security

Open-source security scanner for AI agents, MCP servers, and agent skills. It auto-discovers installed agent components and checks them for prompt injection, tool poisoning, secrets, malware payloads, and related risks.

Open-source platform for governing AI agents across clouds and stacks, with a control plane, sidecar-based data plane, policy enforcement, observability, and audit trails.

Open-source agentic mesh for governing AI agents across enterprise systems, with identity, policy enforcement, audit trails, observability, and Kubernetes-native deployment.

A TypeScript static scanner that finds AI agent tool calls with no checks before they can trigger real-world side effects. It supports CLI scanning, JSON output, a generated tool-call registry, and CI/pre-commit enforcement.

Local guardrails for AI coding agents that intercept destructive actions before they execute, now extended to Git hooks for commit and push enforcement.

A zero-config CLI that scans repositories for AI-slop patterns like missing .env.example files, committed secrets, large files, duplicated code, TODO drift, and missing tests, then returns a Vibe Score from 0 to 100.

Beacon is an open-source endpoint telemetry layer for local AI agents. It captures supported activity from tools like Claude Code, Codex CLI, Gemini CLI, OpenCode, Factory Droid, Claude Cowork, and Cursor, then normalizes events for local inspection or forwarding to SIEM pipelines.

A honeypot telemetry and threat intelligence service with searchable IP lookups, recent scanner data, and an MCP/JSON-RPC API for agents and developers.

Open-source security scanner and firewall for MCP servers. It scans configs for common MCP risks, enforces runtime policies on tool calls, and produces audit logs, with CLI commands, policy examples, and a programmatic API.

A secure Model Context Protocol server that gives AI assistants controlled terminal access with risk analysis, sandboxing, logging, filesystem protection, and optional Docker and Git features.

An interactive lab for tracing how AI-assisted engineering workflows can reach repos, CI/CD, credentials, tools, approvals, and proof trails.

Runtime governance and containment for AI agents. Faramesh sits between an agent and its tools to enforce policy checks, approval steps, credential isolation, and tamper-evident audit logs before risky actions execute.

A security product for Claude Code that reviews application architecture inside the IDE via MCP, with contextual assessments, prioritized mitigations, and continuous re-checks as the codebase changes.

A Mac-resident MCP server that lets AI agents access Apple services like Mail, Calendar, iCloud Drive, Voice Memos, Reminders, and Contacts over a Tailscale network with per-token ACLs and audit logging.

HookGuard is a CLI security scanner for AI coding agent configuration files. It looks for malicious hooks, invisible Unicode, credential exfiltration patterns, and prompt-injection text in files like CLAUDE.md, AGENTS.md, Cursor rules, and GitHub Copilot instructions.

Open-source Python DDoS traffic monitor that prints live traffic stats to stdout and can output JSON for pipelines and tooling.

A survey of eight tools that sit between AI agents and the services they call, covering credential injection, interception, policy enforcement, and mocking/testing. The page explains what each tool is for, where it fits, and what to watch out for.

A weekly security audit of Atlassian’s remote MCP server, focused on OAuth 2.1, RFC 9728 discovery, PKCE, DCR, and token handling. The page documents why the server’s discovery chain fails and includes HTTP evidence links.

A Docker-based sandbox for running AI coding agents with dropped capabilities, no-new-privileges, and no Docker socket access. It wraps the pi terminal coding agent and supports local file edits, persistent auth, and skills mounts.

Repolog scans a live website and produces a ranked audit covering on-page SEO, Core Web Vitals, security checks, and AI readiness for major AI search and assistant platforms.

A metadata-first trust control plane for authorized security workflows, evidence retention, release trust, and business-flow proof. The repository includes role-based docs, quick-start commands, safety boundaries, and release-trust materials.

Docker blog post about a real AI coding agent failure and how Docker Sandboxes aim to contain destructive execution mistakes.