Skip to main content
Start
Now
Principles
Agentic & GenAI
Projects
Writing
About
Resume
Contact Me
Open Source · MIT

agent-audit-kit

SAST scanner for AI agents. Full OWASP Agentic Top-10 + MCP Top-10.

SAST-style security scanner for agentic AI systems. Catches prompt-injection surfaces, tool-call abuse patterns, MCP STDIO injection (CVE-2026-30623), excessive agency, audit-trail gaps, and the rest of the OWASP Agentic + MCP threat surface — at static-analysis time, before the agent reaches production.

6stars
0forks
148rules
v0.3.24 · released 2026-05-23
GitHub repoPublic disclosures

Quickstart (~30 seconds)

Drop into any Python project. Outputs SARIF that GitHub Code Scanning understands natively.

pip install agent-audit-kit
agent-audit-kit scan ./your-agent-project --format sarif > agent-audit.sarif

Or use the GitHub Action for CI-time scanning on every PR.

Rule catalogue

148 rules across these families. Each rule ships with a working detector, a remediation snippet, and a SARIF severity.

AAK-001..010

OWASP Agentic Top-10

Full 10/10 coverage — prompt injection, sensitive info disclosure, supply-chain, data + model poisoning, improper output handling, excessive agency, tool integration risks, weak validation, audit trail gaps.

AAK-MCP-001..010

OWASP MCP Top-10

Full 10/10 coverage — STDIO config injection, MCP auth bypass, tool definition tampering, transport confusion, sandbox escape patterns, and the rest of the MCP threat surface.

AAK-CMPL-*

Compliance rule families

EU AI Act · SOC 2 · HIPAA · NIST AI RMF · ISO 42001 · India DPDP · Alabama HB 351 · Tennessee SB 1580 — each maps a subset of the rule catalogue.

What it catches that nothing else does

MCP STDIO config injection

Rule family for CVE-2026-30623 — unsanitised MCP STDIO configs that amount to RCE-by-design. Detected at config parse time. Most agent SAST tools don't cover the MCP transport at all.

Tool-call allow-list drift

Flags when an agent gains tool access that isn't in the declared allow-list — catches scope-creep before a deploy compounds it.

Audit-trail-gap detection

Static-analysis pass that flags agent runs that can't be reconstructed from logs alone — the audit-trail-first principle, enforced at CI time.

Capability-lease enforcement

Flags long-lived keys passed to tool calls when capability-leases (short-lived, scoped, revocable) are the safer pattern. Cross-checks against Okta NHI / Cisco AWI integration points.

Interoperates with

Microsoft Agent Governance Toolkit

OWASP-Agentic 10/10 coverage cross-mapped.

GitHub Marketplace

Listed as a SAST action — drop into any GitHub Actions workflow.

Use it in your CI today

MIT-licensed. Public roadmap. 48-hour CVE-to-rule SLA. Star the repo to track new rule families as they ship.

Star on GitHubPublic disclosures
Want it customised for your stack? Agent Security Audit — 2 weeks, $4,950. Custom rule pack + audit-trail review + prioritized playbook.