The AI Security Tool Landscape: 237 Mapped

A searchable, filterable map of 237 AI security tools — pentest and red-team agents, LLM guardrails, agent and MCP security, AI-powered detection and response, and more. Curated by StationX from commercial platforms and the open-source ecosystem.

237
Tools
14
Categories
125
Open Source
112
Commercial
Category
More filters
Licensing
Cost
sec
Show all 41 sec filters

Showing 237 of 237 tools

Tip: tap a column heading to sort.

Name Category Sub-category Licensing Cost Description Links
Lakera Guard AI Cybersecurity Prompt Firewalls & Guardrails Proprietary Free + Paid Real-time AI security. Detects prompt injection, jailbreaks, PII leaks, toxic content. Model-agnostic. Site
NVIDIA NeMo Guardrails AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Programmable guardrails. Colang configuration language for custom safety logic. Site
LLM Guard AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Toolkit for securing LLM interactions. Modular input/output scanners. Site
Caldera AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid AI agent supervision platform. Runtime monitoring and control of agent actions. Note: different from MITRE Caldera (Apache 2.0, adversary emulation). Site
XBOW AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid Autonomous offensive security -- expert-level pentesting at machine speed without human intervention. Site
Escape AI Cybersecurity Pentest & Red-Team Agents Proprietary Free + Paid AI-powered API and application security testing discovering business logic flaws. Site
Terra Security AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid First comprehensive agentic AI pentesting platform for web apps with human supervision. Site
PentestGPT AI Cybersecurity Pentest & Red-Team Agents Open Source Free AI-powered pentesting toolkit using LLMs as interactive reasoning copilot. Site
Pentera AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid Automated security validation -- full pentesting lifecycle from discovery to exploitation. Site
Hadrian AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid AI offensive platform continuously mapping attack surfaces and autonomously exploiting vulns. Site
Hexstrike AI AI Cybersecurity Pentest & Red-Team Agents Open Source Free AI pentesting MCP framework with 150+ security tools and 12+ autonomous agents. Site
Mindgard AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid AI pentesting platform specifically testing AI/ML models against adversarial attacks. Site
Burp Suite (Burp AI) AI Cybersecurity Pentest & Red-Team Agents Proprietary Free + Paid Industry-standard web app scanner now with AI-enhanced vulnerability detection. Community free; Pro/Enterprise paid. Site
Nuclei (ProjectDiscovery) AI Cybersecurity Vulnerability, Cloud & DFIR Open Source Free + Paid Scanner with 10K+ YAML templates and AI-assisted template generation. Open-source core; cloud paid. Site
Tenable AI Aware AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Paid Enterprise vuln management covering 65K+ CVEs with AI module for discovering shadow AI. Site
Snyk (AI Security Fabric) AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Free + Paid Developer-first security covering code/containers/IaC + AI models and agents. Site
Aikido Security AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Free + Paid All-in-one DevSecOps combining SAST, DAST, SCA, container scanning with AI prioritisation. Site
Intruder AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Paid Cloud vulnerability scanner with AI-assisted prioritisation for teams without dedicated security. Site
Picus Security AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid BAS platform continuously validating security controls against real-world attack scenarios. Site
AttackIQ AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid Automated adversary emulation with AI-driven security control validation. Site
Cymulate AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid CTEM platform combining BAS, ASM, and automated red teaming with AI optimisation. Site
SafeBreach AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid BAS simulating attacks across full kill chain with 30K+ scenario playbook. Site
Scythe AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid Adversary emulation platform with AI-assisted campaign construction. Site
Maltego AI Cybersecurity Recon & Narrow ML Proprietary Free + Paid Visual link analysis and OSINT with AI-powered relationship mapping across 100+ sources. Community Edition free. Site
SpiderFoot AI Cybersecurity Recon & Narrow ML Open Source Free + Paid Automated OSINT from 200+ data sources. Open-source core; SpiderFoot HX cloud paid. Site
Censys AI Cybersecurity Recon & Narrow ML Proprietary Free + Paid Internet-wide scanning with AI for asset discovery and exposure monitoring. Site
Shodan AI Cybersecurity Recon & Narrow ML Proprietary Free + Paid Search engine for internet-connected devices with ML device fingerprinting. Site
Dreadnode AI Cybersecurity Pentest & Red-Team Agents Source-Available Free + Paid AI-powered offensive security research accelerating vulnerability research and exploit dev. Site
Google Big Sleep AI Cybersecurity Pentest & Red-Team Agents Proprietary Enterprise Google Project Zero AI that autonomously found real-world zero-day vulnerabilities. Site
Huntr (Protect AI) AI Cybersecurity Pentest & Red-Team Agents Proprietary Free World's first bug bounty platform exclusively for AI/ML. 17K+ researchers, 2,520+ CVEs disclosed. Site
HackerOne AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid Leading bug bounty with AI-accelerated triage and researcher matching. Site
Bugcrowd AI Cybersecurity Pentest & Red-Team Agents Proprietary Paid Crowdsourced security with AI matching vulnerability types to specialised researchers. Site
Splunk (Cisco) AI Cybersecurity Detection & Response Proprietary Paid Industry-leading SIEM with agentic AI Triage Agent and AI Playbook Authoring. Site
Microsoft Sentinel AI Cybersecurity Detection & Response Proprietary Paid Cloud-native SIEM/SOAR with Copilot for Security for natural-language hunting. Site
Google SecOps (Chronicle) AI Cybersecurity Detection & Response Proprietary Paid Unified SIEM/SOAR/TI platform with Gemini AI and Mandiant intelligence. Site
SentinelOne Singularity SIEM AI Cybersecurity Detection & Response Proprietary Paid AI-native SIEM with Purple AI for natural-language security analysis. Site
Exabeam AI Cybersecurity Detection & Response Proprietary Paid AI-driven SIEM with best-in-class UEBA for insider threat detection. Site
Hunters AI Cybersecurity Detection & Response Proprietary Paid AI-driven next-gen SIEM investigating multiple alerts simultaneously. Site
Stellar Cyber AI Cybersecurity Detection & Response Proprietary Paid AI-native SecOps combining SIEM, NDR, Open XDR for MSSPs. Site
Microsoft Security Copilot AI Cybersecurity Detection & Response Proprietary Paid AI assistant across Microsoft security portfolio. NL investigation, autonomous agents for phishing/DLP/identity. Site
Torq HyperSOC AI Cybersecurity Detection & Response Proprietary Paid AI-first hyperautomation with Socrates "omni-agent" as autonomous SOC analyst. Site
D3 Security (Morpheus) AI Cybersecurity Detection & Response Proprietary Paid Autonomous AI SOC -- 100% alert coverage, 95% triaged in under 2 minutes. Site
Intezer AI Cybersecurity Detection & Response Proprietary Free + Paid Forensic AI SOC using code-level DNA analysis, endpoint forensics, and reverse engineering. Site
Dropzone AI AI Cybersecurity Detection & Response Proprietary Paid First AI SOC analyst replicating elite analyst techniques. Deploys in 30 minutes. Site
Prophet Security AI Cybersecurity Detection & Response Proprietary Paid Agentic AI SOC Analyst with explainable reasoning. Strong MSSP focus. Site
Exaforce AI Cybersecurity Detection & Response Proprietary Paid Agentic SOC covering full lifecycle from L1 through L3. Site
Radiant Security AI Cybersecurity Detection & Response Proprietary Paid AI SOC scaling existing teams with agentic AI. Site
CrowdStrike (Charlotte AI) AI Cybersecurity Detection & Response Proprietary Paid Industry-leading XDR with Charlotte AI for autonomous cross-platform investigation. Site
SentinelOne (Purple AI) AI Cybersecurity Detection & Response Proprietary Paid Autonomous EDR/XDR using behavioural AI -- no signatures needed. Site
Palo Alto Cortex XSIAM AI Cybersecurity Detection & Response Proprietary Paid AI-driven SecOps unifying SIEM + SOAR + XDR + ASM in single platform. Site
Darktrace AI Cybersecurity Detection & Response Proprietary Paid Self-learning AI detecting novel threats via unsupervised ML -- no rules or signatures. Site
Vectra AI AI Cybersecurity Detection & Response Proprietary Paid AI-driven detection with patented Attack Signal Intelligence. 80%+ alert noise reduction. Site
Microsoft Defender XDR AI Cybersecurity Detection & Response Proprietary Paid Unified XDR across endpoints, identity, email, cloud with AI attack disruption. Site
Abnormal AI AI Cybersecurity Threat Intel & Identity Proprietary Paid Behavioural AI detecting sophisticated social engineering and BEC that bypasses traditional filters. Site
Proofpoint (Nexus AI) AI Cybersecurity Threat Intel & Identity Proprietary Paid Enterprise email security with Nexus AI for multi-layered threat detection. 99.99% stop rate. Site
Sublime Security AI Cybersecurity Threat Intel & Identity Source-Available Free + Paid AI email security with transparent, customisable, open detection engine. Core free/self-host; Enterprise paid. Site
Darktrace / NETWORK AI Cybersecurity Detection & Response Proprietary Paid Self-learning NDR creating bespoke "pattern of life" for every device/user. Site
Vectra AI Platform AI Cybersecurity Detection & Response Proprietary Paid NDR with Attack Signal Intelligence across network, cloud, and identity. Site
ExtraHop Reveal(x) AI Cybersecurity Detection & Response Proprietary Paid Cloud-native NDR with real-time SSL/TLS decryption and AI asset discovery. Site
Corelight AI Cybersecurity Detection & Response Open Source Free + Paid Open NDR on Zeek with AI-enhanced detection and deep forensic evidence. Zeek OSS free; platform paid. Site
Wiz AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Paid Agentless CNAPP with security graph + AI CNAPP securing AI workloads in cloud. Site
Palo Alto Prisma Cloud AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Paid Comprehensive CNAPP with AI-driven risk prioritisation and auto-remediation. Site
Orca Security AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Paid Agentless cloud security with GenAI-powered analyst for investigations. Site
SentinelOne Cloud AI Cybersecurity Vulnerability, Cloud & DFIR Proprietary Paid AI cloud security with Offensive Security Engine simulating real attack paths. Site
Recorded Future AI Cybersecurity Threat Intel & Identity Proprietary Paid AI-powered threat intelligence across open/deep/dark web with predictive capabilities. Site
Google Threat Intelligence (Mandiant) AI Cybersecurity Threat Intel & Identity Proprietary Paid Mandiant expertise + Google visibility + Gemini AI analysis. Site
CrowdStrike Falcon Intelligence AI Cybersecurity Threat Intel & Identity Proprietary Paid AI threat intelligence integrated into Falcon with automated attribution. Site
Anomali ThreatStream AI Cybersecurity Threat Intel & Identity Proprietary Paid 300+ threat feeds with AI correlation and enrichment. Site
CrowdStrike Falcon Identity AI Cybersecurity Threat Intel & Identity Proprietary Paid AI identity security unifying ITDR, PAM, and identity protection. Site
Silverfort AI Cybersecurity Threat Intel & Identity Proprietary Paid Agentless identity security extending MFA to any resource including legacy. Site
Microsoft PyRIT AI Cybersecurity LLM Red-Teaming & Testing Open Source Free AI red teaming toolkit supporting multi-modal adversarial testing. Site
DeepTeam AI Cybersecurity LLM Red-Teaming & Testing Open Source Free 40+ attack simulations covering OWASP LLM Top 10 + built-in guardrails. Site
Promptfoo AI Cybersecurity LLM Red-Teaming & Testing Open Source Free + Paid AI security CLI for red-teaming and evaluating LLMs. 127 Fortune 500 customers. Site
Meta Purple Llama AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free LLM safety tools including CyberSecEval for insecure code detection. Site
IBM ART AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Comprehensive adversarial ML library with 15+ attack categories. Site
NVIDIA Garak AI Cybersecurity LLM Red-Teaming & Testing Open Source Free "Nmap for LLMs" -- probes for hallucination, data leakage, prompt injection, jailbreaks. Site
LLMFuzzer AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Fuzzing framework for LLM applications with CI/CD integration. Site
Giskard AI Cybersecurity LLM Red-Teaming & Testing Open Source Free + Paid AI model testing for vulnerabilities, biases, and regressions. OSS library free; Hub enterprise paid. Site
Protect AI Guardian AI Cybersecurity Model & Supply Chain Security Proprietary Enterprise Scans 35+ ML model formats for malicious code and backdoors. Acquired by Palo Alto Networks. Site
HiddenLayer AI Cybersecurity Model & Supply Chain Security Proprietary Paid End-to-end AI security -- supply chain, model scanning, runtime protection. Gartner Cool Vendor. Site
Cisco AI Defense AI Cybersecurity Model & Supply Chain Security Proprietary Paid AI firewall + algorithmic red teaming + model assessment. Formerly Robust Intelligence. Site
CalypsoAI AI Cybersecurity Model & Supply Chain Security Proprietary Paid Inference-time protection with AI Model Security Leaderboard. Acquired by F5. Site
Holistic AI AI Cybersecurity AI Posture & Governance Proprietary Paid AI governance mapping to EU AI Act, NIST AI RMF, ISO 42001. Site
Trylon Gateway NEW AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Open-source LLM firewall — a self-hosted proxy between your app and OpenAI/Gemini/Claude that blocks prompt injection, redacts PII, and enforces custom policies in real time. Site
Vigil NEW AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Python library and REST API scanning LLM prompts and responses for injections and jailbreaks — layered YARA signatures, transformer classifiers, and vector-similarity detection. Alpha / research status. Site
Prompt Security NEW AI Cybersecurity Prompt Firewalls & Guardrails Proprietary Paid Enterprise GenAI security platform — prompt-injection defence, data-leak prevention, and shadow-AI visibility across employees, applications, and agents. Site
Cloudflare Firewall for AI NEW AI Cybersecurity Prompt Firewalls & Guardrails Proprietary Paid Edge-layer firewall for LLM applications — discovers AI endpoints and detects prompt injection and PII in requests before they reach your model. Site
Lasso Security NEW AI Cybersecurity Prompt Firewalls & Guardrails Proprietary Paid GenAI security platform covering employees, applications, and agents — shadow-AI discovery, DLP for LLM traffic, and jailbreak protection. Site
Harmonic Security NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Zero-touch GenAI data protection — discovers unapproved AI tools and masks or redacts sensitive data in prompts in real time before it reaches the model. Site
WitnessAI NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Agentless, network-level observability of employee AI activity — captures prompts and responses, applies policy, and governs agentic AI at runtime. Site
Cyberhaven NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Data-lineage platform tracing how sensitive data flows into AI tools — unifies DSPM, DLP, and insider risk into one AI and data security platform. Site
Nightfall AI NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Cloud-native GenAI DLP stopping sensitive data being pasted or uploaded into AI chatbots across browser, SaaS, and endpoints, plus shadow-AI discovery. Site
Varonis NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Data-security-first platform (DSPM, classification, blast radius) extended with AI inventory, shadow-AI discovery, posture management, and runtime guardrails. Site
Cyera NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise DSPM for AI — discovers where sensitive data lives across cloud and SaaS and assesses whether and how it can flow into AI tools and workflows. Site
Microsoft Purview NEW AI Cybersecurity Shadow AI & Data Security Proprietary Paid Data security and governance for Microsoft estates — sensitivity labels, DLP, and Copilot AI usage visibility and controls across Microsoft 365. Site
Netskope NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise SSE platform with GenAI app security — discovers sanctioned and shadow AI apps and enforces real-time, granular usage and data policies inline. Site
Zscaler NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Zero-trust platform with AI asset management — inventories the organisation's AI footprint including AI embedded in SaaS, with inline prompt inspection and DLP. Site
LayerX NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Agentless browser-extension security turning any browser into a governed workspace — shadow-AI visibility and real-time prompt-level DLP. Site
Reco NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Identity-centric SaaS security discovering shadow AI by mapping AI tools and integrations to human and non-human identities across the SaaS estate. Site
Grip Security NEW AI Cybersecurity Shadow AI & Data Security Proprietary Enterprise Identity-driven SaaS and AI discovery and governance — finds AI apps via identity and access data, then enforces SSO, offboarding, and access revocation. Site
Wiz AI-SPM NEW AI Cybersecurity AI Posture & Governance Proprietary Enterprise AI security posture management in a CNAPP — discovers AI models, pipelines, and shadow AI across clouds, then prioritises misconfigurations via attack-path analysis. Site
Prisma AIRS NEW AI Cybersecurity AI Posture & Governance Proprietary Enterprise Palo Alto's end-to-end AI security platform — model scanning and posture management plus runtime defence, automated AI red-teaming, and AI agent security. Site
Credo AI NEW AI Cybersecurity AI Posture & Governance Proprietary Enterprise Dedicated AI governance platform — risk assessments, policy packs, auto-generated model cards, and third-party AI vendor risk management. Site
OneTrust NEW AI Cybersecurity AI Posture & Governance Proprietary Enterprise Privacy and GRC platform with AI governance — unified AI asset inventory, automated intake, risk assessment and approval workflows, continuous oversight. Site
IBM watsonx.governance NEW AI Cybersecurity AI Posture & Governance Proprietary Paid Enterprise AI lifecycle governance — bias and drift detection, explainability, and regulatory applicability assessment including the EU AI Act. Site
Vanta NEW AI Cybersecurity AI Posture & Governance Proprietary Paid Compliance automation with continuous control monitoring and framework support including the EU AI Act and ISO 42001. Site
Drata NEW AI Cybersecurity AI Posture & Governance Proprietary Paid Compliance automation for the EU AI Act — automated evidence collection, real-time control monitoring, and cross-framework mapping. Site
AI Fairness 360 NEW AI Cybersecurity AI Posture & Governance Open Source Free Open-source toolkit of metrics and algorithms to detect and mitigate bias in ML models and datasets across the AI lifecycle. Site
Fairlearn NEW AI Cybersecurity AI Posture & Governance Open Source Free Open-source Python toolkit to assess and improve fairness of ML models, with mitigation algorithms and disparity dashboards. Site
Reality Defender NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Multimodal deepfake detection API and platform scoring video, audio, and images in real time across contact-centre, KYC, hiring, and exec-comms workflows. Site
Sensity AI NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Multilayer forensic analysis of video, image, and audio deepfakes via web app, API, and SDK, with sub-second verdicts and KYC liveness integration. Site
Pindrop NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Voice and video fraud detection flagging cloned or synthetic audio in live calls and meetings, built for contact centres and enterprise comms. Site
Hive AI NEW AI Cybersecurity Deepfake Detection Proprietary Free + Paid Developer-friendly APIs detecting AI-generated or manipulated images, video, and audio at scale, with confidence scores for moderation and fraud pipelines. Site
Intel FakeCatcher NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Real-time video deepfake detector reading photoplethysmography blood-flow signals in facial pixels to verify a live human on camera in milliseconds. Site
GetReal Security NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Content authentication and deepfake forensics protecting enterprises from social engineering, voice scams, and impersonation in high-stakes workflows. Site
Sumsub NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Identity verification platform whose liveness engine flags deepfaked selfies and manipulated media during KYC onboarding worldwide. Site
iProov NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Biometric liveness verification providing genuine-presence assurance, blocking presentation attacks and deepfake injection in face-based identity checks. Site
AU10TIX NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Automated ID document and face verification with deepfake and synthetic-identity detection built into high-volume onboarding flows. Site
Modulate Velma NEW AI Cybersecurity Deepfake Detection Proprietary Free + Paid Synthetic-voice detection for live calls and recorded audio — public basic version plus a higher-accuracy commercial API tier. Site
Arya.ai NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Cross-modal deepfake detection API scanning selfies, video, and audio in real time for identity fraud and spoofing. Site
CloudSEK NEW AI Cybersecurity Deepfake Detection Proprietary Enterprise Digital risk platform combining deepfake and impersonation detection with threat intel, brand monitoring, and dark-web visibility for early warning. Site
Deepware Scanner NEW AI Cybersecurity Deepfake Detection Open Source Free Free deepfake video scanner (web, API, and open-source SDK) analysing uploaded files or URLs for facial manipulation and lip-sync anomalies. Site
DeepFake-o-Meter NEW AI Cybersecurity Deepfake Detection Open Source Free Academic open platform bundling many state-of-the-art detection models for images, video, and audio behind one upload-and-analyse interface. Site
nuclei-autotriage AI Cybersecurity Detection & Response Open Source Free Two-stage LLM triage (falsifier + red-team pass) of Nuclei JSONL findings via OpenAI-compatible endpoints (vLLM/Ollama). Site
seclab-taskflow-agent AI Cybersecurity Detection & Response Open Source Free YAML-driven taskflow agent framework for triaging CodeQL/SAST alerts and filtering false positives. Site
honeyslop AI Cybersecurity Detection & Response Open Source Free Code-canary decoys to triage AI-hallucinated ("slop") vulnerability reports flooding bug-bounty programs. Site
nano-analyzer AI Cybersecurity Detection & Response Open Source Free Minimal three-stage LLM pipeline (context → scan → skeptical triage) for zero-day discovery in C/C++. Site
SigmaOptimizer AI Cybersecurity Detection & Response Open Source Free Generates, tests, and refines Sigma rules from real logs with false-positive checking. Site
AI-Infra-Guard AI Cybersecurity Agent & MCP Security Open Source Free Full-stack AI red-teaming platform covering OpenClaw security scan, agent scan, skills scan, MCP scan, AI-infra vulnerability scan, and LLM jailbreak evaluation. Site
SkillSpector AI Cybersecurity Agent & MCP Security Open Source Free Security scanner for AI-agent skills used by Claude Code, Codex CLI, Gemini CLI, and similar ecosystems; combines static analysis, AST/YARA/taint checks, optional LLM semantic review, MCP least-privilege/tool-poisoning checks, risk scoring, and SARIF/JSON/Markdown output. Site
agent-scan AI Cybersecurity Agent & MCP Security Open Source Free Security scanner for AI agents, MCP servers, and agent skills; the successor path for the original Invariant Labs mcp-scan work. Site
AgentShield AI Cybersecurity Agent & MCP Security Open Source Free Security scanner for AI-agent configurations, MCP servers, hooks, and tool permissions with CLI, GitHub Action, and app workflows. Site
skill-scanner AI Cybersecurity Agent & MCP Security Source-Available Free + Paid Scanner for agent skills combining YAML + YARA patterns, LLM-as-a-judge, and behavioral dataflow analysis (Codex / Cursor skill formats). Site
mcp-scanner AI Cybersecurity Agent & MCP Security Open Source Free Scanner for MCP servers and agentic tool surfaces, covering tools, prompts, resources, package risk, malware indicators, and deployment readiness. Site
agentic-radar AI Cybersecurity Agent & MCP Security Source-Available Free + Paid CLI security scanner for agentic workflows (LangGraph, CrewAI, n8n, etc.) — maps tools/data flows and flags risks. Site
MCP-Security-Checklist AI Cybersecurity Agent & MCP Security Open Source Free Security checklist for MCP clients, servers, multi-MCP deployments, lifecycle controls, authz/authn, isolation, and crypto-specific MCP integrations. Site
Anthropic-Cybersecurity-Skills AI Cybersecurity Agent & MCP Security Open Source Free Large community cybersecurity skill library for AI agents, mapped to MITRE ATT&CK, NIST CSF, MITRE ATLAS, D3FEND, and NIST AI RMF. Site
Claude-BugHunter AI Cybersecurity Agent & MCP Security Open Source Free Claude Code / agent-skill bundle for authorized bug hunting and external red-team workflows across web, API, identity, cloud, recon, reporting, Burp MCP, slash commands, and the cbh CLI. Site
AgentDojo AI Cybersecurity Agent & MCP Security Open Source Free Benchmark environment for prompt-injection attacks and defenses in tool-using LLM agents. Site
ToolHive AI Cybersecurity Agent & MCP Security Open Source Free Platform for running MCP servers in isolated containers with per-request identity/access policy, registry and gateway workflows, audit logs, Kubernetes operator support, and observability hooks. Site
Pipelock AI Cybersecurity Agent & MCP Security Open Source Free AI-agent firewall and verifiable egress-control layer mediating HTTP, WebSocket, CONNECT, MCP, and A2A traffic to detect prompt injection, secret exfiltration, SSRF, and suspicious outbound actions. Site
onecli AI Cybersecurity Agent & MCP Security Open Source Free Credential gateway and encrypted vault for AI agents; injects real API credentials at the gateway so agents only see placeholder keys. Site
microsandbox AI Cybersecurity Agent & MCP Security Open Source Free Local-first, microVM-backed programmable sandboxes for AI agents with SDKs, CLI, MCP support, and rootless hardware isolation. Site
defenseclaw AI Cybersecurity Agent & MCP Security Source-Available Free + Paid Enforcement and evidence layer for agentic deployments: static CodeGuard checks, sandboxing, registry ingestion with SSRF guards, and audit/observability. Site
clawsec AI Cybersecurity Agent & MCP Security Open Source Free Security skill suite for OpenClaw-family agents; AGPL-3.0 licensed. Site
Adversarial Robustness Toolbox (ART) AI Cybersecurity Model & Supply Chain Security Open Source Free Flagship machine-learning security library for evaluating and defending models against evasion, poisoning, extraction, and inference attacks across major ML frameworks. Site
Foolbox AI Cybersecurity Model & Supply Chain Security Open Source Free Classic Python toolbox for generating adversarial examples and benchmarking robustness of PyTorch, TensorFlow, and JAX models. Site
modelscan AI Cybersecurity Model & Supply Chain Security Open Source Free Scans ML model files for unsafe serialization patterns and embedded code, with a focus on model serialization attacks. Site
Fickling AI Cybersecurity Model & Supply Chain Security Open Source Free Python pickle decompiler, rewriter, and static analyzer for inspecting and detecting malicious pickle/PyTorch payloads. Site
Medusa AI Cybersecurity Model & Supply Chain Security Open Source Free AI-first security scanner for AI/ML repos, agents, and MCP surfaces; AGPL-3.0 licensed. Site
gym-malware AI Cybersecurity Model & Supply Chain Security Open Source Free OpenAI Gym environment for reinforcement-learning agents that mutate PE malware to evade static ML malware detectors. Site
deep-pwning AI Cybersecurity Model & Supply Chain Security Open Source Free Historical "Metasploit for machine learning" framework for experimenting with adversarial robustness of ML models. Site
GuardDog AI Cybersecurity Model & Supply Chain Security Open Source Free CLI for detecting malicious PyPI, npm, Go, RubyGems, GitHub Actions, and VSCode extension packages using Semgrep rules and package-metadata heuristics. Site
package-analysis AI Cybersecurity Model & Supply Chain Security Open Source Free Sandboxed static/dynamic analysis pipeline for open-source packages, capturing filesystem, process, and network behavior and publishing data for malicious-package research. Site
PentAGI AI Cybersecurity Pentest & Red-Team Agents Open Source Free Fully autonomous multi-agent pentest framework with Docker sandboxing. Site
CAI – Cybersecurity AI AI Cybersecurity Pentest & Red-Team Agents Source-Available Free + Paid Modular, bug-bounty-ready agent framework supporting 300+ LLM models. MIT for research; separate commercial license for production/on-prem. Site
Strix AI Cybersecurity Pentest & Red-Team Agents Open Source Free Autonomous "AI hackers" that dynamically run code and validate vulnerabilities with PoCs (Apache-2.0). Site
hackingBuddyGPT AI Cybersecurity Pentest & Red-Team Agents Open Source Free Minimal (~50 LOC) research framework for LLM-driven Linux priv-esc and web pentesting (FSE'23). Site
Nebula AI Cybersecurity Pentest & Red-Team Agents Source-Available Free + Paid AI pentesting CLI assistant with local-LLM support (Llama-3.1, Mistral, DeepSeek). Site
Burp Suite MCP Server AI Cybersecurity Pentest & Red-Team Agents Open Source Free Official Burp Suite extension exposing Burp to AI clients through MCP. Site
pentest-ai AI Cybersecurity Pentest & Red-Team Agents Open Source Free Offensive-security MCP server with 200+ wrapped tools, specialist agents, and OWASP-oriented probes for authorized testing. Site
pentest-ai-agents AI Cybersecurity Pentest & Red-Team Agents Open Source Free Collection of Claude Code offensive-security subagents for authorized penetration-testing research. Site
DarkMoon AI Cybersecurity Pentest & Red-Team Agents Open Source Free Autonomous AI penetration-testing platform that orchestrates specialized web, AD, Kubernetes, CMS, and framework agents through an MCP-controlled Docker toolbox with local privacy-tokenization for sensitive target data. Site
T3MP3ST AI Cybersecurity Pentest & Red-Team Agents Open Source Free Autonomous offensive-security meta-harness that wraps local or API-backed coding agents into a multi-agent recon-to-exploit workflow with MCP/API, War Room UI, tool arsenal, and committed benchmark artifacts. Site
Shannon AI Cybersecurity Pentest & Red-Team Agents Source-Available Free + Paid White-box autonomous AI pentester with strong XBOW-benchmark results. *Shannon Lite is AGPL-3.0; Shannon Pro is commercial.* Site
PentestAgent AI Cybersecurity Pentest & Red-Team Agents Open Source Free Black-box AI pentest framework with MCP, multi-agent spawning, and persistent sessions. Site
Pentest-Swarm-AI AI Cybersecurity Pentest & Red-Team Agents Open Source Free Swarm-intelligence multi-agent pentest with stigmergic blackboard coordination (Go). Site
hackGPT AI Cybersecurity Pentest & Red-Team Agents Open Source Free LLM offensive-security toolkit. Site
regulator AI Cybersecurity Recon & Narrow ML Open Source Free Learns and ranks regex-like naming patterns from known subdomains to generate likely new candidates. Site
eyeballer AI Cybersecurity Recon & Narrow ML Open Source Free Convolutional neural network that classifies pentest/recon screenshots (login pages, webapps, old-looking sites, parked domains, and custom 404s) for attack-surface triage. Site
GyoiThon AI Cybersecurity Recon & Narrow ML Open Source Free Machine-learning-assisted web intelligence tool that fingerprints products, versions, CVEs, login pages, debug messages, and related web-server signals from HTTP responses. Site
ffufai AI Cybersecurity Recon & Narrow ML Open Source Free AI wrapper around the ffuf web fuzzer that suggests file extensions and paths from the target URL and headers using OpenAI or Anthropic models. Site
PassGAN AI Cybersecurity Recon & Narrow ML Open Source Free WGAN that learns password distributions from leaks to generate guesses; historical reference implementation of the PassGAN paper (MIT). Site
Phishing Email Detection DistilBERT v2.4.1 AI Cybersecurity Recon & Narrow ML Open Source Free DistilBERT text-classification model for email and URL phishing detection, trained on a public Hugging Face phishing-email dataset. Site
Vulnhuntr AI Cybersecurity Code Security & Fuzzing Open Source Free Zero-shot vulnerability discovery in Python repos via LLM call-chain analysis; credited with a 0-day RCE in Ragflow. Site
deepsec AI Cybersecurity Code Security & Fuzzing Open Source Free Agent-powered security harness for scanning large codebases with coding agents, resumable parallel runs, custom matchers, and optional revalidation. Site
claude-code-security-review AI Cybersecurity Code Security & Fuzzing Source-Available Free + Paid Official Claude-based semantic SAST GitHub Action that reviews PR diffs. Site
IRIS AI Cybersecurity Code Security & Fuzzing Open Source Free Neurosymbolic SAST combining LLMs with CodeQL for Java vulnerability detection (MIT). Site
sast-skills AI Cybersecurity Code Security & Fuzzing Open Source Free Agent skills that turn AI coding assistants into a multi-agent SAST scanner. Site
oss-fuzz-gen AI Cybersecurity Code Security & Fuzzing Open Source Free LLM-driven fuzz-harness generation for OSS-Fuzz; reported 26 real vulnerabilities (incl. CVE-2024-9143 in OpenSSL). Site
ChatAFL AI Cybersecurity Code Security & Fuzzing Open Source Free LLM-guided protocol fuzzing extending AFLNet (NDSS'24). Site
ps-fuzz AI Cybersecurity LLM Red-Teaming & Testing Source-Available Free + Paid System-prompt hardening fuzzer; 16 attacks × 16 providers. Site
FuzzyAI AI Cybersecurity LLM Red-Teaming & Testing Source-Available Free + Paid Automated LLM fuzzer for jailbreaks/prompt injection. Site
promptmap AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Prompt-injection scanner for custom LLM applications in white-box and black-box modes; GPL-3.0 licensed. Site
TI-Mindmap-GPT AI Cybersecurity Threat Intel & Identity Open Source Free Streamlit app: AI summaries, mindmaps, IOC/TTP extraction, and ATT&CK Navigator layers. Site
aiocrioc AI Cybersecurity Threat Intel & Identity Open Source Free LLM + OCR IOC extraction (pulls IOCs from images/PDFs). Site
ThreatIngestor AI Cybersecurity Threat Intel & Identity Open Source Free Extracts/aggregates IOCs from feeds; integrates with MISP/ThreatKB (pairs well with LLM post-processing). Site
IATelligence AI Cybersecurity Threat Intel & Identity Open Source Free Explains imported Windows APIs in PE files via GPT and maps to MITRE ATT&CK. Site
MCP_Security AI Cybersecurity Threat Intel & Identity Open Source Free MCP server (ORKL) for querying the ORKL threat-intel API. Site
soctalk AI Cybersecurity Detection & Response Open Source Free LangGraph SOC automation agent with MCP integrations for Wazuh, Cortex, TheHive, and MISP plus mock-agent test lab. Site
Vigil SOC AI Cybersecurity Detection & Response Open Source Free Open-source AI SOC with readable Python agents, Markdown playbooks, and MCP integrations for triage, investigation, hunting, response, reporting, and forensics. Site
agentic-soc-platform AI Cybersecurity Detection & Response Open Source Free Agentic SOC platform (LangGraph/Dify) with local-LLM support. Site
SigmAIQ AI Cybersecurity Detection & Response Open Source Free pySigma wrapper and LangChain toolkit for automatic Sigma rule creation and translation; LGPL-2.1 licensed. Site
AttackGen AI Cybersecurity Detection & Response Open Source Free LLM-driven incident-response scenario generator using MITRE ATT&CK + ATLAS. Site
Gepetto AI Cybersecurity Reverse Engineering Open Source Free IDA Pro plugin: GPT adds comments and meaningful variable names. Site
ida-pro-mcp AI Cybersecurity Reverse Engineering Open Source Free MCP bridge for IDA Pro exposing decompile, disassemble, xref, rename, and debugging workflows to LLM clients. Site
GhidraMCP AI Cybersecurity Reverse Engineering Open Source Free MCP server exposing Ghidra reverse-engineering ops to any MCP-capable LLM. Site
ReVa AI Cybersecurity Reverse Engineering Open Source Free Ghidra-focused reverse-engineering assistant with MCP support, Claude Skills integration, and long-form analysis workflows. Site
GhidrAssistMCP AI Cybersecurity Reverse Engineering Open Source Free Native Ghidra MCP extension with broad tool coverage, headless support, and security-sensitive tool gating. Site
ghidra-mcp AI Cybersecurity Reverse Engineering Open Source Free Ghidra MCP server with large tool coverage, GUI plugin, headless server, and lazy tool loading. Site
LLM4Decompile AI Cybersecurity Reverse Engineering Open Source Free Research project for binary-to-C decompilation with LLMs; code is MIT, but model weights use a more restrictive license. Site
burpgpt AI Cybersecurity Reverse Engineering Open Source Free Burp Suite extension integrating GPT for passive scanning. Site
agentic_security AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Agentic LLM vulnerability scanner and AI red-team kit for jailbreaks, prompt injection, fuzzing, and API stress testing. Site
Guardrails AI AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Python framework for adding input/output guards, validators, structured-output controls, and Guardrails Hub checks to LLM applications. Site
LangKit AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free LLM monitoring toolkit extracting safety/security signals such as jailbreak similarity, prompt-injection similarity, hallucination checks, PII patterns, toxicity, and refusal metrics. Site
Rebuff AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Archived prompt-injection detector (heuristics + LLM + vector DB + canary tokens). Site
Counterfit AI Cybersecurity LLM Red-Teaming & Testing Open Source Free ML/AI penetration-testing automation tool. Site
AI-Red-Teaming-Playground-Labs AI Cybersecurity LLM Red-Teaming & Testing Open Source Free CTFd-based AI red-team training challenges. Site
EasyJailbreak AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Framework for building and testing adversarial jailbreak prompts. Site
TextAttack AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Python framework for adversarial attacks, data augmentation, and training for NLP models; useful for robustness testing beyond chat-only LLM scanners. Site
GPTFuzz AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Research framework for red-teaming LLMs with auto-generated jailbreak prompts. Site
HarmBench AI Cybersecurity LLM Red-Teaming & Testing Open Source Free ICML 2024 standardized evaluation framework for automated red-teaming and robust-refusal benchmarking. Site
llm-attacks (GCG) AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Canonical Greedy Coordinate Gradient adversarial-suffix attack implementation for transferable attacks on aligned language models. Site
JailbreakBench AI Cybersecurity LLM Red-Teaming & Testing Open Source Free NeurIPS 2024 open robustness benchmark and leaderboard for generating and defending against LLM jailbreaks. Site
llm-security AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Original PoC for indirect prompt-injection attacks. Site
prompt-injection-defenses AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Curated catalog of practical defenses against prompt injection. Site
DeBERTa v3 Prompt Injection v2 AI Cybersecurity Prompt Firewalls & Guardrails Open Source Free Apache-licensed prompt-injection classifier usable via Transformers pipelines and ONNX. Site
Prompt Guard 86M AI Cybersecurity Prompt Firewalls & Guardrails Source-Available Free Meta prompt-injection and jailbreak classifier from the Llama Guard family. Site
SecGPT AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Open cybersecurity-tuned LLM family for vulnerability analysis, log/traffic investigation, anomaly detection, attack/defense reasoning, command analysis, and security Q&A. Site
Trendyol Cybersecurity LLM v2 70B AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Defense-focused cybersecurity LLM based on Llama-3.3-70B, trained on an alignment-safe security instruction dataset for SOC, cloud, AppSec, detection, and vulnerability-management workflows. Site
WhiteRabbitNeo 2.5 Qwen Coder 7B AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Cybersecurity-oriented Qwen2.5-Coder fine-tune positioned for offensive and defensive security assistance. Site
Lily-Cybersecurity-7B-v0.2 AI Cybersecurity LLM Red-Teaming & Testing Open Source Free Mistral-7B-Instruct fine-tune for cybersecurity assistance, trained on hand-crafted security and hacking-related instruction pairs. Site
Beelzebub AI Cybersecurity Detection & Response Open Source Free Low-code honeypot using LLMs to simulate SSH/HTTP/MCP services (Go). Site
DECEIVE AI Cybersecurity Detection & Response Open Source Free Proof-of-concept LLM-powered SSH honeypot that evaluates sessions as benign, suspicious, or malicious. Site
shelLM AI Cybersecurity Detection & Response Open Source Free LLM-powered SSH honeypot (paper *"LLM in the Shell"*). Site
VelLMes AI Cybersecurity Detection & Response Open Source Free Multi-protocol LLM honeypot framework (successor to shelLM). Site
llm-honeypot AI Cybersecurity Detection & Response Open Source Free Cowrie SSH honeypot extended with prompt-injection traps to detect LLM hacker agents. Site
SWE-agent (EnIGMA) AI Cybersecurity Pentest & Red-Team Agents Open Source Free EnIGMA offensive-CTF mode; SOTA on NYU CTF, InterCode-CTF, and Cybench (v0.7 branch). Site
inspect_evals AI Cybersecurity Pentest & Red-Team Agents Open Source Free Maintained Inspect AI evaluation suite containing multiple cyber benchmarks and tasks. Site
Damn Vulnerable LLM Agent AI Cybersecurity Pentest & Red-Team Agents Open Source Free Deliberately vulnerable LangChain ReAct agent for practicing prompt-injection and Thought/Action/Observation injection attacks. Site
claude-bug-bounty AI Cybersecurity Pentest & Red-Team Agents Open Source Free Claude Code plugin orchestrating recon → vuln classes → reporting. Site
ai-exploits AI Cybersecurity Pentest & Red-Team Agents Open Source Free Real-world AI/ML exploits (Metasploit modules + Nuclei templates) for MLflow, Ray, H2O. Site
EscalateGPT AI Cybersecurity Vulnerability, Cloud & DFIR Open Source Free GPT-based discovery of privilege-escalation paths in AWS IAM policies. Site
llm_osint AI Cybersecurity Vulnerability, Cloud & DFIR Open Source Free Proof-of-concept LLM OSINT framework using knowledge and web agents for internet research workflows. Site
ai_osint AI Cybersecurity Vulnerability, Cloud & DFIR Open Source Free Curated AI-OSINT dorks, queries, and techniques for discovering exposed LLM and AI infrastructure. Site
mcp-dnstwist AI Cybersecurity Vulnerability, Cloud & DFIR Open Source Free MCP server for dnstwist DNS fuzzing to support typosquatting, phishing, and lookalike-domain analysis. Site
osintgpt AI Cybersecurity Vulnerability, Cloud & DFIR Open Source Free OpenAI embeddings + Qdrant over OSINT corpora. Site

Frequently asked questions

What are AI security tools?

AI security tools use machine learning or large language models to do security work — finding vulnerabilities, running penetration tests, triaging SOC alerts, detecting threats — or they secure AI systems themselves: guarding LLMs against prompt injection and jailbreaks, auditing AI agents and MCP servers, and protecting the AI/ML supply chain. This map covers both sides.

What's the difference between AI for security and securing AI?

AI for security applies AI to classic security jobs: pentest and red-team agents, AI-powered SAST, detection and response, threat intelligence. Securing AI protects the AI itself: LLM red-teaming and guardrails, prompt-injection defence, model and supply-chain security, and agent/MCP security. The categories here keep the two sides distinct so you can filter for either.

What are the best AI penetration testing tools?

The Pentest & Red-Team Agents category compares autonomous pentest agents and AI-assisted offensive tools side by side — from open-source agents like PentestGPT and CAI to commercial platforms. Filter by licensing to see only open-source options, or by cost to compare commercial pricing models.

Are these AI security tools open source?

Many are — this map is curated from both commercial security platforms and the open-source ecosystem (only notable, actively maintained projects make the cut). Every tool is tagged by licensing and cost, so one click shows only open-source or only free tools.

How is this AI security tool list kept up to date?

It's a living map maintained by StationX, refreshed regularly as tools launch and the ecosystem shifts. Open-source entries are re-synced from a curated upstream list with a notability bar (GitHub stars and maintenance), so abandoned projects drop out and new flagship tools appear.

New to building with AI? Start with the free book.

Become the Cyber Security Expert the AI Era Demands — our free web-book on directing AI to build real, secure systems.

Read the free book →

A living map maintained by StationX. Tools move fast — categories overlap, and many tools span several. Spotted something missing or out of date? This list is updated regularly.