About OpenA2A

Open-source security infrastructure for AI agents — not humans or services repurposed as agents.

The Problem

AI agents are already making decisions, calling APIs, and accessing production data — without identity, visibility, or accountability. One compromised or misaligned agent can silently exfiltrate data, escalate privileges, or delete critical systems, and most organizations won't notice until damage is done.

What We Do

We build open-source security infrastructure for AI agents — not humans or services repurposed as agents. 11 npm packages published, 8,300+ monthly downloads, 6 security PRs accepted into OpenClaw (205K+ stars), and 2,500+ lines of security code merged into projects used by millions.

AI agents should be powerful — but never unaccountable.

What We Build

AIMAgent Identity Management

Cryptographic identity, MCP server attestation, trust scoring, capability-based access control, and tamper-proof audit trails. One line of code.

HackMyAgent

147+ security checks, 75 adversarial attack payloads, auto-fix with rollback, and OASB-1 compliance scoring. First scanner to detect CVE-2026-25253.

Secretless AI

Keeps secrets out of AI context windows. PreToolUse hooks block credential access across Claude Code, Cursor, Copilot, and Windsurf.

ARPAgent Runtime Protection

Multi-layer runtime security monitoring OS-level activity and AI-layer traffic with enforcement.

DVAADamn Vulnerable AI Agent

10 intentionally vulnerable agents, 8 attack classes, and CTF challenges for learning and red-teaming.

OASBOpen Agent Security Benchmark

222 attack scenarios across 10 MITRE ATLAS techniques for evaluating agent runtime protection.

Leadership

Abdel Fane

Founder & CEO

Abdel Fane

I build the tools and teams that secure AI agents.

CEO & Founder, OpenA2A

I lead the team building the open-source security infrastructure for AI agents. Our ecosystem — AIM, HackMyAgent, Secretless AI, ARP, DVAA, and the Open Agent Security Benchmark — answers the three questions every organization deploying AI agents must address: Who is this agent? What is it allowed to do? What did it actually do?

Executive Director, CyberSecurity NonProfit (CSNP)

I oversee a 12,500+ member global community across 16 chapters dedicated to making cybersecurity education accessible to everyone — from families and seniors to schools and small businesses.

Co-Creator, QRAMMQuantum Readiness Assurance Maturity Model

Our team developed the enterprise framework organizations use to assess and prepare for the post-quantum cryptographic transition.

Background

20 years of technology and cybersecurity leadership across healthcare, financial services, technology, government, energy, consulting, insurance, and pharmaceuticals.

MetaNorthwestern MutualMerckBHP MiningBooz Allen HamiltonAllstateEquifaxU.S. Dept. of Veterans Affairs

Masters in Cyber Forensics & Security

CSNP.orgQRAMM.org

Why Open Source?

Transparency

Security tools should be auditable. You can inspect every line of code that protects your AI infrastructure.

Community

The best security comes from collective knowledge. We build with the community, not in isolation.

No Lock-in

Self-host forever. Your security shouldn't depend on a vendor's business model or pricing changes.

Our core tools are open source, Apache-2.0 licensed. From the founders of CyberSecurity NonProfit (CSNP), serving 12,500+ security professionals across 16 chapters.

If you're building AI agents, secure them. If you're deploying them, verify them. If you're auditing them, verify the trail.

Get StartedRead the Docs

Get in Touch

Questions about AIM? Want to contribute? We'd love to hear from you.

info@opena2a.orgGitHub