Part of the security infrastructure for AI agents

The AI agent security lifecycle.

Open source tools covering build, scan, protect, verify, monitor, and train. Each tool runs standalone. The OpenA2A CLI ties them together.

$ npx opena2a-cli review

30 second security assessment. No account required.

Three pillars. Six stages.

Discover risk on your agent surface. Defend credentials, access, and runtime behavior. Validate trust and benchmark compliance.

Discover

Identify risk across your AI agent surface.

Defend

Protect credentials, access, and runtime behavior.

Validate

Verify trust, benchmark compliance, train teams.

Unified entry point that orchestrates every OpenA2A tool through adapter commands

209 static checks, 29 semantic checks, and 164 adversarial payloads with auto remediation and rollback

Keeps credentials out of AI context windows across Claude Code, Cursor, Copilot, and Windsurf

Cryptographic identity, capability policies, trust scoring, and audit logging for AI agents

222 standardized attack scenarios across 8 vulnerability categories with compliance scoring

Runtime Protection

Runtime process, network, and filesystem monitoring with protocol aware AI endpoint detection

AI Browser Guard

Chrome extension that detects, monitors, and controls AI agents operating in your browser

Deliberately vulnerable AI agent platform with 14 agents, 22 CTF challenges, and 3 protocol types

Trust verification CLI for AI packages

Start here.

Pick the path that fits how you work today. Every tool is open source and runs locally.

I am building an agent

Run a full security review. Credential scan, config integrity, Shield posture, and deep scan in one command.

$ npx opena2a-cli review

I am auditing agents

209 static checks plus 164 adversarial payloads. OASB compliance benchmark and auto remediation.

$ npx hackmyagent scan

I am evaluating the ecosystem

Understand how the tools fit together. Then try the CLI on any project in 30 seconds.

Read the architecture

All tools.

Each tool works standalone. The OpenA2A CLI ties them together through a unified interface.

OpenA2A CLI

Build

Unified entry point that orchestrates every OpenA2A tool through adapter commands.

WHODeveloper / DevOps / Security

HOWCLI

$ npx opena2a-cli review

Trust score 0 to 100
Scope drift detection
Config integrity signing
Shadow AI discovery

HackMyAgent

Scan

209 static checks, 29 semantic checks, and 164 adversarial payloads with auto remediation and rollback.

WHOSecurity / Developer

HOWCLI / Library

$ npx hackmyagent scan

209 static + 29 semantic checks
164 adversarial payloads
Auto remediation with rollback
OASB compliance reports

Secretless AI

Protect

Keeps credentials out of AI context windows across Claude Code, Cursor, Copilot, and Windsurf.

WHODeveloper / DevOps

HOWCLI / Hook

$ npx secretless-ai init

49 credential patterns
Multi backend storage
MCP server encryption
Transcript DLP scanning

AIM

Build

Cryptographic identity, capability policies, trust scoring, and audit logging for AI agents.

WHOEnterprise / DevOps / Security

HOWDocker / SDK / API

$ docker compose up

Ed25519 identity
Policy as code
8 factor trust score
MCP attestation

OASB

Scan

222 standardized attack scenarios across 8 vulnerability categories with compliance scoring.

WHOSecurity / Compliance

HOWCLI / Library

$ npx opena2a-cli benchmark

222 test scenarios
8 attack categories
3 maturity levels
Compliance reports

Runtime Protection

Monitor

Runtime process, network, and filesystem monitoring with protocol aware AI endpoint detection.

WHODevOps / Security

HOWCLI

$ npx opena2a-cli runtime start

Process monitoring
Network inspection
MCP, A2A, and OpenAI detection
Filesystem watching

AI Browser Guard

Protect

Chrome extension that detects, monitors, and controls AI agents operating in your browser.

WHOEnd User / Security

HOWChrome Extension

$ Install from Chrome Web Store

3 layer agent detection
Emergency kill switch
Delegation wizard
Session timeline

DVAA

Train

Deliberately vulnerable AI agent platform with 14 agents, 22 CTF challenges, and 3 protocol types.

WHOSecurity / Trainer

HOWDocker

$ docker pull opena2a/dvaa

14 vulnerable agents
12 vulnerability categories
22 CTF challenges
MCP, A2A, and OpenAI

ai-trust

Verify

Trust verification CLI for AI packages. Queries OpenA2A community trust data for security scans, dependency risk, and known advisories.

WHODeveloper / DevOps

HOWCLI

$ npx ai-trust check <package>

Single package trust lookup
Dependency audit
Batch verification
5 trust levels
Scan on demand
Community contributions

Coverage matrix.

Map your threat model to the right tools. Every row is covered by at least two tools.

Threat	CLI	HMA	Secretless	AIM	OASB	Runtime	ai-trust	Guard	DVAA
Hardcoded credentials	.			.		.	.	.	.
Prompt injection	.		.	.		.	.	.
MCP config tampering			.	.	.			.	.
Scope drift		.		.	.	.	.	.	.
Unauthorized agent access	.	.	.		.		.		.
Supply chain risk		.	.	.		.		.	.
Data exfiltration	.	.		.			.	.	.
Privilege escalation	.		.			.	.	.	.

Standards and governance.

Tools alone do not make agents safe. The OpenA2A spec, the SOUL.md governance file, and the Open Agent Security Benchmark give you a shared vocabulary to design, score, and verify agent behavior.

SOUL.md

Behavioral governance file. Tier aware profiles for conversational, code assistant, tool agent, autonomous, and orchestrator agents.

OASB

Open Agent Security Benchmark. 222 standardized attack scenarios across 8 categories at 3 maturity levels.

Architecture

How the registry, identity, and tool surfaces fit together. Read this to understand the ecosystem end to end.

One command. Every tool.

The OpenA2A CLI version 0.10.2 delegates to HackMyAgent 0.23.0, Secretless AI, AIM, and ai-trust through a single interface. Pick a tool above or run the unified review.

$ npx opena2a-cli review

Explore the CLI View on GitHub