DEV.co
Open-Source Security · Tencent

AI-Infra-Guard

AI-Infra-Guard is an open-source red teaming platform from Tencent that scans AI systems, agents, skills, and LLMs for security vulnerabilities including jailbreaks and prompt injection attacks. It provides multiple scanning modules (OpenClaw Security Scan, Agent Scan, Skills Scan, MCP Scan, AI Infra Scan) accessible via web UI, Docker, or programmatic API.

Source: GitHub — github.com/Tencent/AI-Infra-Guard
4.1k
GitHub stars
393
Forks
Python
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryTencent/AI-Infra-Guard
OwnerTencent
Primary languagePython
LicenseApache-2.0 — OSI-approved
Stars4.1k
Forks393
Open issues18
Latest releasev4.1.15 (2026-06-25)
Last updated2026-07-08
Sourcehttps://github.com/Tencent/AI-Infra-Guard

What AI-Infra-Guard is

Python-based full-stack platform offering integrated vulnerability detection across AI components (68+ AI frameworks), LLM jailbreak evaluation, MCP server scanning, agent security assessment, and skill trust validation. Recent releases (v4.1.10–v4.1.15) expanded CVE coverage to 600+ rules, added WebSocket agent support, and introduced threat detection for tool poisoning and credential exfiltration.

Quickstart

Get the AI-Infra-Guard source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Tencent/AI-Infra-Guard.gitcd AI-Infra-Guard# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Pre-deployment AI agent and LLM security validation

Use Agent Scan and Prompt Security modules to identify jailbreak vectors, prompt injection risks, and unsafe skill implementations before production deployment.

Continuous AI security posture assessment

Integrate aig-skill-scan into CI/CD pipelines for automated agent skill audits aligned with SkillTrustBench taxonomy; integrate full platform into enterprise security scanning workflows.

Vulnerability management for AI infrastructure

Leverage AI Infra Scan to detect known CVEs across 68+ AI components (e.g., llama.cpp, vLLM, LOLLMS) with 600+ rules; track emerging vulnerabilities through regular updates.

Implementation considerations

  • Requires Docker 20.10+ and 4GB+ RAM minimum; 10GB+ disk space recommended. Docker Compose V2+ syntax supported; verify your container runtime version before deployment.
  • No built-in authentication; restrict network access and deploy only in trusted internal environments. Requires reverse proxy or firewall rules if accessed remotely.
  • LLM API key management: model.token field now optional (v4.1.15) with system default fallback; review how credentials are stored and rotated in your environment.
  • Integration points: web UI at `http://localhost:8088`, REST API for programmatic access, OpenClaw skill integration via `aig-scanner` or `aig-agent-redteam` skills, pip-installable `aig-skill-scan` for CI/CD.
  • Skill assessment aligns with SkillTrustBench T01–T09 taxonomy (credential exfiltration, tool poisoning, command injection, etc.); map these to your internal risk classification scheme.

When to avoid it — and what to weigh

  • Requiring authentication and role-based access control — README explicitly states project lacks authentication and should not be deployed on public networks; intended for internal enterprise use only. RBAC features not mentioned in data.
  • Need for guarantee of detection accuracy without tuning — Data does not specify false positive/negative rates, detection accuracy benchmarks, or claim to catch all vulnerability classes. Requires validation against your threat model.
  • Expecting commercial support or SLA guarantees — Community-driven open-source project. Unknown commercial support model or upstream response commitments. No SLA or guaranteed patching timeline documented.
  • Isolated scanning without AI system integration — Designed as a full-stack platform requiring integration with your AI infrastructure (agents, LLMs, MCP servers). Not a standalone static analysis tool for offline code review.

License & commercial use

Apache License 2.0 (permissive OSI license). Allows commercial use, modification, and distribution with attribution. Derivative works must retain the Apache 2.0 license. No patent grant restrictions noted in standard Apache 2.0 terms.

Apache 2.0 permits commercial deployment and use. However: (1) no explicit commercial support or warranty is documented; (2) project README notes it is 'for internal use by enterprises or individuals' and lacks authentication, suggesting it is not intended as a commercial SaaS product; (3) reliance on upstream LLM APIs (e.g., OpenClaw, DeepSeek) may incur API costs; (4) Tencent may change the project, roadmap, or licensing at any time. Recommend legal review before embedding in critical commercial workflows.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Platform design: intended for AI red teaming (adversarial testing), so it will attempt jailbreaks, prompt injection, and other attack vectors as part of normal operation. Operational security: lacks authentication and should not be internet-exposed. Network isolation required. LLM API keys must be managed securely (v4.1.15 introduced optional token handling with system defaults). Scanning coverage: 68 AI components and 600+ CVE rules documented; no third-party security audit or penetration test results provided. Artifact handling: unknown if scan results (potentially containing sensitive model outputs, LLM prompts, credentials) are logged, encrypted, or retained. Upstream risks: depends on external LLM APIs (DeepSeek, etc.) and OpenClaw; no offline mode mentioned.

Alternatives to consider

Garak (National Cybercareer Centre Canada)

Open-source LLM security testing framework. Focused narrowly on prompt injection and jailbreak evaluation; lacks agent/MCP/infra scanning and full-stack platform features. Lighter-weight alternative if you only need LLM red teaming.

OpenAI Red Teaming / Internal Red Teaming Suites

Proprietary, model-specific, or research-only tooling. May have higher accuracy on specific models but not portable across enterprises or open-source agents. Commercial support available, but licensing and cost differ significantly.

Hugging Face SafetyKit / Community Security Tools

Lightweight, modular open-source components for prompt security or model evaluation. Lack the integrated agent/MCP/infra scanning and comprehensive CVE rule library; suitable for targeted, ad-hoc testing rather than enterprise-wide posture assessment.

Software development agency

Build on AI-Infra-Guard with DEV.co software developers

Get started with AI-Infra-Guard: deploy via Docker in minutes, scan your agents and LLMs for vulnerabilities, and integrate security testing into your CI/CD pipeline. Review documentation and try the platform on your internal network.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

AI-Infra-Guard FAQ

Can I use AI-Infra-Guard in production on the internet?
No. README states the project lacks authentication and should not be deployed on public networks; it is intended for internal enterprise or individual use. Deploy behind a VPN, firewall, or on an isolated network only.
Does it support my LLM provider (OpenAI, Claude, Anthropic, etc.)?
Unknown from the data provided. Recent releases reference DeepSeek and OpenClaw integration; documentation at https://tencent.github.io/AI-Infra-Guard/ likely lists supported providers. Review integrations before deployment.
What is the cost and is there commercial support?
AI-Infra-Guard itself is free (Apache 2.0). Costs may arise from LLM API calls (OpenClaw, DeepSeek, etc.) during scanning. No commercial support plan is documented; community support via GitHub issues. Tencent offers a Pro version (requires invitation code) with advanced features; terms unknown.
How accurate is the vulnerability detection?
Data does not specify false positive rates, detection recall, or benchmark results. 600+ CVE rules and 68 AI components are covered; validation against your threat model is required before relying on results for critical decisions.

Custom software development services

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If AI-Infra-Guard is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.

Secure Your AI Infrastructure Today

Get started with AI-Infra-Guard: deploy via Docker in minutes, scan your agents and LLMs for vulnerabilities, and integrate security testing into your CI/CD pipeline. Review documentation and try the platform on your internal network.