agentic-radar
Agentic Radar is a Python-based security scanner that analyzes LLM agentic workflows to identify vulnerabilities, visualize system architecture, and map detected issues to OWASP frameworks. It supports multiple frameworks (LangGraph, CrewAI, N8N, OpenAI Agents, AutoGen) and includes runtime testing for prompt injection, PII leakage, and harmful content generation.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | splx-ai/agentic-radar |
| Owner | splx-ai |
| Primary language | Python |
| License | Apache-2.0 — OSI-approved |
| Stars | 994 |
| Forks | 137 |
| Open issues | 16 |
| Latest release | v0.14.1 (2025-11-27) |
| Last updated | 2025-11-27 |
| Source | https://github.com/splx-ai/agentic-radar |
What agentic-radar is
The tool performs static analysis of agentic code to extract workflow graphs, enumerate tools and MCP servers, and correlate them against known vulnerabilities. It also supports runtime adversarial testing via the 'test' command for OpenAI Agents, with optional prompt hardening via LLM-assisted system prompt improvement. Generated reports are HTML-based with vulnerability mappings to OWASP LLM Top 10 and Agentic AI threat models.
Get the agentic-radar source
Clone the repository and explore it locally.
git clone https://github.com/splx-ai/agentic-radar.gitcd agentic-radar# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python 3.10+ for CrewAI feature support; OpenAI Agents support requires additional dependencies. Verify target Python version compatibility before installation.
- OpenAI API key is mandatory for prompt hardening and runtime testing features. Budget for API call costs when scanning multiple agents or running frequent tests.
- Static analysis accuracy depends on framework detection quality. Complex or dynamically constructed agents may not be fully enumerated; manual review of generated reports is recommended.
- MCP server detection requires explicit framework support. Not all agent frameworks or custom tool implementations may be discoverable without code modifications.
- Report generation is framework-aware but does not validate tool security postures independently. Vulnerability mappings rely on OWASP models; custom or proprietary tools require manual threat assessment.
When to avoid it — and what to weigh
- No Agentic Framework in Use — This tool is designed for agentic workflows only. Standard LLM applications, RAG systems, or non-agentic AI pipelines will not benefit from its agent-specific analysis.
- Real-time Production Monitoring Needed — Agentic Radar is a static/batch analysis tool. It does not provide continuous runtime monitoring, alerting, or live threat detection for production agent systems.
- Unsupported Framework or Closed-Source Agent Code — The tool requires framework-level introspection or accessible source code. Proprietary or closed-source agentic systems may not be analyzable without significant custom integration work.
- Minimal Security Requirements — If your agentic workflows are isolated, low-risk prototypes or internal-only proof-of-concepts, the overhead of scanning and hardening may outweigh the security benefit.
License & commercial use
Apache License 2.0 (Apache-2.0). This is a permissive OSI-approved license allowing commercial use, modification, and distribution with minimal restrictions. Attribution required; derivative works must retain original license notices. No liability guarantees from licensor.
Apache 2.0 permits commercial use without needing vendor permission. You may use Agentic Radar in proprietary workflows, SaaS offerings, or commercial products. Attribution must be maintained in code/documentation. No warranty or indemnification is provided; commercial users assume all liability for its application. No commercial support or SLA is mentioned in the public repository; verify with vendor (SPLX AI) separately if enterprise support is required.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Agentic Radar is a security scanning tool, not a security solution. It identifies structural vulnerabilities (tool chains, MCP servers) and maps them to OWASP frameworks, but does not guarantee exploit prevention or patch validation. Runtime testing simulates adversarial inputs (prompt injection, PII leakage) but requires OpenAI API access, introducing API key management and data transmission risks. Generated reports contain sensitive data (workflow graphs, tool lists); ensure reports are stored securely and access-controlled. No cryptographic signing, tamper detection, or audit logging is mentioned. Use as a risk assessment tool, not a compliance substitute.
Alternatives to consider
Langchain Security / LangChain Hub Evaluations
Alternative for LangChain-based agents; less comprehensive than Agentic Radar but tightly integrated with LangChain ecosystem. No vulnerability mapping or red-teaming features visible.
OWASP ZAP / Burp Suite (adapted for APIs)
General-purpose security scanners for web/API workflows. Not agentic-aware; require custom configuration to detect agent-specific vulnerabilities and tool chains.
Custom In-House Security Audits
Manual code review and threat modeling by internal security teams. More control and customization but labor-intensive and less scalable across multiple agent projects.
Build on agentic-radar with DEV.co software developers
Scan your agent code for vulnerabilities, visualize workflows, and generate compliance reports in minutes. Get started with pip install agentic-radar.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
agentic-radar FAQ
Does Agentic Radar prevent security breaches in production agents?
What data does the runtime 'test' command send to OpenAI?
Can Agentic Radar scan proprietary or closed-source agentic systems?
Is there commercial support or SLA for Agentic Radar?
Software development & web development with DEV.co
From first prototype to production, DEV.co delivers software development services around tools like agentic-radar. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across ai frameworks and beyond.
Secure Your Agentic Workflows Today
Scan your agent code for vulnerabilities, visualize workflows, and generate compliance reports in minutes. Get started with pip install agentic-radar.