A Red Team agent finds the vulnerability. A sandboxed Docker environment confirms it's real. A Blue Team agent patches it. Automatically.
Aegis is an open-source, locally-run AI security pipeline that closes the loop between vulnerability detection and remediation β powered by any LLM (Gemini, GPT-4, Claude) via LiteLLM.
Most security tools tell you what is broken. Aegis tells you and fixes it, with proof.
Your Code
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AEGIS PIPELINE β
β β
β Phase 1: RED TEAM Phase 2: SANDBOX Phase 3: BLUE TEAM β
β ββββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β LLM scans ββββββββΆ β Docker runs ββββββββΆ β LLM writes β β
β β codebase for β β exploit to β β secure patch β β
β β CVEs + writesβ β verify it's β β + validates β β
β β exploit code β β real β β the fix β β
β ββββββββββββββββ βββββββββββββββ βββββββββββββββ β
β β
β Phase 4: VALIDATION β Sandbox re-runs exploit against patched code β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
secure_app.py (patched, validated output)
The key insight: Most LLM security tools skip the sandbox. Aegis actually runs the generated exploit in an isolated Docker container to confirm the vulnerability exists before wasting time patching phantom issues. If the exploit fails, Aegis reports the app as secure and stops.
- Red Team Agent β Analyzes your entire codebase context (not just one file) and generates structured exploit code with CVE classification and severity rating (CRITICAL / HIGH / MEDIUM / LOW)
- Sandboxed Verification β Exploits run in an ephemeral Docker container with
--network noneand a 15-second hard timeout. No network access. Container destroyed after each run. - Blue Team Agent β Reads both the vulnerable code and the confirmed exploit to generate a targeted, minimal patch with a confidence score (1β100)
- Fix Validation β The same exploit is run against the patched code to confirm the vulnerability is actually closed
- Full Codebase Context β A RAG-like context engine loads your entire repository before analysis, so the agents understand the full architecture, not just the file being targeted
- CI/CD Integration β Includes a FastAPI GitHub webhook server that triggers the full pipeline automatically on every pull request
- Multi-Model Support β Swap between Gemini, GPT-4, Claude, or any LiteLLM-compatible model via a single env variable
- Python 3.10+
- Docker Desktop installed and running
- An API key for at least one LLM provider (Gemini, OpenAI, or Anthropic)
# 1. Clone the repo
git clone https://github.com/NiShITa-code/aegis.git
cd aegis/aegis_core
# 2. Install dependencies
pip install -r requirements.txt
# 3. Set your API key (choose one)
export GEMINI_API_KEY=your_key_here
# export OPENAI_API_KEY=your_key_here
# export ANTHROPIC_API_KEY=your_key_here
# 4. Run Aegis on the included vulnerable demo app
python orchestrator.py vuln_app.py==================================================
π‘οΈ WELCOME TO AEGIS: THE GOD-MODE AI APPSEC PLATFORM π‘οΈ
==================================================
Targeting Codebase: vuln_app.py
--- PHASE 1: RED TEAM ATTACK ---
[Aegis - Context Engine] Scanning repository...
[Aegis - Red Team Agent] Analyzing target code strictly...
[Aegis - Red Team Agent] π΅οΈ Vulnerability Found: SQL Injection (CRITICAL)
[Aegis - Red Team Agent] π― Structured exploit generated and saved.
--- PHASE 2: EXPLOIT VERIFICATION ---
[Aegis - Sandbox Judge] π³ Spinning up secure Docker container...
[Aegis - Sandbox Judge] π΄ VULNERABILITY CONFIRMED: The exploit was successful.
--- PHASE 3: BLUE TEAM REMEDIATION ---
[Aegis - Blue Team Agent] π οΈ Fix Plan: Replaced string interpolation with parameterized queries
[Aegis - Blue Team Agent] π Confidence Score: 97/100
[Aegis - Blue Team Agent] π‘οΈ Secure refactoring complete!
--- PHASE 4: VALIDATING THE FIX ---
β
SUCCESS: The refactored code successfully blocked the exploit!
β
Secure code saved to: vuln_app_secure.py
==================================================
python orchestrator.py path/to/your_app.pyAegis includes a webhook server that automatically triggers the pipeline on every pull request.
# Start the webhook server
python server.py
# Aegis listens on http://0.0.0.0:8000/github-webhook
# Configure this URL in your GitHub repo:
# Settings β Webhooks β Add webhook β Content type: application/json
# Events: Pull requestsWhen a PR is opened, updated, or reopened, Aegis automatically runs the full RedβSandboxβBlueβValidate pipeline and logs the results.
Copy .env.example to .env and set your preferences:
cp .env.example .env| Variable | Default | Description |
|---|---|---|
AEGIS_MODEL |
gemini/gemini-1.5-pro |
LLM model to use (any LiteLLM-compatible model) |
GEMINI_API_KEY |
β | Google Gemini API key |
OPENAI_API_KEY |
β | OpenAI API key |
ANTHROPIC_API_KEY |
β | Anthropic Claude API key |
Switching models:
# Use GPT-4o
export AEGIS_MODEL=gpt-4o
# Use Claude
export AEGIS_MODEL=anthropic/claude-opus-4-6
# Use any other LiteLLM-supported model
export AEGIS_MODEL=ollama/codellama # local model, no API key neededaegis_core/
βββ orchestrator.py # Main pipeline β runs all 4 phases in sequence
βββ agent_red.py # Red Team agent β vulnerability detection + exploit generation
βββ agent_blue.py # Blue Team agent β secure patch generation
βββ sandbox.py # Docker-isolated exploit execution + validation
βββ context_loader.py # RAG-like codebase context loader
βββ server.py # FastAPI GitHub webhook server for CI/CD
βββ vuln_app.py # Demo: intentionally vulnerable app (SQL injection)
βββ requirements.txt # Python dependencies
Aegis is model-agnostic and will identify any vulnerability the underlying LLM can reason about. Tested with:
- SQL Injection (included demo)
- Command Injection
- Path Traversal
- Insecure Deserialization
- Hardcoded Credentials
- Broken Authentication Logic
Aegis is designed for authorized security testing only:
- All exploits run inside Docker containers with
--network none(zero internet access) - Containers are destroyed immediately after execution (
--rmflag) - Hard 15-second timeout kills any runaway exploit
- Aegis never auto-submits patches β you review the generated
*_secure.pyfile before using it - Never run Aegis on code you don't own or have explicit permission to test
- Multi-language support (JavaScript/TypeScript, Go, Java)
- GitHub Actions integration (run as a workflow, not just a webhook)
- Batch scanning of entire repositories
- Structured JSON report output
- Support for OWASP Top 10 benchmark evaluation
- Web UI dashboard
Contributions welcome β see CONTRIBUTING.md.
The core insight driving Aegis is that existing static analysis tools produce too many false positives, and LLM-based tools that don't verify exploits dynamically can't be trusted. By combining LLM reasoning with sandboxed dynamic execution, Aegis only flags vulnerabilities it can prove are real.
Aegis is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
- Free for personal use, research, and open-source projects
- Free for companies using it internally (not as a service)
- If you offer Aegis as a hosted/commercial service, you must either open-source your entire stack (AGPL requirement) or obtain a commercial license
Commercial licensing: nishita0502@gmail.com
If you use Aegis in research, please cite:
@software{aegis2025,
author = {Jain, Nishita},
title = {Aegis: Multi-Agent AI Code Security Platform},
year = {2025},
url = {https://github.com/NiShITa-code/aegis},
license = {MIT}
}