Projects in Awesome Lists tagged with agent-security

https://github.com/msoedov/agentic_security

Agentic LLM Vulnerability Scanner / AI red teaming kit 🧪

agent-framework agent-security ai-red-team llm-evaluation llm-evaluation-framework llm-fuzzer llm-fuzzer-aggregator llm-fuzzing llm-guardrails llm-jailbreaks llm-scanner llm-security llm-vulnerabilities prompt-testing

Last synced: 06 Sep 2025

https://github.com/pegasi-ai/reins

Stop AI agents from doing things you didn't ask for.

agent-observability agent-security ai-monitoring ai-safety audit-trail browser-automation claude-code-marketplace claude-code-plugin claude-code-skill cua human-in-the-loop intervention mcp openclaw-security

Last synced: 09 Jun 2026

https://github.com/openguardrails/agentfw

An AI agent firewall on the wire.

agent-security agent-security-eval ai-agent-security guardrails indirect-prompt-injection model-route zero-trust-firewall

Last synced: 13 Jun 2026

https://github.com/duncatzat/vigils

A local control plane for AI agents — see what they do, approve what matters, keep secrets out. Rust + Tauri + Chrome MV3.

agent-security ai-agents audit-log desktop llm local-first pii rust sandbox tauri

Last synced: 13 Jun 2026

https://github.com/eqtylab/cupcake

A native policy enforcement layer for AI coding agents. Built on OPA/Rego.

agent-security alignment claude-code coding-agents cursor factory-ai gemini-cli hooks llm-as-a-judge mcp opa opencode

Last synced: 13 Jun 2026

https://github.com/matank001/cursor-security-rules

This repository contains Cursor Security Rules designed to improve the security of both development workflows and AI agent usage within the Cursor environment. These rules aim to enforce safe coding practices, control sensitive operations, and reduce risk in AI-assisted development.

agent-security agents ai aiagents cursor cursor-rules cursor-security cursorrules security

Last synced: 17 Jan 2026

https://github.com/Agent-Threat-Rule/agent-threat-rules

Open detection standard -- like Sigma, but for AI agents. 311 rules, Cisco AI Defense, 97.1% garak recall.

agent-security agent-threat-rules ai-security garak llm-security mcp-security owasp owasp-agentic prompt-injection sigma-rules threat-detection

Last synced: 04 May 2026

https://github.com/lasso-security/mcp-gateway

A plugin-based gateway that orchestrates other MCPs and allows developers to build upon it enterprise-grade agents.

agent agent-security gateway gen-ai genai genai-security generative-ai mcp mcp-client mcp-security mcp-server proxy python

Last synced: 03 Jul 2025

https://github.com/cisco-ai-defense/a2a-scanner

Scan A2A agents for potential threats and security issues

a2a-protocol a2a-server agent-security security-scanner

Last synced: 12 Feb 2026

https://github.com/sinewaveai/agent-security-scanner-mcp

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

agent-security ai-security auto-fix claude-code cline codex cursor hallucination-detection llm-security mcp mcp-server openai-codex openclaw owasp prompt-injection sast security supply-chain-security vulnerability-scanner windsurf

Last synced: 06 Mar 2026

https://github.com/siddhant-k-code/agentic-authz

Fine-grained authorization for AI agents using OpenFGA.

agent agent-auth agent-authentication agent-security fine-grained-authorization openfga-client

Last synced: 31 May 2026

https://github.com/peg/rampart

Open-source firewall for AI agents. Policy engine that audits and controls what OpenClaw, Claude Code, Cursor, Codex, and any AI tool can do on your machine.

agent-security ai-agents ai-security audit-trail claude-code cli codex devtools golang ld-preload llm mcp openclaw policy-engine prompt-injection secure-ai-agents secure-openclaw security security-openclaw

Last synced: 06 May 2026

https://github.com/jnMetaCode/shellward

AI Agent Security Middleware — 8-layer defense, DLP data flow, prompt injection detection, zero dependencies. SDK + OpenClaw plugin.

agent-security ai-agent ai-firewall ai-safety ai-security claude-code cursor data-exfiltration dlp guardrails langchain llm-security mcp mcp-security openclaw pii-detection prompt-injection runtime-security security shellward

Last synced: 02 Apr 2026

https://github.com/agentrhq/authsome

Credential vault for AI agents. Log in once via Oauth2 or API Key. Every agent stays authenticated — headless, no SaaS, agents never see your credentials.

agent-identity agent-security ai-agents api-keys authentication claude-code cli credential-manager developer-tools headless hermes-agent llm local-first mcp oauth2 openclaw python secrets-management security-tools vault

Last synced: 06 Jun 2026

https://github.com/agent-threat-rule/agent-threat-rules

Open detection standard for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and MCP attacks. Community-driven -- contributions welcome.

agent-security ai-security llm-security mcp-security owasp prompt-injection sigma-rules threat-detection

Last synced: 06 Jun 2026

https://github.com/prismer-ai/signet

Proof layer for AI agents. Cryptographically verify every action.

agent-security ai-agents audit-trail autogen claude-code crewai cryptographic-signing cursor ed25519 langchain mcp mcp-security mcp-tools open-source python rust security signing typescript wasm

Last synced: 26 Apr 2026

https://github.com/szesnasty/ai-protector

Ship AI agents with guardrails — not prayers. Self-hosted runtime protection for LLMs and tool-calling agents: block prompt injection, enforce tool permissions, redact sensitive data, and control what agents are allowed to do.

agent-security ai-agents ai-security guardrails langgraph llm-firewall llm-security openai-compatible prompt-injection self-hosted

Last synced: 07 Apr 2026

https://github.com/opena2a-org/opena2a

Open-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.

agent-security ai-agents ai-security claude-code compliance copilot credential-protection cursor llm-security mcp open-source security-tools vulnerability-scanner

Last synced: 29 Apr 2026

https://github.com/doronp/agentshield-benchmark

Open benchmark for AI agent security tools — prompt injection, data exfiltration, tool abuse, provenance

agent-security ai-security benchmark guardrails llm-security prompt-injection

Last synced: 22 Feb 2026

https://github.com/trnt-ai/trent-openclaw-security-assessment

Free security assessment for your OpenClaw 🦞 environment. Scans gateway config, tool permissions, MCP servers, plugins, and chained attack paths.

agent-security agentic-security ai-security ai-security-tool llm-security openclaw openclaw-security openclaw-skills skill

Last synced: 02 Jun 2026

https://github.com/taoq-ai/ziran

自然 ZIRAN is an open-source security testing framework for AI agents. It discovers dangerous tool chain compositions via knowledge graph analysis, detects execution-level side effects (not just text output), and runs multi-phase trust exploitation campaigns that model real attacker behaviour.

a2a-protocol agent-security ai-security crewai cybersecurity langchain llm-security mcp owasp penetration-testing pentesting python red-teaming vulnerability-scanners

Last synced: 22 May 2026

https://github.com/darfaz/clawmoat

🦀 Security moat for AI agents. Runtime protection against prompt injection, tool misuse, and data exfiltration.

agent-security ai-security autogen crewai cybersecurity guardrails langchain llm-security openclaw owasp prompt-injection

Last synced: 01 Mar 2026

https://github.com/msaleme/red-team-blue-team-agent-fabric

332-test security harness for autonomous AI agents. MCP, A2A, x402/L402, AIUC-1 pre-cert, NIST AI 800-2 aligned. 97.9% HRAO-E validated. Now with MCP server.

a2a-protocol agent-security ai-agents ai-security aiuc-1 apt-simulation attestation blue-team decision-governance enterprise-security gdpr l402 mcp mcp-server multi-agent nist owasp red-team security-testing x402

Last synced: 09 Apr 2026

https://github.com/cloudmorphai/cloudmorph-tessera

Deterministic firewall for MCP agent tool calls. YAML policies, hash-chained audit, blast-radius scoring, multi-cloud cost intelligence.

agent-security agentic-ai ai-security aws azure mcp policy-as-code python

Last synced: 24 May 2026

https://github.com/mvar-security/clawzero

Deterministic execution boundary for AI agents. IFC enforcement at the sink. 5 frameworks. 50 attack vectors. Apache 2.0.

agent-security ai-security autogen crewai deterministic-policy execution-boundary information-flow-control langchain mvar openclaw prompt-injection

Last synced: 03 Apr 2026

https://github.com/kosiorkosa47/honeymcp

Open-source honeypot for MCP (Model Context Protocol) servers. Collects threat intel on attacks against the AI agent ecosystem.

agent-security ai-security anthropic claude cybersecurity honeypot llm-security mcp model-context-protocol rust threat-intelligence

Last synced: 05 May 2026

https://github.com/admina-org/admina

The open framework for governed AI development: EU AI Act compliance, PII redaction, MCP proxy, prompt-injection firewall. Python + Rust, Apache 2.0

agent-security ai-compliance ai-governance ai-observability ai-safety crewai data-sovereignty eu-ai-act forensic-logging langchain llm-security llmops mcp ollama pii-redaction prompt-injection python responsible-ai rust

Last synced: 07 Jun 2026

https://github.com/rul1an/assay

CI-native evidence compiler for agent systems: MCP policy enforcement, evidence receipts, Trust Basis claims, and reviewable artifacts.

agent-security ai-agents ai-security ci cyclonedx evidence evidence-bundles evidence-receipts github-actions mcp mcp-server openfeature policy-as-code policy-enforcement promptfoo provenance rust sbom supply-chain-security trust-basis

Last synced: 26 May 2026

https://github.com/arpitcoder/aegrail

The runtime contract for AI agents in production. Scoped identity, hard budget kill-switches, forensic-grade audit log.

agent-security ai-agents ai-governance infrastructure llm observability python runtime

Last synced: 15 May 2026

https://github.com/agent-pattern-labs/agent-proof

Action-bound proof challenges for verifying fresh autonomous AI-agent work.

action-bound actionproof agent-security agent-verification ai-agent bot-detection challenge-response npm-package proof-of-work typescript

Last synced: 23 May 2026

https://github.com/0-co/company

AI-operated company. Building agent-friend: universal tool adapter for AI agents. @tool → OpenAI, Claude, Gemini, MCP. Live 24/7 on Twitch.

agent-eval agent-friend agent-security ai-agent autonomous-ai building-in-public exponential-backoff human-in-the-loop interactive-cli llm-tools mcp-security open-startup personal-ai-agent python structured-logging twitch zero-dependencies

Last synced: 18 Mar 2026

https://github.com/kisyntra/agent_sudo

Local permission gateway for AI agents with approvals, delegation, audit logging, and MCP integration.

agent-governance agent-security agentic-ai ai-agents ai-safety audit-logging authorization claude-desktop codex codex-skill developer-tools hermes-agent hermes-plugin human-in-the-loop mcp model-context-protocol openclaw-plugin python security tool-approvals

Last synced: 02 Jun 2026

https://github.com/viplavfauzdar/aisecops-interceptor

AISecOps Interceptor — Runtime security layer for AI agents

agent-runtime agent-security ai-agents ai-governance ai-security llm-guardrails llm-security policy-engine prompt-injection

Last synced: 03 Jun 2026

https://github.com/sint-ai/sint-protocol

Open protocol and reference stack for governing AI agent actions in physical and safety-critical systems

a2a agent-security ai-governance ai-safety audit-log capability-tokens industrial-iot mavlink mcp opcua open-standard physical-ai policy-engine protocol robotics ros2

Last synced: 18 Apr 2026

https://github.com/dgenio/agent-kernel

Capability-based authorization and policy enforcement for agents using large MCP and A2A tool ecosystems.

a2a agent-security ai-agents authorization capability-based-security mcp policy-engine python

Last synced: 07 Jun 2026

https://github.com/shanemhamilton/llm-prompt-guard

TypeScript prompt-injection firewall for LLMs. Zero deps, sub-millisecond. Block/excise/quarantine/tag modes, encoding-bypass resistance, canary validation, output exfil scanning. OWASP LLM01.

agent-security ai ai-security defense-in-depth exfiltration-detection firewall generative-ai input-validation llm llm-security nodejs owasp-llm-top-10 prompt-injection rag-security sanitizer security spotlighting typescript unicode-normalization zero-dependencies

Last synced: 14 Jun 2026

https://github.com/capiscio/langchain-capiscio

Trust enforcement for LangChain and LangGraph agents — verify caller badges, enforce security policies, and emit audit events via LCEL composable guards. Powered by CapiscIO.

a2a agent-2-agent agent-identity agent-security ai ai-agent langchain langgraph python

Last synced: 18 Jun 2026

https://github.com/askalf/warden

A deterministic, offline firewall for AI-agent tool calls — green/yellow/red/black risk tiers, secret-exfil & prompt-injection blocking, tamper-evident audit. Runs as a Claude Code hook or MCP proxy.

agent-security ai-agents claude-code firewall llm-security mcp own-your-stack prompt-injection security ssrf

Last synced: 26 Jun 2026

https://github.com/seconize-co/dhi

Dhi - Runtime Intelligence & Protection System. Sanskrit: Intellect | Perception | Clear Vision. Kernel-space eBPF security monitoring for AI agents.

agent-security agentic-ai ai-agents ebpf kernel linux monitoring runtime-protection runtime-security sandboxing security threat-detection

Last synced: 02 Apr 2026

https://github.com/mizcausevic-dev/identity-mesh

SPIFFE-style workload identity broker for AI agents. Short-lived JWT-SVIDs, audience binding, zero long-lived API keys. Zero-trust identity layer for agent fleets.

agent-security ai-agents ciso credential-rotation jwt-svid oidc python spiffe workload-identity zero-trust

Last synced: 01 Jun 2026

https://github.com/calvin1989/skillflowguard

Workflow-level security auditor for cross-skill risks in agent skill ecosystems.

agent-security ai-safety llm-security prompt-injection python security-tools workflow-security

Last synced: 31 May 2026

https://github.com/askalf/keeper

own your agent secrets — an encrypted vault that hands agents scoped, short-lived, single-use leases instead of raw keys, and audits every access. Completes the agent-security stack (warden · canon · keeper). Part of Own Your Stack.

agent-security ai-agents credentials least-privilege own-your-stack secrets security vault

Last synced: 26 Jun 2026

https://github.com/guangxiangdebizi/tool-output-spoofing-lab

Benchmarking schema-valid false tool observations and defense baselines for tool-using LLM agents.

agent-security agentdojo ai-safety benchmark llm-agents mcp prompt-injection rag-security tool-output-spoofing tool-use toolsandbox

Last synced: 08 Jun 2026

https://github.com/carlos-projects/agentforensics

Post-incident forensics for AI agents — record, reconstruct, and analyze agent behavior after security events

agent-security ai-agents ai-forensics forensic-analysis incident-response mcp-security timeline-reconstruction

Last synced: 27 May 2026

https://github.com/bryteai/toolwall

A tool-boundary firewall for LLM agents. 100%→9.7% attack success rate on a 200-case bench, 4 LoC, Apache-2.0.

agent-security agentdojo ai-firewall ai-safety ai-security crewai echoleak huggingface indirect-prompt-injection injecagent langgraph llm-guardrails mcp mcp-security owasp-asi-top-10 prompt-injection red-team tool-calling tool-poisoning

Last synced: 23 May 2026

https://github.com/cloakmaster/foxbook

Verifiable agent identity for A2A and MCP. Cryptographic claims, append-only transparency log, recovery-key revocation. Apache 2.0.

a2a agent-identity agent-security agent-verification agent2agent agentic-ai ai-agents cryptography decentralized-identity did ed25519 json-schema jws mcp merkle-tree model-context-protocol protocol rfc-9162 transparency-log typescript

Last synced: 03 May 2026

https://github.com/nicholasraimbault/skytale

End-to-end encrypted channels for AI agents. Zero-knowledge relay, traffic-invisible wire protocol, MLS (RFC 9420). Python & TypeScript SDKs.

a2a agent-communication agent-security ai-agents crewai e2e-encryption encryption end-to-end-encryption langgraph mcp mls multi-agent openai-agents privacy python python-sdk rust slim typescript typescript-sdk

Last synced: 12 Mar 2026

https://github.com/askalf/agent-security-stack

The open-source agent-security stack — warden + canon + keeper — composed into one layered defense. Vet the tool, contain the call, give it a key it never holds. Part of Own Your Stack.

agent-security ai-agents demo mcp own-your-stack prompt-injection security

Last synced: 26 Jun 2026

https://github.com/euanmcrosson-dotcom/mcp-guard

Drop-in deterministic policy layer for MCP-using AI agents. Synthesizes tool-call policies from observed indirect-injection gaps and evaluates each tool call at the agent's tool-call boundary.

agent-security ai-security defensive-security llm-security mcp policy prompt-injection

Last synced: 15 Jun 2026

https://github.com/askalf/canon

own your agent skills — vet, sign & pin every skill & MCP server before it runs. The supply-chain gate for AI agents (pairs with warden's runtime firewall). Part of Own Your Stack.

agent-security ai-agents mcp own-your-stack prompt-injection provenance security skills supply-chain

Last synced: 26 Jun 2026

https://github.com/matte1782/sota-bench

Open AI-for-security validation benchmark: non-LLM scorer + a SOTA-validation loop. Labeled positive corpus withheld pending coordinated disclosure.

agent-security ai-security cwe-862 evaluation llm-security ml-security security-benchmark vulnerability-detection

Last synced: 21 Jun 2026

https://github.com/thecolonycc/attestation-envelope-spec

Cross-platform attestation envelope spec for agent-native claims. Pointer-based evidence, custodian-signed coverage metadata, sigchain over a typed witnessed claim.

agent-identity agent-security ai-agents attestation colony cryptography ed25519 json-schema provenance specification thecolony verifiable-credentials