Anamarija Pogorelec, Senior Staff Writer, Help Net Security
July 8, 2026
20 open-
AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-sting, container security, endpoint protection, AI security, and penetration testing
![]()
AIMap: Open-
Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate limits. AIMap is an open-rints them, scores their exposure, and runs protocol-specific attack tests against authorized targets
AgentGG: Open-
Static analysis tools have spent years matchingists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a finding before they report it. The project is an open-
Agent Beacon: Open-
AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-runtimes and writes a normalized record of what each agent does across local, CI, and cloud-agent surfaces
Agent Threat Rules: Open detection rule format for AI agent security threats
AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, and credential theft. Public CVE feeds carry agent-execution flaws that reach production faster than the tooling built to catch them. Agent Threat Rules, or ATR, is an open detection format aimed at this category of attack
CVE Lite CLI: Open-
Dependency vulnerability scanning in JavaScript and TypeScript projects typically happens late in the development process, forcing developers to address vulnerabilities after code is written. CVE Lite CLI, now an OWASP Incubator Project, moves vulnerability scanning to the terminal, checking project lockfiles against the Open pnpm, Yarn, and Bun
DockSec: Open-
DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns a 0-100 security score, and proposes line-specific fixes
Lyrie: Open-
Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-sses that process into a command line tool and publishes the entire codebase
DarkMoon: Open-
Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises to narrow those gaps. A growing set of projects now hands the work to AI agents that plan and execute on their own. DarkMoon, an open-source platform, sits in that group. It runs a security assessment end to end and delivers an evidence-backed report at the finish.
Microsoft AntiSSRF open-
AntiSSRF is an open-connections to reduce server-side request forgery (SSRF) risks in web applications. It supports .NET and Node.js applications and is distributed under the MIT license. The library works as a drop-in component, giving developers a way to check untrusted input before their applications make outbound requests
Microsoft open-
Microsoft has open-t development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that stress-tests its own AI systems, and both tools have been used internally before being open-
Nika: Open-
Many web application vulnerabilities span multiple files, making them difficult for file-by-file scanners to detect. Nika, an open-va microservices, tracing untrusted input across application layers to identify exploitable data flows
OpenHack: Open-
AI coding assistants such as Claude Code, Codex, and Cursor are used for project from Hadrian, packages this approach into a file-based workspace that enables agent-driven code reviews across multiple coding harnesses, with durable state stored in plain files and support for human-in-the-loop approval
Open-vices
Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open- information before requests leave the network
OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory
AI agents rely on persistent memory across sessions, creating opportunities for attackers to inject malicious instructions that influence future behavior. Agent Memory Guard is an open-te using detection pipelines and policy-based controls
Pipelock: Open-
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-ab project, addresses this exposure by inserting an enforcement layer between agents and the network
Praxen: Open-
Praxen is an open-hat it claims to do. The tool takes an agent’s declared policy, looks at how the agent operates, and points out every spot where the two drift apart
Rustinel: Open-
Open-ed tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a Rust-based endpoint agent, is an attempt to collapse that work into a single codebase
Sandyaa: Open-
Source code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace how data moves through it, and produce working exploit code for the vulnerabilities it confirms. Their open-source tool, called Sandyaa, was released under an MIT license.
Vigolium: Open-
Vigolium, an open-AI-driven auditing. It includes 235+ scanner modules and an AI agent that automates endpoint discovery, attack planning, finding triage
Must read:
- Best practices for AI in open-source work
- Critical open-source projects get a new security framework
![]()
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!
More about

