Cycode: Anthropic Claude Code Security & AppSec - Analysis of Claude Code's security model from an AppSec vendor perspective.
• Snyk: Why Claude Code Security Is Great News - Industry analysis of Anthropic's security capabilities and what they mean for secure development.

Anthropic Engineering & Blog

• claude-code-safety-net - Plugin intercepting destructive git/filesystem commands before execution. Semantic argument parsing distinguishes safe from dangerous operations.
• Lasso claude-hooks - Prompt injection defense hooks: scans files, web fetches, and command output in real-time. Detects 50+ injection patterns in READMEs, HTML comments, and docs.
• claude-code-hooks-mastery - Advanced hook patterns and techniques for Claude Code security automation.
• claudekit - Toolkit of custom commands, hooks, and security utilities for Claude Code.
• claude-code-hooks-multi-agent-observability - Real-time monitoring for multi-agent Claude Code sessions via hook event tracking.
• claude-code-showcase - Comprehensive project configuration example with hooks, skills, agents, commands, and GitHub Actions workflows.
• NeMo Guardrails - NVIDIA's toolkit for programmable LLM guardrails with Colang language for dialog flow control. ~4.5k stars.

Gateways and Proxies

• Microsoft MCP Gateway - Reverse proxy for MCP servers in Kubernetes with OAuth 2.0 (Azure Entra ID), RBAC, and session-aware routing.
• Hypr MCP Gateway - OAuth proxy with dynamic client registration, prompt analytics, and MCP firewall for enterprise-grade servers.
• Secure MCP Gateway (Enkrypt) - Admin-level gateway with guardrails at each MCP server to block injection, exfiltration, and unauthorized access.
• Lasso MCP Gateway - Plugin-based gateway that intercepts and sanitizes sensitive information across MCP orchestration.
• IBM ContextForge - Open-source registry and proxy federating MCP/A2A/REST APIs with centralized governance and discovery.
• awesome-mcp-gateways - Curated list of MCP gateway products and solutions.

Research

• Pillar Security: MCP Security Risks - Threat analysis: tool poisoning, rug pulls, credential theft, cross-server manipulation.
• Invariant Labs: Tool Poisoning Attacks - Agent hijacking via malicious tool descriptions, WhatsApp exploit, "Rug Pull" mutation attacks.
• Simon Willison: MCP Prompt Injection - Practical analysis of confused deputy attacks in MCP tool integrations.
• Invariant Labs: GitHub MCP Vulnerability - Exploiting MCP to access private GitHub repositories.
• Netskope: Invisible Backdoors in MCP - Hidden backdoor mechanisms in MCP server implementations.
• Systematic Analysis of MCP Security (arXiv) - Academic systematic analysis of MCP security threats and defenses.
• MCPTox: Benchmark for Tool Poisoning (arXiv) - Academic benchmark for evaluating tool poisoning attacks on real-world MCP servers.

Scanners and Auditors

• Snyk agent-scan - Professional security scanner for AI agents, MCP servers, and skills covering 15+ risk categories.
• mcp-scan (Invariant Labs) - MCP security scanner with proxy mode for real-time scanning without infrastructure changes.
• Cisco MCP Scanner - Cisco's scanner for detecting threats and security findings in MCP servers.
• MCP Security Scanner (SARIF) - Static + dynamic checks for path traversal, auth gaps, prompt injection. Outputs SARIF for GitHub code scanning.
• AWS MCP Security Scanner - Integrates Checkov, Semgrep, and Bandit for comprehensive code security analysis via MCP.
• SecureMCP - Audit MCP for OAuth leaks, prompt injection, rogue servers, and tool poisoning.
• mcpserver-audit - Pre-use safety examination tool with vulnerability database.
• MCP Security Audit (npm) - Audits npm dependencies in MCP servers for known vulnerabilities via registry.

Standards and Checklists

• MCP Server Security Standard (MSSS) - Open, testable certification standard with compliance levels and evidence requirements.
• MCP Security Checklist (SlowMist) - Comprehensive checklist: input validation, rate limiting, RBAC, credential management, container hardening.
• awesome-mcp-security - Curated collection of MCP vulnerabilities, articles, tools, and best practices. ~660 stars.
• spring-ai MCP Security - Authorization framework for MCP client/server using Spring Security.

Anthropic Engineering & Blog

• Claude Code Security Features - Vulnerability detection: codebase scanning, multi-stage verification; found 500+ vulnerabilities in production code.
• Making Claude Code Secure and Autonomous - Engineering deep dive on filesystem isolation, network proxy, OS-level enforcement, credential exfiltration defense.
• Automate Security Reviews with Claude Code - Using Claude Code Security as an automated reviewer in CI pipelines.

• Security Overview - Architecture reference covering permission model, sandboxing, prompt injection defenses, and privacy safeguards.
• Configure Permissions - Tiered Allow/Ask/Deny system with tool-specific rules, wildcard patterns, and precedence evaluation.
• Sandboxing - Filesystem and network isolation using Linux bubblewrap and macOS Seatbelt with domain restrictions.
• Hooks Reference - PreToolUse, PostToolUse, and ConfigChange hook events for security automation.
• Hooks Guide - Practical patterns: permission enforcement, injection detection, audit logging.
• Settings - Hierarchical config scopes (Managed > CLI > Local > Project > User) and sensitive file protection.
• Authentication - Credential management, secure storage, apiKeyHelper, and enterprise SSO.
• Data Usage - Retention policies, TLS + AES-256 encryption, telemetry, and training opt-out.
• Zero Data Retention - Enterprise immediate data deletion with HIPAA BAA coverage.
• Monitoring and Usage - OpenTelemetry integration for session tracking, token usage, and audit trails.
• MCP Configuration - MCP server setup, OAuth 2.0, scope hierarchy, enterprise allowlists/denylists.
• Claude Code on the Web - Cloud execution: isolated VMs, network proxies, git push restrictions, domain allowlists.
• Amazon Bedrock Integration - IAM policies, AWS Guardrails, credential management, model version pinning.

Claude Code Specific

• VS Code Security Integration - Restricted Mode, trust verification, auto-edit risks, third-party provider controls.

Claude Code Specific

• Plugin Discovery & Trust Model - Official plugin marketplace: trust considerations, managed restrictions, organizational controls.
• claude-plugins-official - Anthropic's official managed plugin directory.
• awesome-claude-code-plugins - Curated list of slash commands, subagents, MCP servers, and hooks.
• Trail of Bits Skills - Security research skills for Claude Code: vulnerability detection and audit workflows from Trail of Bits.

Claude Code Specific

• Caught in the Hook: RCE via Claude Code Project Files - Check Point: three critical CVEs — RCE via MCP config, RCE via hooks, and API key harvesting.

Research

• OWASP LLM01:2025 Prompt Injection - Canonical definition and threat model. The #1 risk in 73% of production AI deployments.
• DEF CON 33 / Black Hat 2025: AgentFlayer - Zenity research: 0-click attacks on enterprise AI assistants including Copilot and Gemini.

Tools and Frameworks

• promptfoo - CLI for red-teaming LLM apps. Adaptive attack generation, CI/CD integration. Used by Shopify, Discord, Microsoft. ~6k stars.
• Garak - NVIDIA-backed red-teaming toolkit: 37+ probe modules for injection, jailbreaks, encoding bypasses, data extraction. Apache 2.0.
• PyRIT (Microsoft) - Python Risk Identification Tool for generative AI. Enterprise red-teaming framework for Azure environments.
• Rebuff (Protect AI) - Multi-layered prompt injection detection: heuristics, LLM analysis, vector DB of known attacks, canary tokens.
• HouYi - Automated prompt injection testing framework for LLM-integrated applications.
• Open-Prompt-Injection - Academic benchmark with DataSentinel and PromptLocate defenses.
• promptmap - Security scanner for custom LLM apps. White-box and black-box prompt injection testing.
• awesome-prompt-injection - Curated resource on prompt injection vulnerabilities in ML models.
• tldrsec/prompt-injection-defenses - Every practical and proposed defense against prompt injection, maintained by tl;dr sec.

Conference Material

• Black Hat USA 2025: AI Security Crossroads - Comprehensive takeaways on agentic AI offense/defense.
• Black Hat/DEF CON: AI Offense vs Defense - Analysis: AI more useful for defense than hacking — but agent attacks are accelerating.

Technical Research

• Trail of Bits AI/ML Security - Professional AI security assessment methodology: root cause analysis over checklists.
• Trail of Bits Publications - Archive of security research papers and presentations.
• Trail of Bits awesome-ml-security - Curated ML security references, tools, and guidance.
• LLM Security Guide - Comprehensive reference: OWASP GenAI Top-10, prompt injection, real-world incidents, defense catalogs.
• AI Red-Teaming Guide - Adversarial testing and security evaluation methodology for AI systems.
• Awesome LLMSecOps - LLM Security Operations: tools, frameworks, and operational guidance.

Vendor Research

• VentureBeat: Claude Code Security Wakeup Call - Industry impact analysis of Anthropic's security capabilities.
• CSO Online: Industry Wakeup Call - Why Claude Code Security changes the AppSec landscape.
• DataDome: MCP Prompt Injection Prevention - Practical guide to stopping prompt injection in MCP deployments.
• Lares: OWASP Agentic Top 10 in the Wild - Real-world threat examples mapped to OWASP Agentic categories.

Anthropic Engineering & Blog

• Arrakis - Self-hosted MicroVM sandbox for AI agents with backtracking, REST API, Python SDK, and Firecracker-based isolation.
• microsandbox - Open-source self-hosted MicroVM sandboxes with sub-200ms startup, hardware-level isolation via libkrun. ~3.3k stars.
• agent-infra/sandbox - All-in-one Docker sandbox for AI agents: browser, shell, file, MCP, and VS Code server in a container.
• sandbox-agent (Rivet) - Run Claude Code and other coding agents in sandboxes controlled over HTTP.
• codeduet-microvm-ai-agent-sandbox - MicroVM sandbox using Cloud Hypervisor with Linux and Windows guest support and hardware-level isolation.
• Kubernetes agent-sandbox - Kubernetes CRD for declarative sandbox management with persistent identity for AI agents.
• SWE-ReX - Sandboxed shell environments for AI code agents with parallel execution and cloud deployment support.
• awesome-sandbox - Curated list of code sandboxing solutions for AI, comparing isolation approaches.
• How to Sandbox AI Agents in 2026 - Technical comparison: MicroVMs vs gVisor vs hardened containers for agent isolation.
• Best Code Execution Sandbox for AI Agents - Ranked comparison of sandbox platforms with security/performance tradeoffs.

Prevention Tools

• TruffleHog - Find, verify, and analyze leaked credentials. 800+ secret types, live verification. Essential for pre-commit scanning in AI workflows. ~18k stars.
• Gitleaks - Fast secrets scanner using regex and entropy. High precision, low false positives. ~19k stars.
• ggshield (GitGuardian) - Detect 500+ secret types with advanced validation. Pre-commit hooks, CI integration, and real-time scanning.
• LLM Guard (Protect AI) - Input/output security toolkit: PII detection, toxicity filtering, secrets scanning for LLM interactions. ~4k stars.
• ml-model-data-leak-layer - PII leak detection in LLM-generated content using ML and regex patterns.
• GitHub Secret Protection - Push protection with AI-powered detection. Enabled by default on public repos since 2024.

Claude Code Specific

• claude-code-action - Official GitHub Action for CI/CD. v1.0: auto mode detection, interactive + automation modes.
• claude-code-security-review - Official AI-powered security review Action for PRs. OWASP-aligned analysis, found vulnerabilities in Claude Code itself.
• GitHub Actions Docs - Official reference for Claude Code in GitHub Actions: triggers, configuration, permissions.
• CLAUDE.md CI/CD Wiki - Community patterns for CLAUDE.md configuration in CI/CD pipelines.
• Claude Code Headless Mode - Non-interactive `--print` and `-p` flags for scripted security workflows and automation.

Claude Code Specific

• Claude Code Security Auditor - Pattern for device-level security audits using Claude Code.

LLM Security Toolkits

• Vigil - Detect prompt injections, jailbreaks, and risky LLM inputs.
• Langfuse Security & Guardrails - Observability platform with built-in security and guardrail integrations.

Secrets Scanners

• Dark Reading: Flaws Put Developer Machines at Risk - Coverage of Check Point findings and implications for developer workstations.
• The Hacker News: Claude Code RCE and Key Exfiltration - Technical breakdown of exploitation chains.
• SecurityWeek: Developer Devices Exposed - Analysis of silent attack vectors in Claude Code project files.
• HackerOne: Report Claude Code Vulnerabilities - Official responsible disclosure channel.