# security-scanning

AI-powered file-type detection at Google scale

Open-source AI-powered file-type detection tool from Google that uses a custom deep-learning model under a few megabytes to identify more than 200 binary and textual content types in milliseconds, even on a single CPU. Magika ships as a CLI, Python package, JavaScript/TypeScript library, and an ONNX model, achieves around 99% accuracy on its test set, and is already used at Google scale across Gmail, Drive, and Safe Browsing as well as by VirusTotal and abuse.ch.

Security operations resilience for SOC teams

Fig provides a Security Operations Resilience platform designed for modern SOC teams facing both unplanned and planned changes. Features drift detection to catch unplanned infrastructure changes, automated drift repair with testing, planned change modeling to simulate initiatives before deployment, version control, and automatic deployment with rollbacks. Helps teams maintain security coverage while shipping risk-free at 10x speed and focusing on strategic cyber work.

Hunt down social media accounts by username across 400+ platforms

Sherlock is a Python CLI tool that searches for a given username across 400+ social networks and websites simultaneously. It is widely used in OSINT investigations, security audits, red teaming exercises, and digital footprint analysis. Sherlock is included in Kali Linux and Parrot Security distributions and has over 76,000 GitHub stars, making it one of the most popular open-source security tools.

Sandbox any command with file, network, and credential controls

Zerobox is a security-focused command sandboxing tool that isolates command execution with fine-grained controls over file system access, network connectivity, and credential exposure. It wraps any shell command in a secure container that enforces policy restrictions, preventing unauthorized file reads, network calls, or environment variable leaks during execution.

Static linter that catches production bugs in AI-generated code

prodlint is a zero-config static analysis tool with 52 rules targeting production bugs that AI coding tools consistently produce. It catches hallucinated npm imports, missing authentication checks, Prisma writes outside transactions, exposed secrets via NEXT_PUBLIC prefixes, and other patterns specific to code generated by Cursor, Claude Code, Bolt, and v0. Runs in one second via npx with no configuration needed.

Google's vulnerability scanner using the OSV database

OSV-Scanner is Google's official open-source vulnerability scanner that checks your project's dependencies against the OSV.dev database — the largest open vulnerability database covering all major ecosystems. Written in Go, it supports lockfiles from npm, pip, Maven, Cargo, Go modules, and more, providing actionable remediation guidance and CI/CD integration for automated security scanning.

Security scanner for MCP servers against tool poisoning attacks

MCP-Scan is a security tool that scans MCP servers for vulnerabilities including tool poisoning, prompt injection, cross-origin escalation, and rug pull attacks. Acquired by Snyk in 2026, it is the first dedicated security scanner for the MCP ecosystem. It analyzes tool descriptions, permissions, and behavior patterns to detect malicious or compromised MCP servers before they can exploit AI agents.

AI-powered CI reliability and flaky test management

Trunk is a developer tools platform that tackles CI reliability through AI-powered flaky test detection, automatic quarantine, and merge queue management. It uses ML-based statistical analysis to identify flaky tests, isolates them to prevent pipeline blocks, and creates GitHub issues for resolution. Used by Zillow, Brex, and Faire, with $28.5M in funding and support for all major test frameworks.

Cloud native runtime security for Kubernetes

Falco is a CNCF graduated open-source runtime security tool that detects unexpected behavior and threats across containers, Kubernetes, and cloud workloads in real time. Originally created by Sysdig, Falco monitors Linux kernel syscalls using eBPF and applies customizable detection rules to alert on malicious activity like container escapes, cryptojacking, unauthorized file access, and anomalous network connections. It supports 50+ alert output channels including SIEM integration.

AI framework for distributed vulnerability research

Taskflow Agent is an open-source MIT-licensed AI framework by GitHub Security Lab that automates vulnerability discovery through a three-stage pipeline: threat modeling, issue suggestion, and audit validation. It has discovered 91 confirmed vulnerabilities in major open-source projects including Outline and WooCommerce, using distributed community-powered security research coordinated by AI agents.

AI-native SAST with automated PR security reviews

ZeroPath is an AI-native SAST and AppSec platform recognized as an RSAC 2026 finalist that provides automated pull request security reviews with contextual feedback and natural-language fix suggestions. It catches secrets, IaC misconfigurations, and logic flaws in code changes, competing directly with established code review tools but with a security-first AI-native architecture.

DRM and IP protection for AI model weights

RefortifAI is a Y Combinator P2026 batch company that provides DRM and intellectual property protection for AI models by obfuscating model weights so they only run inside a hardened runtime. It solves the critical problem of model weight protection for companies distributing custom LLMs to untrusted environments, preventing IP theft while maintaining inference performance.

AI security triage for small engineering teams

Amplify Security is an AI-native security tool designed for small-to-mid engineering teams that automates the triage of security alerts and integrates directly into GitHub and GitLab workflows. It specifically addresses alert fatigue by using AI to prioritize high-risk findings over low-severity noise, offering a free tier for small teams that makes developer-first security accessible without enterprise budgets.

Continuous security scanning with AI and human expertise

Fluid Attacks integrates continuous vulnerability scanning into the SDLC by combining AI automation with human security expertise to verify critical flaws. The hybrid approach ensures that automated findings are validated by security researchers before reaching developers, reducing false positive noise while maintaining coverage across SAST, DAST, SCA, and infrastructure-as-code security scanning.

AI-automated pentesting with zero false positives

ZeroThreat is an automated penetration testing platform that uses AI to conduct comprehensive security audits, claiming to identify 500+ vulnerability types with zero false positives. It automates the traditionally expensive and manual red-teaming process, providing continuous security assessment for web applications with detailed remediation guidance and compliance-ready reporting.

Prompt fuzzing tool for LLM security testing

ps-fuzz by Prompt Security is a security testing tool with 660+ GitHub stars that fuzzes system prompts against dynamic LLM-based attack scenarios including jailbreaks, prompt injection, and data extraction attempts. It helps developers harden their GenAI applications by simulating adversarial attacks in a controlled environment, turning LLM security into a testable and reproducible quality gate.

Security scanner for AI model files

ModelScan by Protect AI is an open-source tool that scans machine learning model files for malicious or unsafe code before they are loaded into production. Supporting formats like Pickle, HDF5, SavedModel, and SafeTensors, it detects hidden code execution, deserialization attacks, and supply chain threats in the AI/ML model artifact pipeline, integrating into CI/CD as a critical security gate.

Open-source vulnerability management aggregator

DefectDojo is an open-source vulnerability management platform with 3,800+ GitHub stars that aggregates findings from dozens of security scanning tools into a single view for ranking, triaging, and tracking remediation. It serves as the operating system for security teams by normalizing data from SAST, DAST, container scanners, and dependency checkers into a unified workflow with deduplication and metrics.

Secret scanning across Git history and cloud storage

TruffleHog by Truffle Security scans for high-entropy strings and secrets across GitHub history, S3 buckets, and other data stores with 15,000+ GitHub stars. It goes beyond simple pattern matching by verifying whether discovered credentials are actually active and valid, significantly reducing false positives and helping teams prioritize remediation of truly exposed secrets.

Open-source secret detection for Git repositories

Gitleaks is an open-source SAST tool with 16,000+ GitHub stars that detects hardcoded secrets like passwords, API keys, and tokens in Git repositories. It scans both current code and full Git history to find accidentally committed credentials, integrating into CI/CD pipelines as a pre-commit hook or pipeline step to prevent secrets from ever reaching remote repositories.

AI-powered SAST for PR-time security analysis

CodeThreat provides pull request-time security analysis covering SAST, dependency vulnerability checks, and infrastructure-as-code risk review. Highly rated for its seamless GitHub integration, it catches security issues introduced by both human and AI-generated code before they reach production, with particular strength in identifying vulnerabilities from rapid vibe coding workflows.

AI-native AppSec that finds and fixes vulnerabilities

Corgea is an AI-native application security platform that uses LLMs to scan, triage, and automatically fix security vulnerabilities in code. Unlike traditional SAST tools that only detect issues, Corgea focuses on the remediation phase by generating context-aware fixes for vulnerabilities, significantly reducing the time engineering teams spend on security backlog while providing contextual PR reviews and IDE integrations.

All-in-one AI code review, security, and quality

CodeAnt AI is a Y Combinator-backed platform that bundles AI-powered pull request reviews, SAST security scanning, secret detection, IaC scanning, and DORA developer metrics into a single tool. Supporting 30+ programming languages and all major Git platforms including GitHub, GitLab, Bitbucket, and Azure DevOps, it has scanned over 50 million lines of code and auto-fixed 500,000+ issues across engineering teams worldwide.

AI-native security for coding agents

Corridor is an AI-native security platform that intercepts vulnerabilities at the code generation layer, providing real-time guardrails and automated PR security reviews for teams using AI coding agents like Cursor, Claude Code, and GitHub Copilot. Founded by former CISA Secure by Design lead Jack Cable and backed by $25M Series A from Felicis at a $200M valuation, Corridor embeds proactive security context into developer workflows via MCP server integration.