AgentGuardX is an open-source red team toolkit for testing the security of LLM-powered agents — before real attackers exploit them.
Like OWASP ZAP for web · Burp Suite for APIs · Metasploit for infra —
but for AI Agents
As LLM agents become autonomous — browsing the web, executing shell commands, reading files, calling APIs — they introduce an entirely new class of vulnerabilities that traditional security tools cannot detect.
AgentGuardX lets you attack your own agent first. Find prompt injection vectors, memory poisoning paths, tool abuse chains, and privilege escalation scenarios before a real attacker does.
Tests Web App Security
Tests API Security
Tests Infrastructure
Tests AI Agent Security
Every surface an AI agent touches is a potential attack vector. We test them all.
Inject malicious instructions through tool outputs, user input, web content, or retrieved documents to hijack agent behavior and override system prompts.
Corrupt an agent's long-term memory or vector store with adversarial embeddings, causing persistent misbehavior across future sessions and conversations.
Manipulate an agent into misusing its own tools — triggering shell commands, making unauthorized API calls, or escalating filesystem access beyond intended scope.
Exploit agents with browsing capabilities through malicious web content, clickjacking, hidden instructions in page metadata, and adversarial HTML/CSS tricks.
Test path traversal, file exfiltration, and unauthorized write operations when an agent has filesystem access. Includes zip bomb and encoding attacks.
Attempt to elevate agent permissions through role confusion, multi-turn jailbreaking, persona switching, and context-window overflow techniques.
Probe whether sensitive data (API keys, PII, internal docs) can be extracted through crafted prompts, covert channels, or output manipulation attacks.
Assess risks from poisoned tools, compromised MCP servers, and adversarial plugins injected into multi-agent pipelines and tool ecosystems.
In orchestrator-subagent architectures, test whether a compromised subagent can manipulate the parent agent, poison shared context, or cause cascading failures.
Run an attack suite against your agent in under 2 minutes.
| Agent Name | Target URL | Timestamp | Modules Tested | Vulnerabilities Found | On-Chain Hash | Status |
|---|---|---|---|---|---|---|
| Loading scan records... | ||||||
Point AgentGuardX at your agent endpoint via API, Python SDK, or direct integration with LangChain, AutoGen, CrewAI, and more.
Choose from 12+ attack modules based on your agent's capabilities — tools, memory, browser access, filesystem, and more.
AgentGuardX fires adversarial payloads at your agent and observes behavior, tool calls, output, and side effects in real time.
Receive a severity-ranked vulnerability report with exploit PoCs, remediation steps, and an immutable on-chain audit log via Base.
| Feature | Description | Integrations | Status |
|---|---|---|---|
| Prompt Injection Scanner | Direct & indirect PI testing across 40+ payload variants | All LLMs | Stable |
| Tool Call Interceptor | Intercept and analyze every tool invocation for abuse patterns | LangChain, AutoGen | Stable |
| Memory Fuzzer | Adversarial embeddings injected into vector stores | Chroma, Pinecone, Weaviate | Beta |
| Browser Agent Tester | Malicious page payloads for agents with web access | Playwright, Puppeteer | Stable |
| Filesystem Probe | Path traversal, exfiltration, and write exploit chains | Any FS-enabled agent | Stable |
| Multi-Agent Orchestrator Test | Cross-agent prompt smuggling and context poisoning | CrewAI, AutoGen | Beta |
| On-Chain Audit Log | Immutable scan records stored on Base blockchain | Base Mainnet | Stable |
| CI/CD Pipeline Plugin | Run AgentGuardX scans as part of your deployment pipeline | GitHub Actions, GitLab CI | Beta |
| MCP Server Analyzer | Detect poisoned or malicious MCP tool providers | MCP Protocol | Coming Soon |
| Pentest Report Generator | Professional PDF/HTML reports with CVSS scores and PoCs | — | Stable |
Every vulnerability scan produces an immutable, verifiable on-chain record — bringing transparency and accountability to AI Agent security auditing.
AgentGuardX logs every scan, finding, and audit trail to Base Mainnet — creating a tamper-proof security record that teams and compliance officers can verify independently.
Every scan result is hashed and written to Base. No one — not even you — can alter a past security report.
Generate verifiable proof-of-security-testing for SOC2, ISO 27001, and AI governance frameworks.
Opt-in to share sanitized findings to the AgentGuardX community registry — powered by Base smart contracts.
Issue verifiable on-chain security certificates for agents that pass all test suites. Mint on Base.