aicoolies logo
AI-Infra-Guard logo
AI-Infra-Guard logo

AI-Infra-Guard

AI red teaming and infrastructure security scanner by Tencent

open-sourceopen sourceupdated May 22, 2026
Visit Website →
Share

AI-Infra-Guard is Tencent's open-source AI security platform providing one-click evaluation of AI infrastructure risks across five modules. It covers insecure config detection, multi-agent workflow evaluation, MCP server scanning across 14 risk categories, vulnerability scanning for 55+ AI frameworks with 1,000+ CVE mappings, and jailbreak evaluation for prompt robustness. Deployable via Docker with academic backing from Peking and Fudan Universities.

AI-Infra-Guard is Tencent's open-source security platform that performs comprehensive red teaming and vulnerability assessment of AI infrastructure through five specialized scanning modules. ClawScan detects insecure configurations and known CVEs in AI deployment stacks, Agent Scan evaluates security risks in multi-agent workflows, MCP and Skills Scan identifies vulnerabilities across 14 major security risk categories in model serving configurations, the Infrastructure Vulnerability Scanner covers 55+ AI framework components with mappings to over 1,000 CVEs, and Jailbreak Evaluation tests prompt robustness against adversarial inputs.

The platform takes a holistic approach to AI security that goes beyond traditional application security tools. Rather than treating AI systems as standard web applications, AI-Infra-Guard understands the unique attack surfaces of machine learning infrastructure including model poisoning vectors, inference endpoint exposures, supply chain vulnerabilities in model dependencies, and weaknesses in agent orchestration layers. Each scanning module produces actionable findings with severity ratings and remediation guidance specific to AI deployment patterns.

Developed in collaboration with researchers from Peking University and Fudan University, AI-Infra-Guard can be deployed via Docker for one-click installation and assessment. The project has attracted 3,400 GitHub stars and maintains an actively updated vulnerability database with the latest release being v4.1.3. The Apache 2.0 licensed tool integrates with OpenClaw through its aig-scanner skill, enabling automated security assessments as part of continuous integration pipelines for teams deploying AI systems at scale.

Pricing

Free and open source under Apache 2.0 license

Platforms

Docker, Python, Linux

Categories

Tags

Use Cases

Alternatives

Related Tools

MEDUSA

AI-first security scanner for LLM, agent, MCP, and RAG codebases

MEDUSA is an AGPL-3.0 AI-first security scanner from Pantheon Security that checks AI and machine-learning applications, LLM agents, MCP workflows, RAG pipelines, repository-poisoning risks, secrets, and agent-specific compromise patterns.

open-sourceOpen Source
iFixAi logo

iFixAi

Open-source diagnostic for AI operational misalignment

iFixAi is an Apache-2.0 diagnostic tool for scoring AI agents and models against operational-misalignment risks such as hallucination, manipulation, sabotage, sandbagging, and oversight evasion.

open-sourceOpen Source

Inspect AI

UK AI Security Institute framework for LLM safety evaluations

Inspect AI is an MIT-licensed framework from the UK AI Security Institute for running large language model evaluations, including tool use, multi-turn dialogue, model-graded scoring, and reusable evaluation tasks.

open-sourceOpen Source

Presidio

Open-source PII detection and anonymization for AI data flows

Presidio is an MIT-licensed privacy framework for identifying and anonymizing personally identifiable information in text, images, and structured data. It can act as a de-identification layer around LLM prompts, logs, RAG corpora, and customer-data workflows.

open-sourceOpen Source
Better Stack logo

Better Stack

Better Stack is a hosted observability and incident-management platform that combines uptime monitoring, on-call workflows, status pages, logs, traces, metrics, error tracking, session replay, and an AI SRE interface. It is aimed at teams that want one SaaS control plane for telemetry and incident response.

freemiumTelemetry
HyperDX logo

HyperDX

HyperDX is the ClickStack UI for ClickHouse-backed observability. It provides a frontend for exploring logs, traces, metrics, session replay, dashboards, and alerts, with an OpenTelemetry-centered deployment path for teams that want a self-hosted or ClickHouse-aligned observability stack.

open-sourceOpen SourceTelemetry