The AI Security Tool Landscape: 237 Mapped
A searchable, filterable map of 237 AI security tools — pentest and red-team agents, LLM guardrails, agent and MCP security, AI-powered detection and response, and more. Curated by StationX from commercial platforms and the open-source ecosystem.
More filters
Show all 41 sec filters
Showing 237 of 237 tools
Tip: tap a column heading to sort.
| Name ↑ | Category ↕ | Sub-category ↕ | Licensing ↕ | Cost ↕ | Description | Links |
|---|---|---|---|---|---|---|
| Lakera Guard | AI Cybersecurity | Prompt Firewalls & Guardrails | Proprietary | Free + Paid | Real-time AI security. Detects prompt injection, jailbreaks, PII leaks, toxic content. Model-agnostic. | Site |
| NVIDIA NeMo Guardrails | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Programmable guardrails. Colang configuration language for custom safety logic. | Site |
| LLM Guard | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Toolkit for securing LLM interactions. Modular input/output scanners. | Site |
| Caldera | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | AI agent supervision platform. Runtime monitoring and control of agent actions. Note: different from MITRE Caldera (Apache 2.0, adversary emulation). | Site |
| XBOW | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | Autonomous offensive security -- expert-level pentesting at machine speed without human intervention. | Site |
| Escape | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Free + Paid | AI-powered API and application security testing discovering business logic flaws. | Site |
| Terra Security | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | First comprehensive agentic AI pentesting platform for web apps with human supervision. | Site |
| PentestGPT | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | AI-powered pentesting toolkit using LLMs as interactive reasoning copilot. | Site |
| Pentera | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | Automated security validation -- full pentesting lifecycle from discovery to exploitation. | Site |
| Hadrian | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | AI offensive platform continuously mapping attack surfaces and autonomously exploiting vulns. | Site |
| Hexstrike AI | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | AI pentesting MCP framework with 150+ security tools and 12+ autonomous agents. | Site |
| Mindgard | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | AI pentesting platform specifically testing AI/ML models against adversarial attacks. | Site |
| Burp Suite (Burp AI) | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Free + Paid | Industry-standard web app scanner now with AI-enhanced vulnerability detection. Community free; Pro/Enterprise paid. | Site |
| Nuclei (ProjectDiscovery) | AI Cybersecurity | Vulnerability, Cloud & DFIR | Open Source | Free + Paid | Scanner with 10K+ YAML templates and AI-assisted template generation. Open-source core; cloud paid. | Site |
| Tenable AI Aware | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Paid | Enterprise vuln management covering 65K+ CVEs with AI module for discovering shadow AI. | Site |
| Snyk (AI Security Fabric) | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Free + Paid | Developer-first security covering code/containers/IaC + AI models and agents. | Site |
| Aikido Security | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Free + Paid | All-in-one DevSecOps combining SAST, DAST, SCA, container scanning with AI prioritisation. | Site |
| Intruder | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Paid | Cloud vulnerability scanner with AI-assisted prioritisation for teams without dedicated security. | Site |
| Picus Security | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | BAS platform continuously validating security controls against real-world attack scenarios. | Site |
| AttackIQ | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | Automated adversary emulation with AI-driven security control validation. | Site |
| Cymulate | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | CTEM platform combining BAS, ASM, and automated red teaming with AI optimisation. | Site |
| SafeBreach | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | BAS simulating attacks across full kill chain with 30K+ scenario playbook. | Site |
| Scythe | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | Adversary emulation platform with AI-assisted campaign construction. | Site |
| Maltego | AI Cybersecurity | Recon & Narrow ML | Proprietary | Free + Paid | Visual link analysis and OSINT with AI-powered relationship mapping across 100+ sources. Community Edition free. | Site |
| SpiderFoot | AI Cybersecurity | Recon & Narrow ML | Open Source | Free + Paid | Automated OSINT from 200+ data sources. Open-source core; SpiderFoot HX cloud paid. | Site |
| Censys | AI Cybersecurity | Recon & Narrow ML | Proprietary | Free + Paid | Internet-wide scanning with AI for asset discovery and exposure monitoring. | Site |
| Shodan | AI Cybersecurity | Recon & Narrow ML | Proprietary | Free + Paid | Search engine for internet-connected devices with ML device fingerprinting. | Site |
| Dreadnode | AI Cybersecurity | Pentest & Red-Team Agents | Source-Available | Free + Paid | AI-powered offensive security research accelerating vulnerability research and exploit dev. | Site |
| Google Big Sleep | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Enterprise | Google Project Zero AI that autonomously found real-world zero-day vulnerabilities. | Site |
| Huntr (Protect AI) | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Free | World's first bug bounty platform exclusively for AI/ML. 17K+ researchers, 2,520+ CVEs disclosed. | Site |
| HackerOne | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | Leading bug bounty with AI-accelerated triage and researcher matching. | Site |
| Bugcrowd | AI Cybersecurity | Pentest & Red-Team Agents | Proprietary | Paid | Crowdsourced security with AI matching vulnerability types to specialised researchers. | Site |
| Splunk (Cisco) | AI Cybersecurity | Detection & Response | Proprietary | Paid | Industry-leading SIEM with agentic AI Triage Agent and AI Playbook Authoring. | Site |
| Microsoft Sentinel | AI Cybersecurity | Detection & Response | Proprietary | Paid | Cloud-native SIEM/SOAR with Copilot for Security for natural-language hunting. | Site |
| Google SecOps (Chronicle) | AI Cybersecurity | Detection & Response | Proprietary | Paid | Unified SIEM/SOAR/TI platform with Gemini AI and Mandiant intelligence. | Site |
| SentinelOne Singularity SIEM | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-native SIEM with Purple AI for natural-language security analysis. | Site |
| Exabeam | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-driven SIEM with best-in-class UEBA for insider threat detection. | Site |
| Hunters | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-driven next-gen SIEM investigating multiple alerts simultaneously. | Site |
| Stellar Cyber | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-native SecOps combining SIEM, NDR, Open XDR for MSSPs. | Site |
| Microsoft Security Copilot | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI assistant across Microsoft security portfolio. NL investigation, autonomous agents for phishing/DLP/identity. | Site |
| Torq HyperSOC | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-first hyperautomation with Socrates "omni-agent" as autonomous SOC analyst. | Site |
| D3 Security (Morpheus) | AI Cybersecurity | Detection & Response | Proprietary | Paid | Autonomous AI SOC -- 100% alert coverage, 95% triaged in under 2 minutes. | Site |
| Intezer | AI Cybersecurity | Detection & Response | Proprietary | Free + Paid | Forensic AI SOC using code-level DNA analysis, endpoint forensics, and reverse engineering. | Site |
| Dropzone AI | AI Cybersecurity | Detection & Response | Proprietary | Paid | First AI SOC analyst replicating elite analyst techniques. Deploys in 30 minutes. | Site |
| Prophet Security | AI Cybersecurity | Detection & Response | Proprietary | Paid | Agentic AI SOC Analyst with explainable reasoning. Strong MSSP focus. | Site |
| Exaforce | AI Cybersecurity | Detection & Response | Proprietary | Paid | Agentic SOC covering full lifecycle from L1 through L3. | Site |
| Radiant Security | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI SOC scaling existing teams with agentic AI. | Site |
| CrowdStrike (Charlotte AI) | AI Cybersecurity | Detection & Response | Proprietary | Paid | Industry-leading XDR with Charlotte AI for autonomous cross-platform investigation. | Site |
| SentinelOne (Purple AI) | AI Cybersecurity | Detection & Response | Proprietary | Paid | Autonomous EDR/XDR using behavioural AI -- no signatures needed. | Site |
| Palo Alto Cortex XSIAM | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-driven SecOps unifying SIEM + SOAR + XDR + ASM in single platform. | Site |
| Darktrace | AI Cybersecurity | Detection & Response | Proprietary | Paid | Self-learning AI detecting novel threats via unsupervised ML -- no rules or signatures. | Site |
| Vectra AI | AI Cybersecurity | Detection & Response | Proprietary | Paid | AI-driven detection with patented Attack Signal Intelligence. 80%+ alert noise reduction. | Site |
| Microsoft Defender XDR | AI Cybersecurity | Detection & Response | Proprietary | Paid | Unified XDR across endpoints, identity, email, cloud with AI attack disruption. | Site |
| Abnormal AI | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | Behavioural AI detecting sophisticated social engineering and BEC that bypasses traditional filters. | Site |
| Proofpoint (Nexus AI) | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | Enterprise email security with Nexus AI for multi-layered threat detection. 99.99% stop rate. | Site |
| Sublime Security | AI Cybersecurity | Threat Intel & Identity | Source-Available | Free + Paid | AI email security with transparent, customisable, open detection engine. Core free/self-host; Enterprise paid. | Site |
| Darktrace / NETWORK | AI Cybersecurity | Detection & Response | Proprietary | Paid | Self-learning NDR creating bespoke "pattern of life" for every device/user. | Site |
| Vectra AI Platform | AI Cybersecurity | Detection & Response | Proprietary | Paid | NDR with Attack Signal Intelligence across network, cloud, and identity. | Site |
| ExtraHop Reveal(x) | AI Cybersecurity | Detection & Response | Proprietary | Paid | Cloud-native NDR with real-time SSL/TLS decryption and AI asset discovery. | Site |
| Corelight | AI Cybersecurity | Detection & Response | Open Source | Free + Paid | Open NDR on Zeek with AI-enhanced detection and deep forensic evidence. Zeek OSS free; platform paid. | Site |
| Wiz | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Paid | Agentless CNAPP with security graph + AI CNAPP securing AI workloads in cloud. | Site |
| Palo Alto Prisma Cloud | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Paid | Comprehensive CNAPP with AI-driven risk prioritisation and auto-remediation. | Site |
| Orca Security | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Paid | Agentless cloud security with GenAI-powered analyst for investigations. | Site |
| SentinelOne Cloud | AI Cybersecurity | Vulnerability, Cloud & DFIR | Proprietary | Paid | AI cloud security with Offensive Security Engine simulating real attack paths. | Site |
| Recorded Future | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | AI-powered threat intelligence across open/deep/dark web with predictive capabilities. | Site |
| Google Threat Intelligence (Mandiant) | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | Mandiant expertise + Google visibility + Gemini AI analysis. | Site |
| CrowdStrike Falcon Intelligence | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | AI threat intelligence integrated into Falcon with automated attribution. | Site |
| Anomali ThreatStream | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | 300+ threat feeds with AI correlation and enrichment. | Site |
| CrowdStrike Falcon Identity | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | AI identity security unifying ITDR, PAM, and identity protection. | Site |
| Silverfort | AI Cybersecurity | Threat Intel & Identity | Proprietary | Paid | Agentless identity security extending MFA to any resource including legacy. | Site |
| Microsoft PyRIT | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | AI red teaming toolkit supporting multi-modal adversarial testing. | Site |
| DeepTeam | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | 40+ attack simulations covering OWASP LLM Top 10 + built-in guardrails. | Site |
| Promptfoo | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free + Paid | AI security CLI for red-teaming and evaluating LLMs. 127 Fortune 500 customers. | Site |
| Meta Purple Llama | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | LLM safety tools including CyberSecEval for insecure code detection. | Site |
| IBM ART | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Comprehensive adversarial ML library with 15+ attack categories. | Site |
| NVIDIA Garak | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | "Nmap for LLMs" -- probes for hallucination, data leakage, prompt injection, jailbreaks. | Site |
| LLMFuzzer | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Fuzzing framework for LLM applications with CI/CD integration. | Site |
| Giskard | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free + Paid | AI model testing for vulnerabilities, biases, and regressions. OSS library free; Hub enterprise paid. | Site |
| Protect AI Guardian | AI Cybersecurity | Model & Supply Chain Security | Proprietary | Enterprise | Scans 35+ ML model formats for malicious code and backdoors. Acquired by Palo Alto Networks. | Site |
| HiddenLayer | AI Cybersecurity | Model & Supply Chain Security | Proprietary | Paid | End-to-end AI security -- supply chain, model scanning, runtime protection. Gartner Cool Vendor. | Site |
| Cisco AI Defense | AI Cybersecurity | Model & Supply Chain Security | Proprietary | Paid | AI firewall + algorithmic red teaming + model assessment. Formerly Robust Intelligence. | Site |
| CalypsoAI | AI Cybersecurity | Model & Supply Chain Security | Proprietary | Paid | Inference-time protection with AI Model Security Leaderboard. Acquired by F5. | Site |
| Holistic AI | AI Cybersecurity | AI Posture & Governance | Proprietary | Paid | AI governance mapping to EU AI Act, NIST AI RMF, ISO 42001. | Site |
| Trylon Gateway NEW | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Open-source LLM firewall — a self-hosted proxy between your app and OpenAI/Gemini/Claude that blocks prompt injection, redacts PII, and enforces custom policies in real time. | Site |
| Vigil NEW | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Python library and REST API scanning LLM prompts and responses for injections and jailbreaks — layered YARA signatures, transformer classifiers, and vector-similarity detection. Alpha / research status. | Site |
| Prompt Security NEW | AI Cybersecurity | Prompt Firewalls & Guardrails | Proprietary | Paid | Enterprise GenAI security platform — prompt-injection defence, data-leak prevention, and shadow-AI visibility across employees, applications, and agents. | Site |
| Cloudflare Firewall for AI NEW | AI Cybersecurity | Prompt Firewalls & Guardrails | Proprietary | Paid | Edge-layer firewall for LLM applications — discovers AI endpoints and detects prompt injection and PII in requests before they reach your model. | Site |
| Lasso Security NEW | AI Cybersecurity | Prompt Firewalls & Guardrails | Proprietary | Paid | GenAI security platform covering employees, applications, and agents — shadow-AI discovery, DLP for LLM traffic, and jailbreak protection. | Site |
| Harmonic Security NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Zero-touch GenAI data protection — discovers unapproved AI tools and masks or redacts sensitive data in prompts in real time before it reaches the model. | Site |
| WitnessAI NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Agentless, network-level observability of employee AI activity — captures prompts and responses, applies policy, and governs agentic AI at runtime. | Site |
| Cyberhaven NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Data-lineage platform tracing how sensitive data flows into AI tools — unifies DSPM, DLP, and insider risk into one AI and data security platform. | Site |
| Nightfall AI NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Cloud-native GenAI DLP stopping sensitive data being pasted or uploaded into AI chatbots across browser, SaaS, and endpoints, plus shadow-AI discovery. | Site |
| Varonis NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Data-security-first platform (DSPM, classification, blast radius) extended with AI inventory, shadow-AI discovery, posture management, and runtime guardrails. | Site |
| Cyera NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | DSPM for AI — discovers where sensitive data lives across cloud and SaaS and assesses whether and how it can flow into AI tools and workflows. | Site |
| Microsoft Purview NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Paid | Data security and governance for Microsoft estates — sensitivity labels, DLP, and Copilot AI usage visibility and controls across Microsoft 365. | Site |
| Netskope NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | SSE platform with GenAI app security — discovers sanctioned and shadow AI apps and enforces real-time, granular usage and data policies inline. | Site |
| Zscaler NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Zero-trust platform with AI asset management — inventories the organisation's AI footprint including AI embedded in SaaS, with inline prompt inspection and DLP. | Site |
| LayerX NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Agentless browser-extension security turning any browser into a governed workspace — shadow-AI visibility and real-time prompt-level DLP. | Site |
| Reco NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Identity-centric SaaS security discovering shadow AI by mapping AI tools and integrations to human and non-human identities across the SaaS estate. | Site |
| Grip Security NEW | AI Cybersecurity | Shadow AI & Data Security | Proprietary | Enterprise | Identity-driven SaaS and AI discovery and governance — finds AI apps via identity and access data, then enforces SSO, offboarding, and access revocation. | Site |
| Wiz AI-SPM NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Enterprise | AI security posture management in a CNAPP — discovers AI models, pipelines, and shadow AI across clouds, then prioritises misconfigurations via attack-path analysis. | Site |
| Prisma AIRS NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Enterprise | Palo Alto's end-to-end AI security platform — model scanning and posture management plus runtime defence, automated AI red-teaming, and AI agent security. | Site |
| Credo AI NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Enterprise | Dedicated AI governance platform — risk assessments, policy packs, auto-generated model cards, and third-party AI vendor risk management. | Site |
| OneTrust NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Enterprise | Privacy and GRC platform with AI governance — unified AI asset inventory, automated intake, risk assessment and approval workflows, continuous oversight. | Site |
| IBM watsonx.governance NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Paid | Enterprise AI lifecycle governance — bias and drift detection, explainability, and regulatory applicability assessment including the EU AI Act. | Site |
| Vanta NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Paid | Compliance automation with continuous control monitoring and framework support including the EU AI Act and ISO 42001. | Site |
| Drata NEW | AI Cybersecurity | AI Posture & Governance | Proprietary | Paid | Compliance automation for the EU AI Act — automated evidence collection, real-time control monitoring, and cross-framework mapping. | Site |
| AI Fairness 360 NEW | AI Cybersecurity | AI Posture & Governance | Open Source | Free | Open-source toolkit of metrics and algorithms to detect and mitigate bias in ML models and datasets across the AI lifecycle. | Site |
| Fairlearn NEW | AI Cybersecurity | AI Posture & Governance | Open Source | Free | Open-source Python toolkit to assess and improve fairness of ML models, with mitigation algorithms and disparity dashboards. | Site |
| Reality Defender NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Multimodal deepfake detection API and platform scoring video, audio, and images in real time across contact-centre, KYC, hiring, and exec-comms workflows. | Site |
| Sensity AI NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Multilayer forensic analysis of video, image, and audio deepfakes via web app, API, and SDK, with sub-second verdicts and KYC liveness integration. | Site |
| Pindrop NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Voice and video fraud detection flagging cloned or synthetic audio in live calls and meetings, built for contact centres and enterprise comms. | Site |
| Hive AI NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Free + Paid | Developer-friendly APIs detecting AI-generated or manipulated images, video, and audio at scale, with confidence scores for moderation and fraud pipelines. | Site |
| Intel FakeCatcher NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Real-time video deepfake detector reading photoplethysmography blood-flow signals in facial pixels to verify a live human on camera in milliseconds. | Site |
| GetReal Security NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Content authentication and deepfake forensics protecting enterprises from social engineering, voice scams, and impersonation in high-stakes workflows. | Site |
| Sumsub NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Identity verification platform whose liveness engine flags deepfaked selfies and manipulated media during KYC onboarding worldwide. | Site |
| iProov NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Biometric liveness verification providing genuine-presence assurance, blocking presentation attacks and deepfake injection in face-based identity checks. | Site |
| AU10TIX NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Automated ID document and face verification with deepfake and synthetic-identity detection built into high-volume onboarding flows. | Site |
| Modulate Velma NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Free + Paid | Synthetic-voice detection for live calls and recorded audio — public basic version plus a higher-accuracy commercial API tier. | Site |
| Arya.ai NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Cross-modal deepfake detection API scanning selfies, video, and audio in real time for identity fraud and spoofing. | Site |
| CloudSEK NEW | AI Cybersecurity | Deepfake Detection | Proprietary | Enterprise | Digital risk platform combining deepfake and impersonation detection with threat intel, brand monitoring, and dark-web visibility for early warning. | Site |
| Deepware Scanner NEW | AI Cybersecurity | Deepfake Detection | Open Source | Free | Free deepfake video scanner (web, API, and open-source SDK) analysing uploaded files or URLs for facial manipulation and lip-sync anomalies. | Site |
| DeepFake-o-Meter NEW | AI Cybersecurity | Deepfake Detection | Open Source | Free | Academic open platform bundling many state-of-the-art detection models for images, video, and audio behind one upload-and-analyse interface. | Site |
| nuclei-autotriage | AI Cybersecurity | Detection & Response | Open Source | Free | Two-stage LLM triage (falsifier + red-team pass) of Nuclei JSONL findings via OpenAI-compatible endpoints (vLLM/Ollama). | Site |
| seclab-taskflow-agent | AI Cybersecurity | Detection & Response | Open Source | Free | YAML-driven taskflow agent framework for triaging CodeQL/SAST alerts and filtering false positives. | Site |
| honeyslop | AI Cybersecurity | Detection & Response | Open Source | Free | Code-canary decoys to triage AI-hallucinated ("slop") vulnerability reports flooding bug-bounty programs. | Site |
| nano-analyzer | AI Cybersecurity | Detection & Response | Open Source | Free | Minimal three-stage LLM pipeline (context → scan → skeptical triage) for zero-day discovery in C/C++. | Site |
| SigmaOptimizer | AI Cybersecurity | Detection & Response | Open Source | Free | Generates, tests, and refines Sigma rules from real logs with false-positive checking. | Site |
| AI-Infra-Guard | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Full-stack AI red-teaming platform covering OpenClaw security scan, agent scan, skills scan, MCP scan, AI-infra vulnerability scan, and LLM jailbreak evaluation. | Site |
| SkillSpector | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Security scanner for AI-agent skills used by Claude Code, Codex CLI, Gemini CLI, and similar ecosystems; combines static analysis, AST/YARA/taint checks, optional LLM semantic review, MCP least-privilege/tool-poisoning checks, risk scoring, and SARIF/JSON/Markdown output. | Site |
| agent-scan | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Security scanner for AI agents, MCP servers, and agent skills; the successor path for the original Invariant Labs mcp-scan work. | Site |
| AgentShield | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Security scanner for AI-agent configurations, MCP servers, hooks, and tool permissions with CLI, GitHub Action, and app workflows. | Site |
| skill-scanner | AI Cybersecurity | Agent & MCP Security | Source-Available | Free + Paid | Scanner for agent skills combining YAML + YARA patterns, LLM-as-a-judge, and behavioral dataflow analysis (Codex / Cursor skill formats). | Site |
| mcp-scanner | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Scanner for MCP servers and agentic tool surfaces, covering tools, prompts, resources, package risk, malware indicators, and deployment readiness. | Site |
| agentic-radar | AI Cybersecurity | Agent & MCP Security | Source-Available | Free + Paid | CLI security scanner for agentic workflows (LangGraph, CrewAI, n8n, etc.) — maps tools/data flows and flags risks. | Site |
| MCP-Security-Checklist | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Security checklist for MCP clients, servers, multi-MCP deployments, lifecycle controls, authz/authn, isolation, and crypto-specific MCP integrations. | Site |
| Anthropic-Cybersecurity-Skills | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Large community cybersecurity skill library for AI agents, mapped to MITRE ATT&CK, NIST CSF, MITRE ATLAS, D3FEND, and NIST AI RMF. | Site |
| Claude-BugHunter | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Claude Code / agent-skill bundle for authorized bug hunting and external red-team workflows across web, API, identity, cloud, recon, reporting, Burp MCP, slash commands, and the cbh CLI. | Site |
| AgentDojo | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Benchmark environment for prompt-injection attacks and defenses in tool-using LLM agents. | Site |
| ToolHive | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Platform for running MCP servers in isolated containers with per-request identity/access policy, registry and gateway workflows, audit logs, Kubernetes operator support, and observability hooks. | Site |
| Pipelock | AI Cybersecurity | Agent & MCP Security | Open Source | Free | AI-agent firewall and verifiable egress-control layer mediating HTTP, WebSocket, CONNECT, MCP, and A2A traffic to detect prompt injection, secret exfiltration, SSRF, and suspicious outbound actions. | Site |
| onecli | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Credential gateway and encrypted vault for AI agents; injects real API credentials at the gateway so agents only see placeholder keys. | Site |
| microsandbox | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Local-first, microVM-backed programmable sandboxes for AI agents with SDKs, CLI, MCP support, and rootless hardware isolation. | Site |
| defenseclaw | AI Cybersecurity | Agent & MCP Security | Source-Available | Free + Paid | Enforcement and evidence layer for agentic deployments: static CodeGuard checks, sandboxing, registry ingestion with SSRF guards, and audit/observability. | Site |
| clawsec | AI Cybersecurity | Agent & MCP Security | Open Source | Free | Security skill suite for OpenClaw-family agents; AGPL-3.0 licensed. | Site |
| Adversarial Robustness Toolbox (ART) | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | Flagship machine-learning security library for evaluating and defending models against evasion, poisoning, extraction, and inference attacks across major ML frameworks. | Site |
| Foolbox | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | Classic Python toolbox for generating adversarial examples and benchmarking robustness of PyTorch, TensorFlow, and JAX models. | Site |
| modelscan | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | Scans ML model files for unsafe serialization patterns and embedded code, with a focus on model serialization attacks. | Site |
| Fickling | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | Python pickle decompiler, rewriter, and static analyzer for inspecting and detecting malicious pickle/PyTorch payloads. | Site |
| Medusa | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | AI-first security scanner for AI/ML repos, agents, and MCP surfaces; AGPL-3.0 licensed. | Site |
| gym-malware | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | OpenAI Gym environment for reinforcement-learning agents that mutate PE malware to evade static ML malware detectors. | Site |
| deep-pwning | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | Historical "Metasploit for machine learning" framework for experimenting with adversarial robustness of ML models. | Site |
| GuardDog | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | CLI for detecting malicious PyPI, npm, Go, RubyGems, GitHub Actions, and VSCode extension packages using Semgrep rules and package-metadata heuristics. | Site |
| package-analysis | AI Cybersecurity | Model & Supply Chain Security | Open Source | Free | Sandboxed static/dynamic analysis pipeline for open-source packages, capturing filesystem, process, and network behavior and publishing data for malicious-package research. | Site |
| PentAGI | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Fully autonomous multi-agent pentest framework with Docker sandboxing. | Site |
| CAI – Cybersecurity AI | AI Cybersecurity | Pentest & Red-Team Agents | Source-Available | Free + Paid | Modular, bug-bounty-ready agent framework supporting 300+ LLM models. MIT for research; separate commercial license for production/on-prem. | Site |
| Strix | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Autonomous "AI hackers" that dynamically run code and validate vulnerabilities with PoCs (Apache-2.0). | Site |
| hackingBuddyGPT | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Minimal (~50 LOC) research framework for LLM-driven Linux priv-esc and web pentesting (FSE'23). | Site |
| Nebula | AI Cybersecurity | Pentest & Red-Team Agents | Source-Available | Free + Paid | AI pentesting CLI assistant with local-LLM support (Llama-3.1, Mistral, DeepSeek). | Site |
| Burp Suite MCP Server | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Official Burp Suite extension exposing Burp to AI clients through MCP. | Site |
| pentest-ai | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Offensive-security MCP server with 200+ wrapped tools, specialist agents, and OWASP-oriented probes for authorized testing. | Site |
| pentest-ai-agents | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Collection of Claude Code offensive-security subagents for authorized penetration-testing research. | Site |
| DarkMoon | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Autonomous AI penetration-testing platform that orchestrates specialized web, AD, Kubernetes, CMS, and framework agents through an MCP-controlled Docker toolbox with local privacy-tokenization for sensitive target data. | Site |
| T3MP3ST | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Autonomous offensive-security meta-harness that wraps local or API-backed coding agents into a multi-agent recon-to-exploit workflow with MCP/API, War Room UI, tool arsenal, and committed benchmark artifacts. | Site |
| Shannon | AI Cybersecurity | Pentest & Red-Team Agents | Source-Available | Free + Paid | White-box autonomous AI pentester with strong XBOW-benchmark results. *Shannon Lite is AGPL-3.0; Shannon Pro is commercial.* | Site |
| PentestAgent | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Black-box AI pentest framework with MCP, multi-agent spawning, and persistent sessions. | Site |
| Pentest-Swarm-AI | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Swarm-intelligence multi-agent pentest with stigmergic blackboard coordination (Go). | Site |
| hackGPT | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | LLM offensive-security toolkit. | Site |
| regulator | AI Cybersecurity | Recon & Narrow ML | Open Source | Free | Learns and ranks regex-like naming patterns from known subdomains to generate likely new candidates. | Site |
| eyeballer | AI Cybersecurity | Recon & Narrow ML | Open Source | Free | Convolutional neural network that classifies pentest/recon screenshots (login pages, webapps, old-looking sites, parked domains, and custom 404s) for attack-surface triage. | Site |
| GyoiThon | AI Cybersecurity | Recon & Narrow ML | Open Source | Free | Machine-learning-assisted web intelligence tool that fingerprints products, versions, CVEs, login pages, debug messages, and related web-server signals from HTTP responses. | Site |
| ffufai | AI Cybersecurity | Recon & Narrow ML | Open Source | Free | AI wrapper around the ffuf web fuzzer that suggests file extensions and paths from the target URL and headers using OpenAI or Anthropic models. | Site |
| PassGAN | AI Cybersecurity | Recon & Narrow ML | Open Source | Free | WGAN that learns password distributions from leaks to generate guesses; historical reference implementation of the PassGAN paper (MIT). | Site |
| Phishing Email Detection DistilBERT v2.4.1 | AI Cybersecurity | Recon & Narrow ML | Open Source | Free | DistilBERT text-classification model for email and URL phishing detection, trained on a public Hugging Face phishing-email dataset. | Site |
| Vulnhuntr | AI Cybersecurity | Code Security & Fuzzing | Open Source | Free | Zero-shot vulnerability discovery in Python repos via LLM call-chain analysis; credited with a 0-day RCE in Ragflow. | Site |
| deepsec | AI Cybersecurity | Code Security & Fuzzing | Open Source | Free | Agent-powered security harness for scanning large codebases with coding agents, resumable parallel runs, custom matchers, and optional revalidation. | Site |
| claude-code-security-review | AI Cybersecurity | Code Security & Fuzzing | Source-Available | Free + Paid | Official Claude-based semantic SAST GitHub Action that reviews PR diffs. | Site |
| IRIS | AI Cybersecurity | Code Security & Fuzzing | Open Source | Free | Neurosymbolic SAST combining LLMs with CodeQL for Java vulnerability detection (MIT). | Site |
| sast-skills | AI Cybersecurity | Code Security & Fuzzing | Open Source | Free | Agent skills that turn AI coding assistants into a multi-agent SAST scanner. | Site |
| oss-fuzz-gen | AI Cybersecurity | Code Security & Fuzzing | Open Source | Free | LLM-driven fuzz-harness generation for OSS-Fuzz; reported 26 real vulnerabilities (incl. CVE-2024-9143 in OpenSSL). | Site |
| ChatAFL | AI Cybersecurity | Code Security & Fuzzing | Open Source | Free | LLM-guided protocol fuzzing extending AFLNet (NDSS'24). | Site |
| ps-fuzz | AI Cybersecurity | LLM Red-Teaming & Testing | Source-Available | Free + Paid | System-prompt hardening fuzzer; 16 attacks × 16 providers. | Site |
| FuzzyAI | AI Cybersecurity | LLM Red-Teaming & Testing | Source-Available | Free + Paid | Automated LLM fuzzer for jailbreaks/prompt injection. | Site |
| promptmap | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Prompt-injection scanner for custom LLM applications in white-box and black-box modes; GPL-3.0 licensed. | Site |
| TI-Mindmap-GPT | AI Cybersecurity | Threat Intel & Identity | Open Source | Free | Streamlit app: AI summaries, mindmaps, IOC/TTP extraction, and ATT&CK Navigator layers. | Site |
| aiocrioc | AI Cybersecurity | Threat Intel & Identity | Open Source | Free | LLM + OCR IOC extraction (pulls IOCs from images/PDFs). | Site |
| ThreatIngestor | AI Cybersecurity | Threat Intel & Identity | Open Source | Free | Extracts/aggregates IOCs from feeds; integrates with MISP/ThreatKB (pairs well with LLM post-processing). | Site |
| IATelligence | AI Cybersecurity | Threat Intel & Identity | Open Source | Free | Explains imported Windows APIs in PE files via GPT and maps to MITRE ATT&CK. | Site |
| MCP_Security | AI Cybersecurity | Threat Intel & Identity | Open Source | Free | MCP server (ORKL) for querying the ORKL threat-intel API. | Site |
| soctalk | AI Cybersecurity | Detection & Response | Open Source | Free | LangGraph SOC automation agent with MCP integrations for Wazuh, Cortex, TheHive, and MISP plus mock-agent test lab. | Site |
| Vigil SOC | AI Cybersecurity | Detection & Response | Open Source | Free | Open-source AI SOC with readable Python agents, Markdown playbooks, and MCP integrations for triage, investigation, hunting, response, reporting, and forensics. | Site |
| agentic-soc-platform | AI Cybersecurity | Detection & Response | Open Source | Free | Agentic SOC platform (LangGraph/Dify) with local-LLM support. | Site |
| SigmAIQ | AI Cybersecurity | Detection & Response | Open Source | Free | pySigma wrapper and LangChain toolkit for automatic Sigma rule creation and translation; LGPL-2.1 licensed. | Site |
| AttackGen | AI Cybersecurity | Detection & Response | Open Source | Free | LLM-driven incident-response scenario generator using MITRE ATT&CK + ATLAS. | Site |
| Gepetto | AI Cybersecurity | Reverse Engineering | Open Source | Free | IDA Pro plugin: GPT adds comments and meaningful variable names. | Site |
| ida-pro-mcp | AI Cybersecurity | Reverse Engineering | Open Source | Free | MCP bridge for IDA Pro exposing decompile, disassemble, xref, rename, and debugging workflows to LLM clients. | Site |
| GhidraMCP | AI Cybersecurity | Reverse Engineering | Open Source | Free | MCP server exposing Ghidra reverse-engineering ops to any MCP-capable LLM. | Site |
| ReVa | AI Cybersecurity | Reverse Engineering | Open Source | Free | Ghidra-focused reverse-engineering assistant with MCP support, Claude Skills integration, and long-form analysis workflows. | Site |
| GhidrAssistMCP | AI Cybersecurity | Reverse Engineering | Open Source | Free | Native Ghidra MCP extension with broad tool coverage, headless support, and security-sensitive tool gating. | Site |
| ghidra-mcp | AI Cybersecurity | Reverse Engineering | Open Source | Free | Ghidra MCP server with large tool coverage, GUI plugin, headless server, and lazy tool loading. | Site |
| LLM4Decompile | AI Cybersecurity | Reverse Engineering | Open Source | Free | Research project for binary-to-C decompilation with LLMs; code is MIT, but model weights use a more restrictive license. | Site |
| burpgpt | AI Cybersecurity | Reverse Engineering | Open Source | Free | Burp Suite extension integrating GPT for passive scanning. | Site |
| agentic_security | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Agentic LLM vulnerability scanner and AI red-team kit for jailbreaks, prompt injection, fuzzing, and API stress testing. | Site |
| Guardrails AI | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Python framework for adding input/output guards, validators, structured-output controls, and Guardrails Hub checks to LLM applications. | Site |
| LangKit | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | LLM monitoring toolkit extracting safety/security signals such as jailbreak similarity, prompt-injection similarity, hallucination checks, PII patterns, toxicity, and refusal metrics. | Site |
| Rebuff | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Archived prompt-injection detector (heuristics + LLM + vector DB + canary tokens). | Site |
| Counterfit | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | ML/AI penetration-testing automation tool. | Site |
| AI-Red-Teaming-Playground-Labs | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | CTFd-based AI red-team training challenges. | Site |
| EasyJailbreak | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Framework for building and testing adversarial jailbreak prompts. | Site |
| TextAttack | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Python framework for adversarial attacks, data augmentation, and training for NLP models; useful for robustness testing beyond chat-only LLM scanners. | Site |
| GPTFuzz | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Research framework for red-teaming LLMs with auto-generated jailbreak prompts. | Site |
| HarmBench | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | ICML 2024 standardized evaluation framework for automated red-teaming and robust-refusal benchmarking. | Site |
| llm-attacks (GCG) | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Canonical Greedy Coordinate Gradient adversarial-suffix attack implementation for transferable attacks on aligned language models. | Site |
| JailbreakBench | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | NeurIPS 2024 open robustness benchmark and leaderboard for generating and defending against LLM jailbreaks. | Site |
| llm-security | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Original PoC for indirect prompt-injection attacks. | Site |
| prompt-injection-defenses | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Curated catalog of practical defenses against prompt injection. | Site |
| DeBERTa v3 Prompt Injection v2 | AI Cybersecurity | Prompt Firewalls & Guardrails | Open Source | Free | Apache-licensed prompt-injection classifier usable via Transformers pipelines and ONNX. | Site |
| Prompt Guard 86M | AI Cybersecurity | Prompt Firewalls & Guardrails | Source-Available | Free | Meta prompt-injection and jailbreak classifier from the Llama Guard family. | Site |
| SecGPT | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Open cybersecurity-tuned LLM family for vulnerability analysis, log/traffic investigation, anomaly detection, attack/defense reasoning, command analysis, and security Q&A. | Site |
| Trendyol Cybersecurity LLM v2 70B | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Defense-focused cybersecurity LLM based on Llama-3.3-70B, trained on an alignment-safe security instruction dataset for SOC, cloud, AppSec, detection, and vulnerability-management workflows. | Site |
| WhiteRabbitNeo 2.5 Qwen Coder 7B | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Cybersecurity-oriented Qwen2.5-Coder fine-tune positioned for offensive and defensive security assistance. | Site |
| Lily-Cybersecurity-7B-v0.2 | AI Cybersecurity | LLM Red-Teaming & Testing | Open Source | Free | Mistral-7B-Instruct fine-tune for cybersecurity assistance, trained on hand-crafted security and hacking-related instruction pairs. | Site |
| Beelzebub | AI Cybersecurity | Detection & Response | Open Source | Free | Low-code honeypot using LLMs to simulate SSH/HTTP/MCP services (Go). | Site |
| DECEIVE | AI Cybersecurity | Detection & Response | Open Source | Free | Proof-of-concept LLM-powered SSH honeypot that evaluates sessions as benign, suspicious, or malicious. | Site |
| shelLM | AI Cybersecurity | Detection & Response | Open Source | Free | LLM-powered SSH honeypot (paper *"LLM in the Shell"*). | Site |
| VelLMes | AI Cybersecurity | Detection & Response | Open Source | Free | Multi-protocol LLM honeypot framework (successor to shelLM). | Site |
| llm-honeypot | AI Cybersecurity | Detection & Response | Open Source | Free | Cowrie SSH honeypot extended with prompt-injection traps to detect LLM hacker agents. | Site |
| SWE-agent (EnIGMA) | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | EnIGMA offensive-CTF mode; SOTA on NYU CTF, InterCode-CTF, and Cybench (v0.7 branch). | Site |
| inspect_evals | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Maintained Inspect AI evaluation suite containing multiple cyber benchmarks and tasks. | Site |
| Damn Vulnerable LLM Agent | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Deliberately vulnerable LangChain ReAct agent for practicing prompt-injection and Thought/Action/Observation injection attacks. | Site |
| claude-bug-bounty | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Claude Code plugin orchestrating recon → vuln classes → reporting. | Site |
| ai-exploits | AI Cybersecurity | Pentest & Red-Team Agents | Open Source | Free | Real-world AI/ML exploits (Metasploit modules + Nuclei templates) for MLflow, Ray, H2O. | Site |
| EscalateGPT | AI Cybersecurity | Vulnerability, Cloud & DFIR | Open Source | Free | GPT-based discovery of privilege-escalation paths in AWS IAM policies. | Site |
| llm_osint | AI Cybersecurity | Vulnerability, Cloud & DFIR | Open Source | Free | Proof-of-concept LLM OSINT framework using knowledge and web agents for internet research workflows. | Site |
| ai_osint | AI Cybersecurity | Vulnerability, Cloud & DFIR | Open Source | Free | Curated AI-OSINT dorks, queries, and techniques for discovering exposed LLM and AI infrastructure. | Site |
| mcp-dnstwist | AI Cybersecurity | Vulnerability, Cloud & DFIR | Open Source | Free | MCP server for dnstwist DNS fuzzing to support typosquatting, phishing, and lookalike-domain analysis. | Site |
| osintgpt | AI Cybersecurity | Vulnerability, Cloud & DFIR | Open Source | Free | OpenAI embeddings + Qdrant over OSINT corpora. | Site |
No tools match your filters
Try removing a filter or clearing your search.
Frequently asked questions
What are AI security tools?
AI security tools use machine learning or large language models to do security work — finding vulnerabilities, running penetration tests, triaging SOC alerts, detecting threats — or they secure AI systems themselves: guarding LLMs against prompt injection and jailbreaks, auditing AI agents and MCP servers, and protecting the AI/ML supply chain. This map covers both sides.
What's the difference between AI for security and securing AI?
AI for security applies AI to classic security jobs: pentest and red-team agents, AI-powered SAST, detection and response, threat intelligence. Securing AI protects the AI itself: LLM red-teaming and guardrails, prompt-injection defence, model and supply-chain security, and agent/MCP security. The categories here keep the two sides distinct so you can filter for either.
What are the best AI penetration testing tools?
The Pentest & Red-Team Agents category compares autonomous pentest agents and AI-assisted offensive tools side by side — from open-source agents like PentestGPT and CAI to commercial platforms. Filter by licensing to see only open-source options, or by cost to compare commercial pricing models.
Are these AI security tools open source?
Many are — this map is curated from both commercial security platforms and the open-source ecosystem (only notable, actively maintained projects make the cut). Every tool is tagged by licensing and cost, so one click shows only open-source or only free tools.
How is this AI security tool list kept up to date?
It's a living map maintained by StationX, refreshed regularly as tools launch and the ecosystem shifts. Open-source entries are re-synced from a curated upstream list with a notability bar (GitHub stars and maintenance), so abandoned projects drop out and new flagship tools appear.
New to building with AI? Start with the free book.
Become the Cyber Security Expert the AI Era Demands — our free web-book on directing AI to build real, secure systems.
A living map maintained by StationX. Tools move fast — categories overlap, and many tools span several. Spotted something missing or out of date? This list is updated regularly.