MEDUSA from Pantheon Security is an AI-focused security scanner for repositories and application workflows that include machine-learning code, LLM integrations, agents, MCP components, or RAG pipelines. Its CLI-oriented workflow is designed to bring AI-specific checks into developer and DevSecOps review paths.
Official project materials highlight detection areas such as prompt injection, MCP vulnerabilities, RAG and repository poisoning, secrets, and compromise patterns involving agent-development environments. Those checks complement conventional scanning by focusing on risks introduced by prompts, retrieval content, tool connections, and AI-oriented project files.
MEDUSA is licensed under AGPL-3.0-or-later, which can affect deployment and redistribution decisions and should be reviewed before organizational adoption. Detection coverage and rule-count claims are point-in-time project claims, and the scanner should complement rather than replace complete SAST, SCA, secrets management, dependency review, and human security testing.