DEV.co
AI Frameworks · splx-ai

agentic-radar

Agentic Radar is a Python-based security scanner that analyzes LLM agentic workflows to identify vulnerabilities, visualize system architecture, and map detected issues to OWASP frameworks. It supports multiple frameworks (LangGraph, CrewAI, N8N, OpenAI Agents, AutoGen) and includes runtime testing for prompt injection, PII leakage, and harmful content generation.

Source: GitHub — github.com/splx-ai/agentic-radar
994
GitHub stars
137
Forks
Python
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorysplx-ai/agentic-radar
Ownersplx-ai
Primary languagePython
LicenseApache-2.0 — OSI-approved
Stars994
Forks137
Open issues16
Latest releasev0.14.1 (2025-11-27)
Last updated2025-11-27
Sourcehttps://github.com/splx-ai/agentic-radar

What agentic-radar is

The tool performs static analysis of agentic code to extract workflow graphs, enumerate tools and MCP servers, and correlate them against known vulnerabilities. It also supports runtime adversarial testing via the 'test' command for OpenAI Agents, with optional prompt hardening via LLM-assisted system prompt improvement. Generated reports are HTML-based with vulnerability mappings to OWASP LLM Top 10 and Agentic AI threat models.

Quickstart

Get the agentic-radar source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/splx-ai/agentic-radar.gitcd agentic-radar# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Pre-deployment Security Assessment

Generate comprehensive vulnerability reports for agentic workflows before production deployment. Identify tool chains, MCP integrations, and map known CVEs or attack vectors specific to your agent configuration.

Red-Teaming and Adversarial Testing

Run runtime tests to simulate prompt injection, PII leakage, and harmful content generation attacks. Useful for security teams validating agent robustness against OWASP LLM Top 10 vectors before release.

DevSecOps CI/CD Integration

Embed agentic-radar in build pipelines to automatically scan code commits and flag security issues early. Generate shareable HTML reports for compliance and security review boards.

Implementation considerations

  • Requires Python 3.10+ for CrewAI feature support; OpenAI Agents support requires additional dependencies. Verify target Python version compatibility before installation.
  • OpenAI API key is mandatory for prompt hardening and runtime testing features. Budget for API call costs when scanning multiple agents or running frequent tests.
  • Static analysis accuracy depends on framework detection quality. Complex or dynamically constructed agents may not be fully enumerated; manual review of generated reports is recommended.
  • MCP server detection requires explicit framework support. Not all agent frameworks or custom tool implementations may be discoverable without code modifications.
  • Report generation is framework-aware but does not validate tool security postures independently. Vulnerability mappings rely on OWASP models; custom or proprietary tools require manual threat assessment.

When to avoid it — and what to weigh

  • No Agentic Framework in Use — This tool is designed for agentic workflows only. Standard LLM applications, RAG systems, or non-agentic AI pipelines will not benefit from its agent-specific analysis.
  • Real-time Production Monitoring Needed — Agentic Radar is a static/batch analysis tool. It does not provide continuous runtime monitoring, alerting, or live threat detection for production agent systems.
  • Unsupported Framework or Closed-Source Agent Code — The tool requires framework-level introspection or accessible source code. Proprietary or closed-source agentic systems may not be analyzable without significant custom integration work.
  • Minimal Security Requirements — If your agentic workflows are isolated, low-risk prototypes or internal-only proof-of-concepts, the overhead of scanning and hardening may outweigh the security benefit.

License & commercial use

Apache License 2.0 (Apache-2.0). This is a permissive OSI-approved license allowing commercial use, modification, and distribution with minimal restrictions. Attribution required; derivative works must retain original license notices. No liability guarantees from licensor.

Apache 2.0 permits commercial use without needing vendor permission. You may use Agentic Radar in proprietary workflows, SaaS offerings, or commercial products. Attribution must be maintained in code/documentation. No warranty or indemnification is provided; commercial users assume all liability for its application. No commercial support or SLA is mentioned in the public repository; verify with vendor (SPLX AI) separately if enterprise support is required.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Agentic Radar is a security scanning tool, not a security solution. It identifies structural vulnerabilities (tool chains, MCP servers) and maps them to OWASP frameworks, but does not guarantee exploit prevention or patch validation. Runtime testing simulates adversarial inputs (prompt injection, PII leakage) but requires OpenAI API access, introducing API key management and data transmission risks. Generated reports contain sensitive data (workflow graphs, tool lists); ensure reports are stored securely and access-controlled. No cryptographic signing, tamper detection, or audit logging is mentioned. Use as a risk assessment tool, not a compliance substitute.

Alternatives to consider

Langchain Security / LangChain Hub Evaluations

Alternative for LangChain-based agents; less comprehensive than Agentic Radar but tightly integrated with LangChain ecosystem. No vulnerability mapping or red-teaming features visible.

OWASP ZAP / Burp Suite (adapted for APIs)

General-purpose security scanners for web/API workflows. Not agentic-aware; require custom configuration to detect agent-specific vulnerabilities and tool chains.

Custom In-House Security Audits

Manual code review and threat modeling by internal security teams. More control and customization but labor-intensive and less scalable across multiple agent projects.

Software development agency

Build on agentic-radar with DEV.co software developers

Scan your agent code for vulnerabilities, visualize workflows, and generate compliance reports in minutes. Get started with pip install agentic-radar.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

agentic-radar FAQ

Does Agentic Radar prevent security breaches in production agents?
No. Agentic Radar is a vulnerability scanner and risk assessment tool. It identifies potential issues and generates reports; it does not actively block, patch, or mitigate vulnerabilities in running systems. Use it as part of a broader security strategy, not as a standalone defense.
What data does the runtime 'test' command send to OpenAI?
The test command sends agentic workflow descriptions and adversarial test inputs to OpenAI API for execution and evaluation. Review OpenAI's data handling policies and ensure you have permission to share your agent code and logic with OpenAI before enabling this feature.
Can Agentic Radar scan proprietary or closed-source agentic systems?
Static analysis requires accessible source code or framework-level introspection. Closed-source or obfuscated agents may not be fully analyzable. Contact SPLX AI for custom integration options if needed.
Is there commercial support or SLA for Agentic Radar?
Not clearly stated in public documentation. Community support is available via Discord/Slack. For enterprise support, SLAs, or dedicated assistance, contact SPLX AI directly.

Software development & web development with DEV.co

From first prototype to production, DEV.co delivers software development services around tools like agentic-radar. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across ai frameworks and beyond.

Secure Your Agentic Workflows Today

Scan your agent code for vulnerabilities, visualize workflows, and generate compliance reports in minutes. Get started with pip install agentic-radar.