Tencent / AI-Infra-Guard

Documentation | 中文 🚀 AI Red Teaming Platform by Tencent Zhuque Lab **A.I.G (AI-Infra-Guard)** integrates capabilities such as ClawScan(OpenClaw Security Scan), Agent Scan，AI infra vulnerability scan, MCP Server & Agent Skills scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination. We are committed to making A.I.G(AI-Infra-Guard) the industry-leading AI red teaming platform. More stars help this project reach a wider audience, attracting more developers to contribute, which accelerates iteration and improvement. Your star is crucial to us! 🚀 What's New in v4.0: The Era of Agent Security We are thrilled to announce **AI-Infra-Guard v4.0**, which expands our security boundaries from AI infrastructure to the **Autonomous Agent Ecosystem**. This release introduces two major independent modules: • 🛡️ **OpenClaw Security Scan**: Supports one-click evaluation of OpenClaw security risks, featuring detection for insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage. It is officially powered by the core security engine from Tencent Zhuque Lab, with Skill security intelligence data co-built in collaboration with Tencent Keen Security Lab. • 🤖 **Agent-Scan**: A brand-new, independent multi-agent automated scanning framework designed to evaluate the security of AI agent workflows running across various platforms (Dify, Coze, etc.). 👉 Try EdgeOne ClawScan Table of Contents • 🚀 Quick Start • ✨ Features • 🖼️ Showcase • 📖 User Guide • 🔧 API Documentation • 📝 Contribution Guide • 🙏 Acknowledgements • 💬 Join the Community • 📖 Citation • 📚 Related Papers • 📄 License • ⚖️ License & Attribution 🚀 Quick Start Deployment with Docker | Docker | RAM | Disk Space | |:-------|:----|:----------| | 20.10 or higher | 4GB+ | 10GB+ | Once the service is running, you can access the A.I.G web interface at: 📦 More installation options Other Installation Methods **Method 2: One-Click Install Script （Recommended）** **Method 3: Build and run from source** Note: The AI-Infra-Guard project is positioned as an AI red teaming platform for internal use by enterprises or individuals. It currently lacks an authentication mechanism and should not be deployed on public networks. For more information, see: https://tencent.github.io/AI-Infra-Guard/?menu=getting-started Try the Online Pro Version Experience the Pro version with advanced features and improved performance. The Pro version requires an invitation code and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: https://aigsec.ai/. ✨ Features | Feature | More Info | |:--------|:------------| | **ClawScan(OpenClaw Security Scan)** | Supports one-click evaluation of OpenClaw security risks. It detects insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage. | | **Agent Scan** | This is an independent, multi-agent automated scanning framework. It is designed to evaluate the security of AI agent workflows. It seamlessly supports agents running across various platforms, including Dify and Coze. | | **MCP Server & Agent Skills scan** | It thoroughly detects 14 major categories of security risks. The detection applies to both MCP Servers and Agent Skills. It flexibly supports scanning from both source code and remote URLs. | | **AI infra vulnerability scan** | This scanner precisely identifies over 43 AI framework components. It covers more than 589 known CVE vulnerabilities. Supported frameworks include Ollama, ComfyUI, vLLM, n8n, Triton Inference Server and more. | | **Jailbreak Evaluation** | It assesses prompt security risks using carefully curated datasets. The evaluation applies multiple attack methods to test robustness. It also provides detailed cross-model comparison capabilities. | 💎 Additional Benefits • 🖥️ **Modern Web Interface**: User-friendly UI with one-click scanning and real-time progress tracking • 🔌 **Complete API**: Full interface documentation and Swagger specifications for easy integration • 🌐 **Multi-Language**: Chinese and English interfaces with localized documentation • 🐳 **Cross-Platform**: Linux, macOS, and Windows support with Docker-based deployment • 🆓 **Free & Open Source**: Completely free under the MIT license 🖼️ Showcase A.I.G Main Interface Plugin Management 📖 User Guide Visit our online documentation: https://tencent.github.io/AI-Infra-Guard/ For more detailed FAQs and troubleshooting guides, visit our documentation. 🔧 API Documentation A.I.G provides a comprehensive set of task creation APIs that support AI infra scan, MCP Server Scan, and Jailbreak Evaluation capabilities. After the project is running, visit to view the complete API documentation. For detailed API usage instructions, parameter descriptions, and complete example code, please refer to the Complete API Documentation. 📝 Contribution Guide The extensible plugin framework​​ serves as A.I.G's architectural cornerstone, inviting community innovation through Plugin and Feature contributions.​ Plugin Contribution Rules • **Fingerprint Rules**: Add new YAML fingerprint files to the directory. • **Vulnerability Rules**: Add new vulnerability scan rules to the directory. • **MCP Plugins**: Add new MCP security scan rules to the directory. • **Jailbreak Evaluation Datasets**: Add new Jailbreak evaluation datasets to the directory. Please refer to the existing rule formats, create new files, and submit them via a Pull Request. Other Ways to Contribute • 🐛 Report a Bug • 💡 Suggest a New Feature • ⭐ Improve Documentation 🙏 Acknowledgements 🎓 Academic Collaborations We extend our sincere appreciation to our academic partners for their exceptional research contributions and technical support. Prof. hui Li Bin Wang Ze…