Introducing AIM: Open Source Security for AI Agents and MCP Servers
Today we're releasing AIM (Agent Identity Management), an open-source platform that brings identity management, security monitoring, and governance to AI agents and MCP servers. With a single line of code, organizations can secure their AI deployments against emerging threats like prompt injection, credential theft, and supply chain attacks.
from aim import secure
# That's it. Your agent is now protected.
agent = secure("my-agent")The Problem: AI Agents Are Everywhere, Security Is Nowhere
AI agents are transforming how organizations work. From data analysis to customer support, from code generation to workflow automation, these agents are accessing databases, APIs, file systems, and external services with increasing autonomy.
But here's the security reality:
- No identity verification — Who deployed this agent? What permissions does it have?
- Shadow MCP servers — Teams spinning up MCP servers without security oversight
- No audit trail — What did this agent access? When? Why?
- Supply chain blindness — Which agents connect to which MCP servers?
- Configuration drift — Is this MCP server still configured as approved?
Recent vulnerabilities like CVE-2025-32711 (EchoLeak) affecting Microsoft Copilot and CVE-2025-49596 targeting MCP servers demonstrate that AI security isn't theoretical—it's an active threat surface.
The Solution: AIM
AIM provides comprehensive security for AI agent deployments through four core capabilities:
Cryptographic Identity
Every agent receives a unique Ed25519 cryptographic identity. No more anonymous agents accessing your infrastructure.
MCP Attestation
Register and cryptographically attest MCP servers. Detect configuration drift and block connections to unapproved servers.
Trust Scoring
Behavioral analysis tracks agent actions over time. Trust scores adapt based on actual behavior, not just static permissions.
Audit Logging
Complete audit trail of every agent action. Query who did what, when, and why. Built for compliance requirements.
Key Features
Zero Configuration
Add one line of code to your agent. AIM handles registration, identity assignment, and monitoring automatically.
Automatic MCP Discovery
AIM discovers MCP servers across your organization. No more shadow IT—see every server, registered or not.
Real-time Security Alerts
Get notified when agents exhibit suspicious behavior, when MCP servers drift from baseline, or when unapproved connections are attempted.
Supply Chain Visibility
Complete dependency graph showing which agents connect to which MCP servers. Understand your AI supply chain at a glance.
Framework Agnostic
Works with LangChain, CrewAI, AutoGen, and any framework that uses MCP. Python SDK available today, more languages coming soon.
Getting Started
Getting started with AIM takes less than 5 minutes:
1. Install the SDK
pip install aim-sdk2. Secure your agent
from aim import secure
agent = secure("my-agent")
# Your agent is now protectedThat's it. Your agent now has a cryptographic identity, activity monitoring, and real-time security protection.
Architecture Overview
AIM is designed for production deployments:
- Go backend for performance and reliability
- PostgreSQL for persistent storage with full audit history
- REST API for programmatic access
- React dashboard for visual monitoring and management
- Docker deployment for easy self-hosting
Self-host for complete control, or use AIM Cloud for managed infrastructure.
Availability
AIM is available today under the AGPL-3.0 open-source license. Organizations can:
- Self-host for free — Full access to all features
- Use AIM Cloud — Managed infrastructure, no setup required
- Enterprise licensing (2026) — For organizations requiring alternative licensing terms
Learn More
Ready to Secure Your AI Agents?
Join organizations already using AIM to protect their AI deployments.