/ README.md
README.md
1 <p align="center"> 2 <h1 align="center"><img vertical-align="middle" width="400px" src="img/logo-full-new.png" alt="A.I.G"/></h1> 3 </p> 4 <p align="center"> 5 <a href="https://tencent.github.io/AI-Infra-Guard/">📖 Documentation</a> | 6 🌐 <a href="./readme/README_ZH.md">🇨🇳 中文</a> · <a href="./readme/README_JA.md">🇯🇵 日本語</a> · <a href="./readme/README_ES.md">🇪🇸 Español</a> · <a href="./readme/README_DE.md">🇩🇪 Deutsch</a> · <a href="./readme/README_FR.md">🇫🇷 Français</a> · <a href="./readme/README_KR.md">🇰🇷 한국어</a> · <a href="./readme/README_PT.md">🇧🇷 Português</a> · <a href="./readme/README_RU.md">🇷🇺 Русский</a> 7 </p> 8 <p align="center"> 9 <a href="https://github.com/tencent/AI-Infra-Guard/stargazers"> 10 <img src="https://img.shields.io/github/stars/tencent/AI-Infra-Guard?style=social" alt="GitHub stars"> 11 </a> 12 <a href="https://github.com/Tencent/AI-Infra-Guard"> 13 <img alt="GitHub downloads" src="https://img.shields.io/github/downloads/Tencent/AI-Infra-Guard/total"> 14 </a> 15 <a href="https://github.com/Tencent/AI-Infra-Guard"> 16 <img alt="docker pulls" src="https://img.shields.io/docker/pulls/zhuquelab/aig-server.svg?color=gold"> 17 </a> 18 <a href="https://github.com/Tencent/AI-Infra-Guard"> 19 <img alt="Release" src="https://img.shields.io/github/v/release/Tencent/AI-Infra-Guard?color=green"> 20 </a> 21 <a href="https://deepwiki.com/Tencent/AI-Infra-Guard"> 22 <img src="https://deepwiki.com/badge.svg" alt="Ask DeepWiki"> 23 </a> 24 </p> 25 <p align="center"> 26 <a href="https://clawhub.ai/aigsec/edgeone-clawscan" target="_blank"> 27 <img src="https://img.shields.io/badge/ClawHub-EdgeOne%20ClawScan-a870dc" alt="EdgeOne ClawScan"> 28 </a> 29 <a href="https://clawhub.ai/aigsec/edgeone-skill-scanner" target="_blank"> 30 <img src="https://img.shields.io/badge/ClawHub-EdgeOne%20Skill%20Scanner-2ea44f" alt="EdgeOne Skill Scanner"> 31 </a> 32 <a href="https://clawhub.ai/aigsec/aig-scanner" target="_blank"> 33 <img src="https://img.shields.io/badge/ClawHub-AIG%20Scanner-e6a817" alt="AIG Scanner"> 34 </a> 35 </p> 36 <p align="center"> 37 <a href="https://trendshift.io/repositories/13637" target="_blank"><picture><source media="(prefers-color-scheme: dark)" srcset="https://trendshift.io/api/badge/repositories/13637"><source media="(prefers-color-scheme: light)" srcset="https://trendshift.io/api/badge/repositories/13637"><img src="https://trendshift.io/api/badge/repositories/13637" alt="Tencent%2FAI-Infra-Guard | Trendshift" width="250" height="55"/></picture></a> 38 <a href="https://www.blackhat.com/eu-25/arsenal/schedule/index.html#aigai-infra-guard-48381" target="_blank"><img src="img/blackhat.png" alt="Tencent%2FAI-Infra-Guard | blackhat" width="175" height="55"/></a> 39 <a href="https://github.com/deepseek-ai/awesome-deepseek-integration" target="_blank"><img src="img/awesome-deepseek.png" alt="Tencent%2FAI-Infra-Guard | awesome-deepseek-integration" width="273" height="55"/></a> 40 </p> 41 42 <br> 43 44 <p align="center"> 45 <h2 align="center">🚀 AI Red Teaming Platform by Tencent Zhuque Lab</h2> 46 </p> 47 48 **A.I.G (AI-Infra-Guard)** integrates capabilities such as ClawScan(OpenClaw Security Scan), Agent Scan,AI infra vulnerability scan, MCP Server & Agent Skills scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination. 49 50 <p> 51 We are committed to making A.I.G(AI-Infra-Guard) the industry-leading AI red teaming platform. More stars help this project reach a wider audience, attracting more developers to contribute, which accelerates iteration and improvement. Your star is crucial to us! 52 </p> 53 <p align="center"> 54 <a href="https://github.com/Tencent/AI-Infra-Guard"> 55 <img src="https://img.shields.io/badge/⭐-Give%20us%20a%20Star-yellow?style=for-the-badge&logo=github" alt="Give us a Star"> 56 </a> 57 </p> 58 59 <br> 60 61 ## 🚀 What's New 62 63 - **2026-04-23** · [v4.1.5](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.1.5) — Detects exposed AI agent config files (13 paths); manual update for jailbreak datasets and vuln databases. 64 - **2026-04-17** · [v4.1.4](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.1.4) — HTTPS model endpoints with self-signed certificates now supported. 65 - **2026-04-09** · [v4.1.3](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.1.3) — Coverage expanded to 55 AI components; added crewai, kubeai, lobehub. 66 - **2026-04-03** · [v4.1.2](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.1.2) — Three new skills on ClawHub (`edgeone-clawscan`, `edgeone-skill-scanner`, `aig-scanner`) + manual task stop. 67 - **2026-03-25** · [v4.1.1](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.1.1) — ☠️ Detects LiteLLM supply chain attack (CRITICAL); added Blinko & New-API coverage. 68 - **2026-03-23** · [v4.1](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.1) — OpenClaw vulnerability database expanded with 281 new CVE/GHSA entries. 69 - **2026-03-10** · [v4.0](https://github.com/Tencent/AI-Infra-Guard/releases/tag/v4.0) — Launched EdgeOne ClawScan (OpenClaw Security Scan) and Agent-Scan framework. 70 71 👉 [CHANGELOG](./CHANGELOG.md) · 🩺 [Try EdgeOne ClawScan](https://matrix.tencent.com/clawscan) 72 73 74 ## Table of Contents 75 - [🚀 Quick Start](#-quick-start) 76 - [✨ Features](#-features) 77 - [🖼️ Showcase](#-showcase) 78 - [📖 User Guide](#-user-guide) 79 - [🔧 API Documentation](#-api-documentation) 80 - [🏗️ Architecture Evolution](./docs/architecture_evolution.md) 81 - [📝 Contribution Guide](#-contribution-guide) 82 - [🙏 Acknowledgements](#-acknowledgements) 83 - [💬 Join the Community](#-join-the-community) 84 - [📖 Citation](#-citation) 85 - [📚 Related Papers](#-related-papers) 86 - [⚖️ License & Attribution](#️-license--attribution) 87 <br><br> 88 ## 🚀 Quick Start 89 ### Deployment with Docker 90 91 | Docker | RAM | Disk Space | 92 |:-------|:----|:----------| 93 | 20.10 or higher | 4GB+ | 10GB+ | 94 95 ```bash 96 # This method pulls pre-built images from Docker Hub for a faster start 97 git clone https://github.com/Tencent/AI-Infra-Guard.git 98 cd AI-Infra-Guard 99 # For Docker Compose V2+, replace 'docker-compose' with 'docker compose' 100 docker-compose -f docker-compose.images.yml up -d 101 ``` 102 103 Once the service is running, you can access the A.I.G web interface at: 104 `http://localhost:8088` 105 <br> 106 107 ### Use from OpenClaw 108 109 You can also call A.I.G directly from OpenClaw chat via the `aig-scanner` skill. 110 111 ```bash 112 clawhub install aig-scanner 113 ``` 114 115 Then configure `AIG_BASE_URL` to point to your running A.I.G service. 116 117 For more details, see the [`aig-scanner` README](./skills/aig-scanner/README.md). 118 119 <details> 120 <summary><strong>📦 More installation options</strong></summary> 121 122 ### Other Installation Methods 123 124 **Method 2: One-Click Install Script (Recommended)** 125 ```bash 126 # This method will automatically install Docker and launch A.I.G with one command 127 curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bash 128 ``` 129 130 **Method 3: Build and run from source** 131 ```bash 132 git clone https://github.com/Tencent/AI-Infra-Guard.git 133 cd AI-Infra-Guard 134 # This method builds a Docker image from local source code and starts the service 135 # (For Docker Compose V2+, replace 'docker-compose' with 'docker compose') 136 docker-compose up -d 137 ``` 138 139 Note: The AI-Infra-Guard project is positioned as an AI red teaming platform for internal use by enterprises or individuals. It currently lacks an authentication mechanism and should not be deployed on public networks. 140 141 For more information, see: [https://tencent.github.io/AI-Infra-Guard/?menu=getting-started](https://tencent.github.io/AI-Infra-Guard/?menu=getting-started) 142 143 </details> 144 145 ### Try the Online Pro Version 146 Experience the Pro version with advanced features and improved performance. The Pro version requires an invitation code and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: [https://aigsec.ai/](https://aigsec.ai/). 147 <br> 148 <br> 149 150 ## ✨ Features 151 152 | Feature | More Info | 153 |:--------|:------------| 154 | **ClawScan(OpenClaw Security Scan)** | Supports one-click evaluation of OpenClaw security risks. It detects insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage. | 155 | **Agent Scan** | This is an independent, multi-agent automated scanning framework. It is designed to evaluate the security of AI agent workflows. It seamlessly supports agents running across various platforms, including Dify and Coze. | 156 | **MCP Server & Agent Skills scan** | It thoroughly detects 14 major categories of security risks. The detection applies to both MCP Servers and Agent Skills. It flexibly supports scanning from both source code and remote URLs. | 157 | **AI infra vulnerability scan** | This scanner precisely identifies over 57 AI framework components. It covers more than 1000 known CVE vulnerabilities. Supported frameworks include Ollama, ComfyUI, vLLM, n8n, Triton Inference Server and more. | 158 | **Jailbreak Evaluation** | It assesses prompt security risks using carefully curated datasets. The evaluation applies multiple attack methods to test robustness. It also provides detailed cross-model comparison capabilities. | 159 160 <details> 161 <summary><strong>💎 Additional Benefits</strong></summary> 162 163 - 🖥️ **Modern Web Interface**: User-friendly UI with one-click scanning and real-time progress tracking 164 - 🔌 **Complete API**: Full interface documentation and Swagger specifications for easy integration 165 - 🤖 **Agent-Ready**: Plug-and-play agent skills on ClawHub — [EdgeOne ClawScan](https://clawhub.ai/aigsec/edgeone-clawscan), [EdgeOne Skill Scanner](https://clawhub.ai/aigsec/edgeone-skill-scanner), and [AIG Scanner](https://clawhub.ai/aigsec/aig-scanner) — seamlessly embed security scanning into any AI agent workflow 166 - 🌐 **Multi-Language**: Chinese and English interfaces with localized documentation 167 - 🐳 **Cross-Platform**: Linux, macOS, and Windows support with Docker-based deployment 168 - 🆓 **Free & Open Source**: Completely free under the Apache 2.0 license 169 </details> 170 171 <br /> 172 173 174 ## 🖼️ Showcase 175 176 ### A.I.G Main Interface 177  178 179 ### Plugin Management 180  181 182 <br /> 183 184 185 ## 🗺️ Quick Usage Guide 186 187 > After deployment, open `http://localhost:8088` in your browser. 188 189 ### AI Infrastructure Vulnerability Scan 190 191 **What to enter as the target URL / IP?** 192 193 The target is the **network address of a running AI service** you want to scan - not a GitHub URL or source code path. A.I.G connects to the live service and fingerprints it for known CVE vulnerabilities. 194 195 | Scenario | Example target | 196 |:---------|:--------------| 197 | A locally running vLLM instance | `http://127.0.0.1:8000` | 198 | An Ollama server on your LAN | `http://192.168.1.100:11434` | 199 | A ComfyUI instance exposed internally | `http://10.0.0.5:8188` | 200 | Multiple hosts (one per line) | `192.168.1.0/24` (CIDR), `10.0.0.1-10.0.0.20` (range) | 201 202 **Step-by-step: Scan a local vLLM instance** 203 204 1. Start vLLM normally (e.g. `python -m vllm.entrypoints.api_server --model meta-llama/...`) 205 2. In the A.I.G web UI, click **"AI基础设施安全扫描 / AI Infra Scan"** 206 3. Enter `http://127.0.0.1:8000` (or the IP/port where vLLM is listening) 207 4. Click **Start Scan** - A.I.G will fingerprint the service and match it against 1000+ known CVEs 208 5. View the report: component version, matched vulnerabilities, severity, and remediation links 209 210 > 💡 **Tip**: To scan the *nightly* build of vLLM specifically, just run that nightly build and point A.I.G at its address. The scanner detects the version automatically. 211 212 ### MCP Server & Agent Skills Scan 213 214 Enter either a **remote URL** (e.g. `https://github.com/user/mcp-server`) or **upload a local source archive** - no running instance required. 215 216 ### Jailbreak Evaluation 217 218 Configure the target LLM's API endpoint (base URL + API key) in **Settings → Model Config**, then select a dataset and start the evaluation. 219 220 --- 221 222 ## 📖 User Guide 223 224 Visit our online documentation: [https://tencent.github.io/AI-Infra-Guard/](https://tencent.github.io/AI-Infra-Guard/) 225 226 For more detailed FAQs and troubleshooting guides, visit our [documentation](https://tencent.github.io/AI-Infra-Guard/?menu=faq). 227 <br /> 228 <br> 229 230 ## 🔧 API Documentation 231 232 A.I.G provides a comprehensive set of task creation APIs that support AI infra scan, MCP Server Scan, and Jailbreak Evaluation capabilities. 233 234 After the project is running, visit `http://localhost:8088/docs/index.html` to view the complete API documentation. 235 236 For detailed API usage instructions, parameter descriptions, and complete example code, please refer to the [Complete API Documentation](./api.md). 237 <br /> 238 <br> 239 240 ## 📝 Contribution Guide 241 242 The extensible plugin framework serves as A.I.G's architectural cornerstone, inviting community innovation through Plugin and Feature contributions. 243 244 ### Plugin Contribution Rules 245 1. **Fingerprint Rules**: Add new YAML fingerprint files to the `data/fingerprints/` directory. 246 2. **Vulnerability Rules**: Add new vulnerability scan rules to the `data/vuln/` directory. 247 3. **MCP Plugins**: Add new MCP security scan rules to the `data/mcp/` directory. 248 4. **Jailbreak Evaluation Datasets**: Add new Jailbreak evaluation datasets to the `data/eval` directory. 249 250 Please refer to the existing rule formats, create new files, and submit them via a Pull Request. 251 252 ### Other Ways to Contribute 253 - 🐛 [Report a Bug](https://github.com/Tencent/AI-Infra-Guard/issues) 254 - 💡 [Suggest a New Feature](https://github.com/Tencent/AI-Infra-Guard/issues) 255 - ⭐ [Improve Documentation](https://github.com/Tencent/AI-Infra-Guard/pulls) 256 <br /> 257 <br /> 258 259 ## 🙏 Acknowledgements 260 261 ### 🎓 Academic Collaborations 262 263 We extend our sincere appreciation to our academic partners for their exceptional research contributions and technical support. 264 265 #### <img src="img/北大未来网络重点实验室2.png" height="30" align="middle"/> 266 <table> 267 <tr> 268 <td align="center" width="90"> 269 <a href="#"> 270 <img src="https://avatars.githubusercontent.com/u/0?v=4" width="70px;" style="border-radius: 50%;" alt=""/> 271 </a> 272 <br /> 273 <a href="#"> 274 <sub><b>Prof. hui Li</b></sub> 275 </a> 276 </td> 277 <td align="center" width="90"> 278 <a href="https://github.com/TheBinKing"> 279 <img src="https://avatars.githubusercontent.com/TheBinKing" width="70px;" style="border-radius: 50%;" alt=""/> 280 </a> 281 <br /> 282 <a href="mailto:1546697086@qq.com"> 283 <sub><b>Bin Wang</b></sub> 284 </a> 285 </td> 286 <td align="center" width="90"> 287 <a href="https://github.com/KPGhat"> 288 <img src="https://avatars.githubusercontent.com/KPGhat" width="70px;" style="border-radius: 50%;" alt=""/> 289 </a> 290 <br /> 291 <a href="mailto:kpghat@gmail.com"> 292 <sub><b>Zexin Liu</b></sub> 293 </a> 294 </td> 295 <td align="center" width="90"> 296 <a href="https://github.com/GioldDiorld"> 297 <img src="https://avatars.githubusercontent.com/GioldDiorld" width="70px;" style="border-radius: 50%;" alt=""/> 298 </a> 299 <br /> 300 <a href="mailto:g.diorld@gmail.com"> 301 <sub><b>Hao Yu</b></sub> 302 </a> 303 </td> 304 <td align="center" width="90"> 305 <a href="https://github.com/Jarvisni"> 306 <img src="https://avatars.githubusercontent.com/Jarvisni" width="70px;" style="border-radius: 50%;" alt=""/> 307 </a> 308 <br /> 309 <a href="mailto:719001405@qq.com"> 310 <sub><b>Ao Yang</b></sub> 311 </a> 312 </td> 313 <td align="center" width="90"> 314 <a href="https://github.com/Zhengxi7"> 315 <img src="https://avatars.githubusercontent.com/Zhengxi7" width="70px;" style="border-radius: 50%;" alt=""/> 316 </a> 317 <br /> 318 <a href="mailto:linzhengxi7@126.com"> 319 <sub><b>Zhengxi Lin</b></sub> 320 </a> 321 </td> 322 </tr> 323 </table> 324 325 #### <img src="img/复旦大学2.png" height="30" align="middle" style="vertical-align: middle;"/> 326 327 <table> 328 <tr> 329 <td align="center" width="120"> 330 <a href="https://yangzhemin.github.io/"> 331 <img src="https://avatars.githubusercontent.com/yangzhemin" width="70px;" style="border-radius: 50%;" alt=""/> 332 </a> 333 <br /> 334 <a href="mailto:yangzhemin@fudan.edu.cn"> 335 <sub><b>Prof. Zhemin Yang</b></sub> 336 </a> 337 </td> 338 <td align="center" width="100"> 339 <a href="https://github.com/kangwei-zhong"> 340 <img src="https://avatars.githubusercontent.com/kangwei-zhong" width="70px;" style="border-radius: 50%;" alt=""/> 341 </a> 342 <br /> 343 <a href="mailto:kwzhong23@m.fudan.edu.cn"> 344 <sub><b>Kangwei Zhong</b></sub> 345 </a> 346 </td> 347 <td align="center" width="90"> 348 <a href="https://github.com/MoonBirdLin"> 349 <img src="https://avatars.githubusercontent.com/MoonBirdLin" width="70px;" style="border-radius: 50%;" alt=""/> 350 </a> 351 <br /> 352 <a href="mailto:linjp23@m.fudan.edu.cn"> 353 <sub><b>Jiapeng Lin</b></sub> 354 </a> 355 </td> 356 <td align="center" width="90"> 357 <a href="https://vanilla-tiramisu.github.io/"> 358 <img src="https://avatars.githubusercontent.com/vanilla-tiramisu" width="70px;" style="border-radius: 50%;" alt=""/> 359 </a> 360 <br /> 361 <a href="mailto:csheng25@m.fudan.edu.cn"> 362 <sub><b>Cheng Sheng</b></sub> 363 </a> 364 </td> 365 </tr> 366 </table> 367 <br> 368 369 ### 👥 Gratitude to Contributing Developers 370 Thanks to all the developers who have contributed to the A.I.G project, Your contributions have been instrumental in making A.I.G a more robust and reliable AI Red Team platform. 371 <br /> 372 <table border="0" cellspacing="0" cellpadding="0"> 373 <tr> 374 <td width="33%"><img src="img/keen_lab_logo.svg" alt="Keen Lab" height="85%"></td> 375 <td width="33%"><img src="img/wechat_security.png" alt="WeChat Security" height="85%"></td> 376 <td width="33%"><img src="img/fit_sec_logo.png" alt="Fit Security" height="85%"></td> 377 </tr> 378 </table> 379 <a href="https://github.com/Tencent/AI-Infra-Guard/graphs/contributors"> 380 <img src="https://contrib.rocks/image?repo=Tencent/AI-Infra-Guard" /> 381 </a> 382 <br> 383 <br> 384 385 ### 🤝 Appreciation for Our Users 386 387 Thanks to the users from the following organizations and teams for using A.I.G and their valuable feedback. 388 389 <br> 390 <div align="center"> 391 <img src="img/tencent.png" alt="Tencent" height="28px"> 392 <img src="img/deepseek.png" alt="DeepSeek" height="38px"> 393 <img src="img/antintl.svg" alt="Antintl" height="45px"> 394 <img src="img/lenovo.png" alt="Lenovo" height="35px"> 395 <img src="img/ICBC.jpg" alt="ICBC" height="40px"> 396 <img src="img/vivo.png" alt="Vivo" height="30px"> 397 <img src="img/oppo.png" alt="Oppo" height="30px"> 398 <img src="img/haier.png" alt="Haier" height="30px"> 399 <img src="img/abc.png" alt="Abc" height="40px"> 400 <img src="img/中国电信.png" alt="中国电信" height="40px"> 401 <img src="img/bilibili.jpg" alt="Bilibili" height="38px"> 402 <img src="img/qunar.png" alt="Qunar" height="35px"> 403 <img src="img/蜜雪冰城.png" alt="蜜雪冰城" height="40px"> 404 <img src="img/IDG.webp" alt="IDG" height="55px"> 405 <img src="img/kingdee.png" alt="kingdee" height="40px"> 406 </div> 407 <br> 408 409 <div align="center"> 410 <img src="img/清华大学.jpg" alt="清华大学" height="40px"> 411 <img src="img/北京大学.png" alt="北京大学" height="40px"> 412 <img src="img/fudan.png" alt="复旦大学" height="40px"> 413 <img src="img/浙江大学.png" alt="浙江大学" height="40px"> 414 <img src="img/南京大学.png" alt="南京大学" height="40px"> 415 <img src="img/An-NajahNationalUniversity.png" alt="An-Najah National University" height="40px"> 416 <img src="img/西安交通大学.png" alt="西安交通大学" height="40px"> 417 <img src="img/南开大学.jpg" alt="南开大学" height="40px"> 418 <img src="img/四川大学.png" alt="四川大学" height="40px"> 419 </div> 420 421 <br> 422 <br> 423 424 ## 💬 Join the Community 425 426 ### 🌐 Online Discussions 427 - **GitHub Discussions**: [Join our community discussions](https://github.com/Tencent/AI-Infra-Guard/discussions) 428 - **Issues & Bug Reports**: [Report issues or suggest features](https://github.com/Tencent/AI-Infra-Guard/issues) 429 430 ### 📱 Discussion Community 431 <table> 432 <thead> 433 <tr> 434 <th>WeChat Group</th> 435 <th>Discord <a href="https://discord.gg/U9dnPnyadZ">[link]</a></th> 436 </tr> 437 </thead> 438 <tbody> 439 <tr> 440 <td><img src="img/wechatgroup.png" alt="WeChat Group" width="200"></td> 441 <td><img src="img/discord.png" alt="discord" width="200"></td> 442 </tr> 443 </tbody> 444 </table> 445 446 ### 📧 Contact Us 447 For collaboration inquiries or feedback, please contact us at: [zhuque@tencent.com](mailto:zhuque@tencent.com) 448 449 ### 🔗 Recommended Security Tools 450 If you are interested in code security, check out [A.S.E (AICGSecEval)](https://github.com/Tencent/AICGSecEval), the industry's first repository-level AI-generated code security evaluation framework open-sourced by the Tencent Wukong Code Security Team. 451 452 453 454 455 <br> 456 <br> 457 458 ## 📖 Citation 459 460 If you use A.I.G in your research, please cite: 461 462 ```bibtex 463 @misc{Tencent_AI-Infra-Guard_2025, 464 author={{Tencent Zhuque Lab}}, 465 title={{AI-Infra-Guard: A Comprehensive, Intelligent, and Easy-to-Use AI Red Teaming Platform}}, 466 year={2025}, 467 howpublished={GitHub repository}, 468 url={https://github.com/Tencent/AI-Infra-Guard} 469 } 470 ``` 471 <br> 472 473 ## 📚 Related Papers 474 475 <details> 476 <summary>We are deeply grateful to the research teams who have used A.I.G in their academic work. Click to expand (17 papers)</summary> 477 <br> 478 479 1. Naen Xu, Jinghuai Zhang, Ping He et al. **"FraudShield: Knowledge Graph Empowered Defense for LLMs against Fraud Attacks."** arXiv preprint arXiv:2601.22485v1 (2026). [[pdf]](http://arxiv.org/abs/2601.22485v1) 480 481 2. Ruiqi Li, Zhiqiang Wang, Yunhao Yao et al. **"MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP."** arXiv preprint arXiv:2601.07395v1 (2026). [[pdf]](http://arxiv.org/abs/2601.07395v1) 482 483 3. Jingxiao Yang, Ping He, Tianyu Du et al. **"HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors."** arXiv preprint arXiv:2601.05587v1 (2026). [[pdf]](http://arxiv.org/abs/2601.05587v1) 484 485 4. Yunyi Zhang, Shibo Cui, Baojun Liu et al. **"Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries."** arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http://arxiv.org/abs/2511.17874v2) 486 487 5. Teofil Bodea, Masanori Misono, Julian Pritzi et al. **"Trusted AI Agents in the Cloud."** arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http://arxiv.org/abs/2512.05951v1) 488 489 6. Christian Coleman. **"Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment."** [[pdf]](https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1138&context=covacci-undergraduateresearch) 490 491 7. Bin Wang, Zexin Liu, Hao Yu et al. **"MCPGuard: Automatically Detecting Vulnerabilities in MCP Servers."** arXiv preprint arXiv:2510.23673v1 (2025). [[pdf]](http://arxiv.org/abs/2510.23673v1) 492 493 8. Weibo Zhao, Jiahao Liu, Bonan Ruan et al. **"When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation."** arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http://arxiv.org/abs/2509.24272v1) 494 495 9. Ping He, Changjiang Li, et al. **"Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools."** arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https://arxiv.org/abs/2509.21011) 496 497 10. Yixuan Yang, Daoyuan Wu, Yufan Chen. **"MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols."** arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https://arxiv.org/abs/2508.13220) 498 499 11. Zexin Wang, Jingjing Li, et al. **"A Survey on AgentOps: Categorization, Challenges, and Future Directions."** arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https://arxiv.org/abs/2508.02121) 500 501 12. Yongjian Guo, Puzhuo Liu, et al. **"Systematic Analysis of MCP Security."** arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https://arxiv.org/abs/2508.12538) 502 503 13. Yuepeng Hu, Yuqi Jia, Mengyuan Li et al. **"MalTool: Malicious Tool Attacks on LLM Agents."** arXiv preprint arXiv:2602.12194 (2026). [[pdf]](https://arxiv.org/abs/2602.12194) 504 505 14. Yi Ting Shen, Kentaroh Toyoda, Alex Leung. **"MCP-38: A Comprehensive Threat Taxonomy for Model Context Protocol Systems (v1.0)."** arXiv preprint arXiv:2603.18063 (2026). [[pdf]](https://arxiv.org/abs/2603.18063) 506 507 15. Yiheng Huang, Zhijia Zhao, Bihuan Chen et al. **"From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers."** arXiv preprint arXiv:2604.01905 (2026). [[pdf]](https://arxiv.org/abs/2604.01905) 508 509 16. Hengkai Ye, Zhechang Zhang, Jinyuan Jia et al. **"TRUSTDESC: Preventing Tool Poisoning in LLM Applications via Trusted Description Generation."** arXiv preprint arXiv:2604.07536 (2026). [[pdf]](https://arxiv.org/abs/2604.07536) 510 511 17. Zenghao Duan, Yuxin Tian, Zhiyi Yin et al. **"SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement."** arXiv preprint arXiv:2604.04989 (2026). [[pdf]](https://arxiv.org/abs/2604.04989) 512 513 514 </details> 515 516 📧 If you have used A.I.G in your research or product, or if we have inadvertently missed your publication, we would love to hear from you! [Contact us here](#-join-the-community). 517 <br> 518 <br> 519 520 ## ⚖️ License & Attribution 521 522 This project is open-sourced under the **Apache License 2.0**. We warmly welcome and encourage community contributions, integrations, and derivative works, subject to the following attribution requirements: 523 524 1. **Retain notices**: You must retain the `LICENSE` and `NOTICE` files from the original project in any distribution. 525 2. **Product attribution**: If you integrate AI-Infra-Guard's core code, components, or scanning engine into your open-source project, commercial product, or internal platform, you must clearly state the following in your **product documentation, usage guide, or UI "About" page**: 526 > "This project integrates [AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard), open-sourced by Tencent Zhuque Lab." 527 3. **Academic & article citation**: If you use this tool in vulnerability analysis reports, security research articles, or academic papers, please explicitly mention "Tencent Zhuque Lab AI-Infra-Guard" and include a link to the repository. 528 529 Repackaging this project as an original product without disclosing its origin is strictly prohibited. 530 531 <div> 532 533 [](https://star-history.com/#Tencent/AI-Infra-Guard&Date)