Part of the security infrastructure for AI agents

Star the project that secures AI agents.

OpenA2A ships open source security tools for the agents already running in production. Apache 2.0. No telemetry. No account required to try them.

$gh repo star opena2a-org/opena2a
Star on GitHubView all repos

Why your star matters

Open source security work is paid for in attention, not just commits. A star is the smallest unit of attention you can give, and it compounds.

Signal to other developers

Stars are how AI engineers discover security tools that work. A star tells the next person looking at the same problem that the project is real.

Funds open source maintenance

Stars surface our work to sponsors, conference reviewers, and standards bodies. That is how the tools stay free and Apache 2.0.

Shapes the roadmap

Repositories with traction get more issues, more pull requests, and faster fixes. Your star is a vote on what we focus on next.

The repositories

Each repo solves a distinct part of the agent security problem. Star the ones you use.

opena2a

Unified CLI. One install for credential checks, governance scans, and identity onboarding.

Star opena2a

hackmyagent

Security scanner with 209 static, 29 semantic, and 164 adversarial checks. OASB benchmarking and ARP runtime monitoring included.

Star hackmyagent

secretless-ai

Keeps credentials out of AI coding tool context windows. PreToolUse hooks for Claude Code, Cursor, Copilot, and Windsurf.

Star secretless-ai

agent-identity-management

Cryptographic identity, capability policies, trust scoring, and tamper-evident audit trail for AI agents.

Star agent-identity-management

damn-vulnerable-ai-agent

14 intentionally vulnerable agents, 12 vulnerability categories, 22 CTF challenges across 3 protocols. A training ground for red teams and defenders.

Star damn-vulnerable-ai-agent

OASB

222 standardized attack scenarios for benchmarking AI agent security. Mapped to MITRE ATLAS.

Star OASB

Try first. Star after.

No signup. No config. Run the canonical commands and decide for yourself.

# Block AI tools from reading credentials
$ npx secretless-ai init
# Run a security review on this project
$ npx opena2a-cli review
# Scan for vulnerabilities and attack payloads
$ npx hackmyagent secure

What every repo gives you

The same standards across the org. No surprises in the package you star.

  • Apache 2.0 license. Permissive. Self host forever.
  • No required telemetry. Your data stays on your machine.
  • Reproducible builds. SLSA v1 provenance attestations on npm.
  • HackMyAgent 0.22.2 and opena2a-cli 0.10.2. Active release cadence.
  • Public roadmap. Decisions in the open via GitHub issues.
  • Security disclosure process for every repo. Coordinated, not punitive.

One click. Real signal.

If the tools have helped you, a star is the simplest way to give back.

$gh repo star opena2a-org/opena2a
Star on GitHubRead the CLI docs