All projects.
The OpenA2A security stack spans three GitHub organizations. Products to install, specifications to implement, and upstream projects where security fixes flow back to maintainers.
Products
Installable security tools. Each runs standalone or together through the opena2a CLI.
github.com/opena2a-orgopena2a
Unified CLI for the OpenA2A security toolchain. Shadow AI detection, identity, governance, scanning, protection.
npx opena2a-cli reviewHackMyAgent
209 static security checks, 29 NanoMind semantic checks, and 164 adversarial payloads for AI agents.
npx hackmyagent secureAIM
Cryptographic identity, capability authorization, and audit trails for AI agents. Python, Java, TypeScript SDKs.
pip install aim-sdkSecretless AI
Keep API keys invisible to AI coding tools. Claude Code, Cursor, Copilot, Windsurf, Cline, Aider.
npx secretless-ai initai-trust
Trust score for AI packages before you install them. MCP servers, A2A agents, skills, LLM packages.
npx ai-trust check <pkg>NanoMind
On-device intelligence for AI security tools. A 2M-param classifier and a 1.7B-param analyst.
npm install @nanomind/cliBrowser Guard
Detect and control AI agents in the browser.
Chrome Web StoreDVAA
Intentionally vulnerable AI agents for security training and tool validation. The DVWA of AI agents.
docker run opena2a/dvaaStandards
Open specifications for AI agent identity, trust, threat modeling, and conformance.
opena2a-parity moved here per the standards launch plan but is functionally an internal CLI parity harness. Possible move back to opena2a-org as a tool in a follow-up.
github.com/opena2a-standardsAgent Identity Protocol (AIP)
Open standard for AI agent identity, capabilities, and trust.
Agent Trust Protocol (ATP)
Open standard for verifiable trust assertions about AI agents.
ATX
Agent Trust eXtension credential format and protocol architecture.
Agent Threat Matrix
Tactics and techniques for attacks on AI agent systems. 57 techniques across 9 tactics, mapped to MITRE, ATLAS, and OWASP.
ABGS
Agent Behavioral Governance Specification. What goes in a SOUL.md file.
AIIS Signatures
AI Injection Signature Standard. YARA-style signatures for AI agent prompt injections in web content.
OASB
Open Agent Security Benchmark. 222 attack scenarios mapped to MITRE ATLAS, with a product-agnostic adapter interface.
OTel SemConv for agent identity
OpenTelemetry semantic conventions for AI agent authorization observability.
ATX Conformance
Reference verifiers and fixtures for ATX v1.0 (Agent Trust Credential).
A2A-IDF Conformance
Canonical conformance suite for A2A-IDF (Agent-to-Agent Identity Framework, a2aproject/A2A#1496).
A2A-IDF SDK
TypeScript SDK for A2A-IDF. RFC 9421 + Ed25519 wire signatures, attestation envelopes, delegation chains. Paired with the A2A-IDF conformance suite.
Upstream contributions
Forks of upstream projects. Security fixes from HackMyAgent scans flow back to the upstream maintainers.
github.com/opena2a-upstreamopenclaw
Fork of an upstream AI assistant. 8 security PRs, 7 merged. 205K+ stars on the parent project.
modelcontextprotocol
Model Context Protocol specification. Security Extension Proposal work in flight.
A2A
Agent2Agent protocol. A2A-IDF identity framework PR #1496 in flight.
NemoClaw
NVIDIA plugin for secure installation of the upstream AI assistant. Active vulnerability research target.
nanobot
Ultra-lightweight AI assistant variant.
typescript-sdk
Official TypeScript SDK for the Model Context Protocol.
python-sdk
Official Python SDK for the Model Context Protocol.
registry
Community-driven registry service for MCP servers.
servers
Reference Model Context Protocol servers.
conformance
Conformance tests for MCP.
ext-auth
MCP authorization extensions.
trust
Trust resource fork from the upstream AI assistant project.
skills
Archive of upstream AI assistant skills.