The AI Agent Security Lifecycle

Nine open-source tools. One security lifecycle. Pick the stage you're in.

Discover

Identify risk across your AI agent surface

OpenA2A CLI
Unified entry point that orchestrates all security tools through adapter commands
HackMyAgent
147 security checks, 55 adversarial payloads, auto-fix with rollback, OASB compliance
AIM
Cryptographic identity, capability policies, trust scoring, and audit logging for AI agents
OASB
222 standardized attack scenarios across 8 vulnerability categories with compliance scoring

Defend

Protect credentials, access, and runtime behavior

Secretless AI
Keeps credentials out of AI context windows across Claude Code, Cursor, Copilot, and more
ARP
Runtime process, network, and filesystem monitoring with protocol-aware AI endpoint detection
AI Browser Guard
Chrome extension that detects, monitors, and controls AI agents operating in your browser

Validate

Verify trust, benchmark compliance, train teams

DVAA
Deliberately vulnerable AI agent platform with 10 agents, 18 CTF challenges, and 3 protocol types
ai-trust
Trust verification CLI for AI packages

Start here

Developer

I’m building an agent

Sets up identity, scans for credentials, detects scope drift, and gives you a trust score.

$ npx opena2a-cli init
Get started
Security

I’m auditing agents

147 security checks, adversarial payloads, OASB compliance benchmark, and auto-fix.

$ npx hackmyagent secure
Get started
Manager

I’m evaluating the ecosystem

Understand how tools fit together, then try the CLI on any project in 30 seconds.

Read the architecture
Get started

All tools

Each tool works standalone or through the OpenA2A CLI unified interface.

OpenA2A CLI

Build

Unified entry point that orchestrates all security tools through adapter commands

WHODeveloper / DevOps / Security
HOWCLI
$ npx opena2a-cli init
Trust score 0-100Scope drift detectionConfig signingShadow AI detection
DocsGitHub

HackMyAgent

Scan

147 security checks, 55 adversarial payloads, auto-fix with rollback, OASB compliance

WHOSecurity / Developer
HOWCLI / Library
$ npx hackmyagent secure
147 checks / 30 categories55 attack payloadsAuto-fix + rollbackCIS-style reports
DocsGitHub

Secretless AI

Protect

Keeps credentials out of AI context windows across Claude Code, Cursor, Copilot, and more

WHODeveloper / DevOps
HOWCLI / Hook
$ npx secretless-ai init
49 credential patternsMulti-backend storageMCP server encryptionDLP transcript scanning
DocsGitHub

AIM

Build

Cryptographic identity, capability policies, trust scoring, and audit logging for AI agents

WHOEnterprise / DevOps / Security
HOWDocker / SDK / API
$ docker compose up
Ed25519 identityPolicy-as-code8-factor trust scoreMCP attestation
DocsGitHub

OASB

Scan

222 standardized attack scenarios across 8 vulnerability categories with compliance scoring

WHOSecurity / Compliance
HOWCLI / Library
$ npx opena2a-cli benchmark
222 test scenarios8 attack categories3 maturity levelsCompliance reports
DocsGitHub

ARP

Monitor

Runtime process, network, and filesystem monitoring with protocol-aware AI endpoint detection

WHODevOps / Security
HOWCLI
$ npx opena2a-cli runtime start
Process monitoringNetwork inspectionMCP/A2A/OpenAI detectionFilesystem watching
DocsGitHub

AI Browser Guard

Protect

Chrome extension that detects, monitors, and controls AI agents operating in your browser

WHOEnd User / Security
HOWChrome Extension
$ Install from Chrome Web Store
3-layer agent detectionEmergency kill switchDelegation wizardSession timeline
DocsGitHub

DVAA

Train

Deliberately vulnerable AI agent platform with 10 agents, 18 CTF challenges, and 3 protocol types

WHOSecurity / Trainer
HOWDocker
$ docker pull opena2a/dvaa
10 vulnerable agents18 CTF challengesMCP + A2A + OpenAIWeb dashboard
DocsGitHub

ai-trust

Verify

Trust verification CLI for AI packages. Queries the OpenA2A Registry for security scans, dependency risk, and known advisories.

WHODeveloper / DevOps
HOWCLI
$ npx ai-trust check <package>
Single-package trust lookupDependency auditBatch verification5 trust levelsScan on demandCommunity contributions
DocsGitHub

Coverage matrix

Map your threat model to the right tools. Every row is covered by at least two tools.

ThreatCLIHMASecretlessAIMOASBARPai-trustGuardDVAA
Hardcoded credentials
Prompt injection
MCP config tampering
Scope drift
Unauthorized agent access
Supply chain risk
Data exfiltration
Privilege escalation

How they connect

All tools work standalone. The CLI orchestrates them together.

OpenA2A CLI

npx opena2a-cli

HackMyAgentScan
Secretless AIProtect
AIMBuild
OASBScan
ARPMonitor
AI Browser GuardProtect
DVAATrain
ai-trustVerify
Get started with the CLI