[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-72247":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":46,"readmeContent":47,"aiSummary":48,"trendingCount":16,"starSnapshotCount":16,"syncStatus":49,"lastSyncTime":50,"discoverSource":51},72247,"AI-Infra-Guard","Tencent\u002FAI-Infra-Guard","Tencent","A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.","https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F",null,"Python",3869,378,32,5,0,28,63,212,84,29.74,"Apache License 2.0",false,"main",true,[27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45],"agent","agent-security","ai-infra","ai-red-teaming","ai-security","llm","llm-evaluation","llm-jailbreak","llm-security","mcp-scan","openclaw-security","prompt-injection","prompt-security","scanner","security","security-tools","skill-scanner","skills-security","vulnerability","2026-06-12 02:03:00","\u003Cp align=\"center\">\n \u003Ch1 align=\"center\">\u003Cimg vertical-align=\"middle\" width=\"400px\" src=\"img\u002Flogo-full-new.png\" alt=\"A.I.G\"\u002F>\u003C\u002Fh1>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F\">📖 Documentation\u003C\u002Fa>  | \n 🌐 \u003Ca href=\".\u002Freadme\u002FREADME_ZH.md\">🇨🇳 中文\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_JA.md\">🇯🇵 日本語\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_ES.md\">🇪🇸 Español\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_DE.md\">🇩🇪 Deutsch\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_FR.md\">🇫🇷 Français\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_KR.md\">🇰🇷 한국어\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_PT.md\">🇧🇷 Português\u003C\u002Fa> · \u003Ca href=\".\u002Freadme\u002FREADME_RU.md\">🇷🇺 Русский\u003C\u002Fa>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftencent\u002FAI-Infra-Guard\u002Fstargazers\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Ftencent\u002FAI-Infra-Guard?style=social\" alt=\"GitHub stars\">\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\">\n \u003Cimg alt=\"GitHub downloads\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fdownloads\u002FTencent\u002FAI-Infra-Guard\u002Ftotal\">\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\">\n \u003Cimg alt=\"docker pulls\" src=\"https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fzhuquelab\u002Faig-server.svg?color=gold\">\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\">\n \u003Cimg alt=\"Release\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FTencent\u002FAI-Infra-Guard?color=green\">\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fdeepwiki.com\u002FTencent\u002FAI-Infra-Guard\">\n \u003Cimg src=\"https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg\" alt=\"Ask DeepWiki\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fclawhub.ai\u002Faigsec\u002Fedgeone-clawscan\" target=\"_blank\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FClawHub-EdgeOne%20ClawScan-a870dc\" alt=\"EdgeOne ClawScan\">\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fclawhub.ai\u002Faigsec\u002Fedgeone-skill-scanner\" target=\"_blank\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FClawHub-EdgeOne%20Skill%20Scanner-2ea44f\" alt=\"EdgeOne Skill Scanner\">\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fclawhub.ai\u002Faigsec\u002Faig-scanner\" target=\"_blank\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FClawHub-AIG%20Scanner-e6a817\" alt=\"AIG Scanner\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F13637\" target=\"_blank\">\u003Cpicture>\u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F13637\">\u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F13637\">\u003Cimg src=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F13637\" alt=\"Tencent%2FAI-Infra-Guard | Trendshift\" width=\"250\" height=\"55\"\u002F>\u003C\u002Fpicture>\u003C\u002Fa> \n \u003Ca href=\"https:\u002F\u002Fwww.blackhat.com\u002Feu-25\u002Farsenal\u002Fschedule\u002Findex.html#aigai-infra-guard-48381\" target=\"_blank\">\u003Cimg src=\"img\u002Fblackhat.png\" alt=\"Tencent%2FAI-Infra-Guard | blackhat\" width=\"175\" height=\"55\"\u002F>\u003C\u002Fa> \n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdeepseek-ai\u002Fawesome-deepseek-integration\" target=\"_blank\">\u003Cimg src=\"img\u002Fawesome-deepseek.png\" alt=\"Tencent%2FAI-Infra-Guard | awesome-deepseek-integration\" width=\"273\" height=\"55\"\u002F>\u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cbr>\n\n\u003Cp align=\"center\">\n \u003Ch2 align=\"center\">🚀 AI Red Teaming Platform by Tencent Zhuque Lab\u003C\u002Fh2>\n\u003C\u002Fp>\n\n**A.I.G (AI-Infra-Guard)** integrates capabilities such as ClawScan(OpenClaw Security Scan), Agent Scan,AI infra vulnerability scan, MCP Server & Agent Skills scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination.\n\n\u003Cp>\n We are committed to making A.I.G(AI-Infra-Guard) the industry-leading AI red teaming platform. More stars help this project reach a wider audience, attracting more developers to contribute, which accelerates iteration and improvement. Your star is crucial to us!\n\u003C\u002Fp>\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F⭐-Give%20us%20a%20Star-yellow?style=for-the-badge&logo=github\" alt=\"Give us a Star\">\n \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cbr>\n\n## 🚀 What's New\n\n- **2026-05-14** · [v4.1.8](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.8) — Coverage expanded to 64 AI components (6 new: InstructLab, LMDeploy, SuperAGI, Pipecat, Paperclip, QnABot); vuln database deduplicated and cleaned.\n- **2026-04-23** · [v4.1.6](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.6) — Coverage expanded to 58 AI components (added FastGPT, Upsonic); vuln database refreshed across 7 components.\n- **2026-04-23** · [v4.1.5](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.5) — Detects exposed AI agent config files (13 paths); manual update for jailbreak datasets and vuln databases.\n- **2026-04-17** · [v4.1.4](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.4) — HTTPS model endpoints with self-signed certificates now supported.\n- **2026-04-09** · [v4.1.3](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.3) — Coverage expanded to 55 AI components; added crewai, kubeai, lobehub.\n- **2026-04-03** · [v4.1.2](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.2) — Three new skills on ClawHub (`edgeone-clawscan`, `edgeone-skill-scanner`, `aig-scanner`) + manual task stop.\n- **2026-03-25** · [v4.1.1](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1.1) — ☠️ Detects LiteLLM supply chain attack (CRITICAL); added Blinko & New-API coverage.\n- **2026-03-23** · [v4.1](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.1) — OpenClaw vulnerability database expanded with 281 new CVE\u002FGHSA entries.\n- **2026-03-10** · [v4.0](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Freleases\u002Ftag\u002Fv4.0) — Launched EdgeOne ClawScan (OpenClaw Security Scan) and Agent-Scan framework.\n\n👉 [CHANGELOG](.\u002FCHANGELOG.md) · 🩺 [Try EdgeOne ClawScan](https:\u002F\u002Fmatrix.tencent.com\u002Fclawscan)\n\n\n## Table of Contents\n- [🚀 Quick Start](#-quick-start)\n- [✨ Features](#-features)\n- [🖼️ Showcase](#-showcase)\n- [📖 User Guide](#-user-guide)\n- [🔧 API Documentation](#-api-documentation)\n- [🏗️ Architecture Evolution](.\u002Fdocs\u002Farchitecture_evolution.md)\n- [📝 Contribution Guide](#-contribution-guide)\n- [🛡️ About the Team](#️-about-the-team)\n- [🙏 Acknowledgements](#-acknowledgements)\n- [💬 Join the Community](#-join-the-community)\n- [📖 Citation](#-citation)\n- [📚 Papers](#-papers)\n- [⚖️ License & Attribution](#️-license--attribution)\n\u003Cbr>\u003Cbr>\n## 🚀 Quick Start\n### Deployment with Docker\n\n| Docker | RAM | Disk Space |\n|:-------|:----|:----------|\n| 20.10 or higher | 4GB+ | 10GB+ |\n\n```bash\n# This method pulls pre-built images from Docker Hub for a faster start\ngit clone https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard.git\ncd AI-Infra-Guard\n# For Docker Compose V2+, replace 'docker-compose' with 'docker compose'\ndocker-compose -f docker-compose.images.yml up -d\n```\n\nOnce the service is running, you can access the A.I.G web interface at:\n`http:\u002F\u002Flocalhost:8088`\n\u003Cbr>\n\n### Use from OpenClaw\n\nYou can also call A.I.G directly from OpenClaw chat via the `aig-scanner` skill.\n\n```bash\nclawhub install aig-scanner\n```\n\nThen configure `AIG_BASE_URL` to point to your running A.I.G service.\n\nFor more details, see the [`aig-scanner` README](.\u002Fskills\u002Faig-scanner\u002FREADME.md).\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>📦 More installation options\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n### Other Installation Methods\n\n**Method 2: One-Click Install Script (Recommended)**\n```bash\n# This method will automatically install Docker and launch A.I.G with one command\ncurl https:\u002F\u002Fraw.githubusercontent.com\u002FTencent\u002FAI-Infra-Guard\u002Frefs\u002Fheads\u002Fmain\u002Fdocker.sh | bash\n```\n\n**Method 3: Build and run from source**\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard.git\ncd AI-Infra-Guard\n# This method builds a Docker image from local source code and starts the service\n# (For Docker Compose V2+, replace 'docker-compose' with 'docker compose')\ndocker-compose up -d\n```\n\nNote: The AI-Infra-Guard project is positioned as an AI red teaming platform for internal use by enterprises or individuals. It currently lacks an authentication mechanism and should not be deployed on public networks.\n\nFor more information, see: [https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F?menu=getting-started](https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F?menu=getting-started)\n\n\u003C\u002Fdetails>\n\n### Try the Online Pro Version\nExperience the Pro version with advanced features and improved performance. The Pro version requires an [invitation code](https:\u002F\u002Fwj.qq.com\u002Fs2\u002F25099467\u002F25vn\u002F) and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: [https:\u002F\u002Faigsec.ai\u002F](https:\u002F\u002Faigsec.ai\u002F).\n\u003Cbr>\n\u003Cbr>\n\n## ✨ Features\n\n| Feature | More Info |\n|:--------|:------------|\n| **ClawScan(OpenClaw Security Scan)** | Supports one-click evaluation of OpenClaw security risks. It detects insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage. |\n| **Agent Scan** | This is an independent, multi-agent automated scanning framework. It is designed to evaluate the security of AI agent workflows. It seamlessly supports agents running across various platforms, including Dify and Coze. |\n| **MCP Server & Agent Skills scan** | It thoroughly detects 14 major categories of security risks. The detection applies to both MCP Servers and Agent Skills. It flexibly supports scanning from both source code and remote URLs. |\n| **AI infra vulnerability scan** | This scanner precisely identifies over 64 AI framework components. It covers more than 1300 known CVE vulnerabilities. Supported frameworks include Ollama, ComfyUI, vLLM, n8n, Triton Inference Server and more. |\n| **Jailbreak Evaluation** | It assesses prompt security risks using carefully curated datasets. The evaluation applies multiple attack methods to test robustness. It also provides detailed cross-model comparison capabilities. |\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>💎 Additional Benefits\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n- 🖥️ **Modern Web Interface**: User-friendly UI with one-click scanning and real-time progress tracking\n- 🔌 **Complete API**: Full interface documentation and Swagger specifications for easy integration\n- 🤖 **Agent-Ready**: Plug-and-play agent skills on ClawHub — [EdgeOne ClawScan](https:\u002F\u002Fclawhub.ai\u002Faigsec\u002Fedgeone-clawscan), [EdgeOne Skill Scanner](https:\u002F\u002Fclawhub.ai\u002Faigsec\u002Fedgeone-skill-scanner), and [AIG Scanner](https:\u002F\u002Fclawhub.ai\u002Faigsec\u002Faig-scanner) — seamlessly embed security scanning into any AI agent workflow\n- 🌐 **Multi-Language**: Chinese and English interfaces with localized documentation\n- 🐳 **Cross-Platform**: Linux, macOS, and Windows support with Docker-based deployment\n- 🆓 **Free & Open Source**: Completely free under the Apache 2.0 license\n\u003C\u002Fdetails>\n\n\u003Cbr \u002F>\n\n\n## 🖼️ Showcase\n\n### A.I.G Main Interface\n![A.I.G Main Page](img\u002Faig.gif)\n\n### Plugin Management\n![Plugin Management](img\u002Fplugin-gif.gif)\n\n\u003Cbr \u002F>\n\n\n## 🗺️ Quick Usage Guide\n\n> After deployment, open `http:\u002F\u002Flocalhost:8088` in your browser.\n\n### AI Infrastructure Vulnerability Scan\n\n**What to enter as the target URL \u002F IP?**\n\nThe target is the **network address of a running AI service** you want to scan - not a GitHub URL or source code path. A.I.G connects to the live service and fingerprints it for known CVE vulnerabilities.\n\n| Scenario | Example target |\n|:---------|:--------------|\n| A locally running vLLM instance | `http:\u002F\u002F127.0.0.1:8000` |\n| An Ollama server on your LAN | `http:\u002F\u002F192.168.1.100:11434` |\n| A ComfyUI instance exposed internally | `http:\u002F\u002F10.0.0.5:8188` |\n| Multiple hosts (one per line) | `192.168.1.0\u002F24` (CIDR), `10.0.0.1-10.0.0.20` (range) |\n\n**Step-by-step: Scan a local vLLM instance**\n\n1. Start vLLM normally (e.g. `python -m vllm.entrypoints.api_server --model meta-llama\u002F...`)\n2. In the A.I.G web UI, click **\"AI基础设施安全扫描 \u002F AI Infra Scan\"**\n3. Enter `http:\u002F\u002F127.0.0.1:8000` (or the IP\u002Fport where vLLM is listening)\n4. Click **Start Scan** - A.I.G will fingerprint the service and match it against 1300+ known CVEs\n5. View the report: component version, matched vulnerabilities, severity, and remediation links\n\n> 💡 **Tip**: To scan the *nightly* build of vLLM specifically, just run that nightly build and point A.I.G at its address. The scanner detects the version automatically.\n\n### MCP Server & Agent Skills Scan\n\nEnter either a **remote URL** (e.g. `https:\u002F\u002Fgithub.com\u002Fuser\u002Fmcp-server`) or **upload a local source archive** - no running instance required.\n\n### Jailbreak Evaluation\n\nConfigure the target LLM's API endpoint (base URL + API key) in **Settings → Model Config**, then select a dataset and start the evaluation.\n\n---\n\n## 📖 User Guide\n\nVisit our online documentation: [https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F](https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F)\n\nFor more detailed FAQs and troubleshooting guides, visit our [documentation](https:\u002F\u002Ftencent.github.io\u002FAI-Infra-Guard\u002F?menu=faq).\n\u003Cbr \u002F>\n\u003Cbr>\n\n## 🔧 API Documentation\n\nA.I.G provides a comprehensive set of task creation APIs that support AI infra scan, MCP Server Scan, and Jailbreak Evaluation capabilities.\n\nAfter the project is running, visit `http:\u002F\u002Flocalhost:8088\u002Fdocs\u002Findex.html` to view the complete API documentation.\n\nFor detailed API usage instructions, parameter descriptions, and complete example code, please refer to the [Complete API Documentation](.\u002Fapi.md).\n\u003Cbr \u002F>\n\u003Cbr>\n\n## 📝 Contribution Guide\n\nThe extensible plugin framework​​ serves as A.I.G's architectural cornerstone, inviting community innovation through Plugin and Feature contributions.​\n\n### Plugin Contribution Rules\n1. **Fingerprint Rules**: Add new YAML fingerprint files to the `data\u002Ffingerprints\u002F` directory.\n2. **Vulnerability Rules**: Add new vulnerability scan rules to the `data\u002Fvuln\u002F` directory.\n3. **MCP Plugins**: Add new MCP security scan rules to the `data\u002Fmcp\u002F` directory.\n4. **Jailbreak Evaluation Datasets**: Add new Jailbreak evaluation datasets to the `data\u002Feval` directory.\n\nPlease refer to the existing rule formats, create new files, and submit them via a Pull Request.\n\n### Other Ways to Contribute\n- 🐛 [Report a Bug](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Fissues)\n- 💡 [Suggest a New Feature](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Fissues)\n- ⭐ [Improve Documentation](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Fpulls)\n\u003Cbr \u002F>\n\u003Cbr \u002F>\n\n## 🛡️ About the Team\n\nThis project is led and developed by **Tencent Zhuque Lab**, part of the Tencent Security Platform Department. Founded in 2019, [Tencent Zhuque Lab](https:\u002F\u002Fmatrix.tencent.com\u002F) is a top-tier security research lab focused on real-world offensive and defensive research and frontier technology in the AI security space, covering large model security, AI agent security, AI-empowered security, and AI-generated content detection.\n\nThe team has helped major vendors such as **NVIDIA, Google, and Microsoft**, as well as open-source communities like **OpenClaw, Linux, and Hugging Face**, fix a large number of high-risk vulnerabilities, and has been publicly acknowledged by them.\n\nWe have released open-source AI security products including the AI Red Team Security Testing Platform **A.I.G (AI-Infra-Guard)** and the **Zhuque AI Detection Assistant**. Our research has been widely published at top international security and AI conferences such as **Black Hat, DEF CON, ICLR, CVPR, NeurIPS, and ACL**, and we have authored the book *\"AI Security: Technology and Practice\"*.\n\n### 👥 Core Members & Contributions\n\n| Role | Member | Contribution |\n| --- | --- | --- |\n| Head of Tencent Security Platform Department | **Yong Yang** | Initiated A.I.G and proposed automated assessment of AI agent loss-of-control risks, guiding the platform's expansion from AI infrastructure vulnerability scanning to agent execution risk, tool misuse, and permission-boundary evaluation. |\n| Head of Tencent Zhuque Lab | **Xing Zheng** | Proposed the automated vulnerability-update and benchmark-alignment mechanism, helping AI Infra fingerprints, CVE\u002FGHSA rules, and benchmarks iterate continuously. |\n| Project Lead | **Nicky** | Frontier security research, product planning, technical-route decisions, internal and external collaboration, and communications. |\n| Technical Lead | **Python** | Overall architecture design, core module development, and version iteration. |\n| Core Contributor | **Zona** | Frontend interaction, product experience, community operations, and user-feedback loop. |\n| Core Contributor | **Fyoung** | AI Infra vulnerability component fingerprint updates and Benchmark system construction. |\n| Core Contributor | **Robert** | LLM safety assessment and jailbreak-evaluation strategy operations. |\n| Core Contributor | **Zoe** | LLM safety assessment, jailbreak evaluation, and model-integration module development. |\n| Core Contributor | **Xiangfan** | Security capability development for Skill risks and agent loss-of-control scenarios. |\n| Contributor | **Ronin** | Participated in AI agent security scanning development. |\n| Contributor | **Rsin** | Participated in community operations and campaign communications. |\n\n\u003Cbr \u002F>\n\n## 🙏 Acknowledgements\n\n### 🎓 Academic Collaborations\n\nWe extend our sincere appreciation to our academic partners for their exceptional research contributions and technical support.\n\n#### \u003Cimg src=\"img\u002F北大未来网络重点实验室2.png\" height=\"30\" align=\"middle\"\u002F>\n\u003Ctable>\n \u003Ctr>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"#\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F0?v=4\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"#\">\n \u003Csub>\u003Cb>Prof. hui Li\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTheBinKing\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002FTheBinKing\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:1546697086@qq.com\">\n \u003Csub>\u003Cb>Bin Wang\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKPGhat\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002FKPGhat\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:kpghat@gmail.com\">\n \u003Csub>\u003Cb>Zexin Liu\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGioldDiorld\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002FGioldDiorld\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:g.diorld@gmail.com\">\n \u003Csub>\u003Cb>Hao Yu\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FJarvisni\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002FJarvisni\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:719001405@qq.com\">\n \u003Csub>\u003Cb>Ao Yang\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FZhengxi7\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002FZhengxi7\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:linzhengxi7@126.com\">\n \u003Csub>\u003Cb>Zhengxi Lin\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\n#### \u003Cimg src=\"img\u002F复旦大学2.png\" height=\"30\" align=\"middle\" style=\"vertical-align: middle;\"\u002F>\n\n\u003Ctable>\n \u003Ctr>\n \u003Ctd align=\"center\" width=\"120\">\n \u003Ca href=\"https:\u002F\u002Fyangzhemin.github.io\u002F\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fyangzhemin\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:yangzhemin@fudan.edu.cn\">\n \u003Csub>\u003Cb>Prof. Zhemin Yang\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"100\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkangwei-zhong\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fkangwei-zhong\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:kwzhong23@m.fudan.edu.cn\">\n \u003Csub>\u003Cb>Kangwei Zhong\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMoonBirdLin\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002FMoonBirdLin\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:linjp23@m.fudan.edu.cn\">\n \u003Csub>\u003Cb>Jiapeng Lin\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003Ctd align=\"center\" width=\"90\">\n \u003Ca href=\"https:\u002F\u002Fvanilla-tiramisu.github.io\u002F\">\n \u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fvanilla-tiramisu\" width=\"70px;\" style=\"border-radius: 50%;\" alt=\"\"\u002F>\n \u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Ca href=\"mailto:csheng25@m.fudan.edu.cn\">\n \u003Csub>\u003Cb>Cheng Sheng\u003C\u002Fb>\u003C\u002Fsub>\n \u003C\u002Fa>\n \u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\u003Cbr>\n\n### 👥 Gratitude to Contributing Developers\nThanks to all the developers who have contributed to the A.I.G project, Your contributions have been instrumental in making A.I.G a more robust and reliable AI Red Team platform.\n\u003Cbr \u002F>\n\u003Ctable border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n \u003Ctr>\n \u003Ctd width=\"33%\">\u003Cimg src=\"img\u002Fkeen_lab_logo.svg\" alt=\"Keen Lab\" height=\"85%\">\u003C\u002Ftd>\n \u003Ctd width=\"33%\">\u003Cimg src=\"img\u002Fwechat_security.png\" alt=\"WeChat Security\" height=\"85%\">\u003C\u002Ftd>\n \u003Ctd width=\"33%\">\u003Cimg src=\"img\u002Ffit_sec_logo.png\" alt=\"Fit Security\" height=\"85%\">\u003C\u002Ftd>\n \u003C\u002Ftr>\n\u003C\u002Ftable>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Fgraphs\u002Fcontributors\">\n \u003Cimg src=\"https:\u002F\u002Fcontrib.rocks\u002Fimage?repo=Tencent\u002FAI-Infra-Guard\" \u002F>\n\u003C\u002Fa>\n\u003Cbr>\n\u003Cbr>\n\n### 🤝 Appreciation for Our Users\n\nThanks to the users from the following organizations and teams for using A.I.G and their valuable feedback.\n\n\u003Cbr>\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"img\u002Ftencent.png\" alt=\"Tencent\" height=\"28px\">\n\u003Cimg src=\"img\u002Fdeepseek.png\" alt=\"DeepSeek\" height=\"38px\">\n\u003Cimg src=\"img\u002Fantintl.svg\" alt=\"Antintl\" height=\"45px\">\n\u003Cimg src=\"img\u002Flenovo.png\" alt=\"Lenovo\" height=\"35px\">\n\u003Cimg src=\"img\u002FICBC.jpg\" alt=\"ICBC\" height=\"40px\">\n\u003Cimg src=\"img\u002Fvivo.png\" alt=\"Vivo\" height=\"30px\">\n\u003Cimg src=\"img\u002Foppo.png\" alt=\"Oppo\" height=\"30px\">\n\u003Cimg src=\"img\u002Fhaier.png\" alt=\"Haier\" height=\"30px\">\n\u003Cimg src=\"img\u002Fabc.png\" alt=\"Abc\" height=\"40px\">\n\u003Cimg src=\"img\u002F中国电信.png\" alt=\"中国电信\" height=\"40px\">\n\u003Cimg src=\"img\u002Fbilibili.jpg\" alt=\"Bilibili\" height=\"38px\">\n\u003Cimg src=\"img\u002Fqunar.png\" alt=\"Qunar\" height=\"35px\">\n\u003Cimg src=\"img\u002F蜜雪冰城.png\" alt=\"蜜雪冰城\" height=\"40px\">\n\u003Cimg src=\"img\u002FIDG.webp\" alt=\"IDG\" height=\"55px\">\n\u003Cimg src=\"img\u002Fkingdee.png\" alt=\"kingdee\" height=\"40px\">\n\u003C\u002Fdiv>\n\u003Cbr>\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"img\u002F清华大学.jpg\" alt=\"清华大学\" height=\"40px\">\n\u003Cimg src=\"img\u002F北京大学.png\" alt=\"北京大学\" height=\"40px\">\n\u003Cimg src=\"img\u002Ffudan.png\" alt=\"复旦大学\" height=\"40px\">\n\u003Cimg src=\"img\u002F浙江大学.png\" alt=\"浙江大学\" height=\"40px\">\n\u003Cimg src=\"img\u002F南京大学.png\" alt=\"南京大学\" height=\"40px\">\n\u003Cimg src=\"img\u002FAn-NajahNationalUniversity.png\" alt=\"An-Najah National University\" height=\"40px\">\n\u003Cimg src=\"img\u002F西安交通大学.png\" alt=\"西安交通大学\" height=\"40px\">\n\u003Cimg src=\"img\u002F南开大学.jpg\" alt=\"南开大学\" height=\"40px\">\n\u003Cimg src=\"img\u002F四川大学.png\" alt=\"四川大学\" height=\"40px\">\n\u003C\u002Fdiv>\n\n\u003Cbr>\n\u003Cbr>\n\n## 💬 Join the Community\n\n### 🌐 Online Discussions\n- **GitHub Discussions**: [Join our community discussions](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Fdiscussions)\n- **Issues & Bug Reports**: [Report issues or suggest features](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard\u002Fissues)\n\n### 📱 Discussion Community\n\u003Ctable>\n \u003Cthead>\n \u003Ctr>\n \u003Cth>WeChat Group\u003C\u002Fth>\n \u003Cth>Discord \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FU9dnPnyadZ\">[link]\u003C\u002Fa>\u003C\u002Fth>\n \u003C\u002Ftr>\n \u003C\u002Fthead>\n \u003Ctbody>\n \u003Ctr>\n \u003Ctd>\u003Cimg src=\"img\u002Fwechatgroup.png\" alt=\"WeChat Group\" width=\"200\">\u003C\u002Ftd>\n \u003Ctd>\u003Cimg src=\"img\u002Fdiscord.png\" alt=\"discord\" width=\"200\">\u003C\u002Ftd>\n \u003C\u002Ftr>\n \u003C\u002Ftbody>\n\u003C\u002Ftable>\n\n### 📧 Contact Us\nFor collaboration inquiries or feedback, please contact us at: [zhuque@tencent.com](mailto:zhuque@tencent.com)\n\n### 🔗 Recommended Security Tools\nIf you are interested in code security, check out [A.S.E (AICGSecEval)](https:\u002F\u002Fgithub.com\u002FTencent\u002FAICGSecEval), the industry's first repository-level AI-generated code security evaluation framework open-sourced by the Tencent Wukong Code Security Team.\n\n\n\n\n\u003Cbr>\n\u003Cbr>\n\n## 📖 Citation\n\nIf you use A.I.G in your research, please cite:\n\n```bibtex\n@misc{Tencent_AI-Infra-Guard_2025,\n author={{Tencent Zhuque Lab}},\n title={{AI-Infra-Guard: A Comprehensive, Intelligent, and Easy-to-Use AI Red Teaming Platform}},\n year={2025},\n howpublished={GitHub repository},\n url={https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard}\n}\n```\n\u003Cbr>\n\n## 📚 Papers\n\n1. **\"AI-Infra-Guard Technical Report\"** — Technical report covering architecture design, scanning engine, and assessment methodology. [[pdf]](.\u002FAIG_Technical_Report.pdf)\n\n2. **\"AI-Infra-Guard: An AI Red Teaming Platform\"** — Black Hat Europe 2025 Arsenal presentation showcasing A.I.G's capabilities and real-world use cases. [[pdf]](.\u002FArsenal-BHEU2025-AI-Infra-Guard.pdf)\n\n3. **\"MCP Unchained: Compromising The AI Agent Ecosystem Via Its Universal Connector\"** — Black Hat Europe 2025 talk revealing security risks in the MCP protocol within the AI agent ecosystem. [[pdf]](.\u002FBHEU-25-MCP-Unchained-Compromising-The-AI-Agent-Ecosystem-Via-Its-Universal-Connector.pdf)\n\n\u003Cdetails>\n\u003Csummary>We are deeply grateful to the research teams who have used A.I.G in their academic work. Click to expand (18 papers)\u003C\u002Fsummary>\n\u003Cbr>\n\n1. Naen Xu, Jinghuai Zhang, Ping He et al. **\"FraudShield: Knowledge Graph Empowered Defense for LLMs against Fraud Attacks.\"** arXiv preprint arXiv:2601.22485v1 (2026). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2601.22485v1)\n\n2. Ruiqi Li, Zhiqiang Wang, Yunhao Yao et al. **\"MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP.\"** arXiv preprint arXiv:2601.07395v1 (2026). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2601.07395v1)\n\n3. Jingxiao Yang, Ping He, Tianyu Du et al. **\"HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors.\"** arXiv preprint arXiv:2601.05587v1 (2026). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2601.05587v1)\n\n4. Yunyi Zhang, Shibo Cui, Baojun Liu et al. **\"Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries.\"** arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2511.17874v2)\n\n5. Teofil Bodea, Masanori Misono, Julian Pritzi et al. **\"Trusted AI Agents in the Cloud.\"** arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2512.05951v1)\n\n6. Christian Coleman. **\"Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment.\"** [[pdf]](https:\u002F\u002Fdigitalcommons.odu.edu\u002Fcgi\u002Fviewcontent.cgi?article=1138&context=covacci-undergraduateresearch)\n\n7. Bin Wang, Zexin Liu, Hao Yu et al. **\"MCPGuard: Automatically Detecting Vulnerabilities in MCP Servers.\"** arXiv preprint arXiv:2510.23673v1 (2025). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2510.23673v1)\n\n8. Weibo Zhao, Jiahao Liu, Bonan Ruan et al. **\"When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation.\"** arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2509.24272v1)\n\n9. Ping He, Changjiang Li, et al. **\"Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools.\"** arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.21011)\n\n10. Yixuan Yang, Daoyuan Wu, Yufan Chen. **\"MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols.\"** arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.13220)\n\n11. Zexin Wang, Jingjing Li, et al. **\"A Survey on AgentOps: Categorization, Challenges, and Future Directions.\"** arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.02121)\n\n12. Yongjian Guo, Puzhuo Liu, et al. **\"Systematic Analysis of MCP Security.\"** arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.12538)\n\n13. Yuepeng Hu, Yuqi Jia, Mengyuan Li et al. **\"MalTool: Malicious Tool Attacks on LLM Agents.\"** arXiv preprint arXiv:2602.12194 (2026). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2602.12194)\n\n14. Yi Ting Shen, Kentaroh Toyoda, Alex Leung. **\"MCP-38: A Comprehensive Threat Taxonomy for Model Context Protocol Systems (v1.0).\"** arXiv preprint arXiv:2603.18063 (2026). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2603.18063)\n\n15. Yiheng Huang, Zhijia Zhao, Bihuan Chen et al. **\"From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers.\"** arXiv preprint arXiv:2604.01905 (2026). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2604.01905)\n\n16. Hengkai Ye, Zhechang Zhang, Jinyuan Jia et al. **\"TRUSTDESC: Preventing Tool Poisoning in LLM Applications via Trusted Description Generation.\"** arXiv preprint arXiv:2604.07536 (2026). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2604.07536)\n\n17. Zenghao Duan, Yuxin Tian, Zhiyi Yin et al. **\"SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement.\"** arXiv preprint arXiv:2604.04989 (2026). [[pdf]](https:\u002F\u002Farxiv.org\u002Fabs\u002F2604.04989)\n\n18. Zhaojiacheng Zhou. **\"Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems.\"** arXiv preprint arXiv:2605.11891 (2026). [[pdf]](http:\u002F\u002Farxiv.org\u002Fabs\u002F2605.11891v1)\n\n\n\u003C\u002Fdetails>\n\n📧 If you have used A.I.G in your research or product, or if we have inadvertently missed your publication, we would love to hear from you! [Contact us here](#-join-the-community).\n\u003Cbr>\n\u003Cbr>\n\n## ⚖️ License & Attribution\n\nThis project is open-sourced under the **Apache License 2.0**. We warmly welcome and encourage community contributions, integrations, and derivative works, subject to the following attribution requirements:\n\n1. **Retain notices**: You must retain the `LICENSE` and `NOTICE` files from the original project in any distribution.\n2. **Product attribution**: If you integrate AI-Infra-Guard's core code, components, or scanning engine into your open-source project, commercial product, or internal platform, you must clearly state the following in your **product documentation, usage guide, or UI \"About\" page**:\n > \"This project integrates [AI-Infra-Guard](https:\u002F\u002Fgithub.com\u002FTencent\u002FAI-Infra-Guard), open-sourced by Tencent Zhuque Lab.\"\n3. **Academic & article citation**: If you use this tool in vulnerability analysis reports, security research articles, or academic papers, please explicitly mention \"Tencent Zhuque Lab AI-Infra-Guard\" and include a link to the repository.\n\nRepackaging this project as an original product without disclosing its origin is strictly prohibited.\n\n\u003Cdiv>\n\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=Tencent\u002FAI-Infra-Guard&type=Date)](https:\u002F\u002Fstar-history.com\u002F#Tencent\u002FAI-Infra-Guard&Date)\n","Tencent\u002FAI-Infra-Guard 是一个全面的AI红队平台,旨在通过多种扫描和评估手段保护AI生态系统。该项目利用OpenClaw安全扫描、代理扫描、技能扫描、MCP扫描、AI基础设施扫描以及大语言模型越狱评估等技术,对AI系统的安全性进行全面检测。其核心功能包括识别潜在的安全漏洞、防止提示注入攻击及评估大语言模型的安全性。适合于需要增强AI系统安全性的企业和研究机构使用,在开发和部署AI应用时提供安全保障。",2,"2026-06-11 03:41:02","high_star"]