# ai-security-scanning

Control plane for autonomous AI agents

Keycard is the control plane for autonomous agents, providing identity verification, policy enforcement, and scoped access management. Resolves agent identity, enforces security policies, and issues time-limited resource-specific access tokens. Provides full visibility into every agent action with drift detection, automatic remediation, and integrations with Datadog, Linear, GitHub, and other services for agent-driven incident response and security operations.

AI testing and evaluation for agents and LLM apps

RagaAI Catalyst is a comprehensive Python SDK for observability, monitoring, and evaluation of LLM and agentic applications. Provides agent tracing with execution graph visualization, self-hosted dashboard with analytics, synthetic data generation, multi-metric evaluation framework, and guardrail management. Built for teams running production RAG systems and AI agents who need systematic testing, debugging, and performance optimization workflows.

LLM vulnerability scanner and red teaming kit

Agentic Security is an open-source vulnerability scanner for LLM agent workflows that tests AI systems against jailbreaks, fuzzing, and multimodal attacks. It probes weaknesses across text, image, and audio inputs through multi-step jailbreak simulations, randomized stress testing, and reinforcement learning-powered adaptive attacks. The toolkit connects directly to LLM APIs for high-volume real-world attack scenarios, helping developers identify and patch safety gaps before deployment.

AI red teaming and infrastructure security scanner by Tencent

AI-Infra-Guard is Tencent's open-source AI security platform providing one-click evaluation of AI infrastructure risks across five modules. It covers insecure config detection, multi-agent workflow evaluation, MCP server scanning across 14 risk categories, vulnerability scanning for 55+ AI frameworks with 1,000+ CVE mappings, and jailbreak evaluation for prompt robustness. Deployable via Docker with academic backing from Peking and Fudan Universities.

AI model validation and risk management platform

Robust Intelligence is an AI risk management platform that validates ML models for security, fairness, and reliability before and after deployment. It provides automated stress testing, bias detection, data drift monitoring, and model risk scoring for enterprise compliance. Serves Fortune 500 customers in financial services, healthcare, and insurance with continuous AI validation aligned to regulatory frameworks.

AI/ML supply chain security and model risk management

Protect AI is a YC-backed AI security company focused on ML supply chain protection. Its platform includes ModelScan for detecting malicious code in model files, Guardian for model repository security policies, and NB Defense for Jupyter notebook scanning. Advocates for SLSA-style supply chain standards for ML, helping organizations secure the full pipeline from training data to production model deployment.