Skip to content
@opena2a-org

opena2a.org

Open-source security for AI agents
README.md

OpenA2A

The standard for AI agent security

Website · OASB Benchmark · Discord

Open-source security infrastructure for AI agents. Identity management, runtime protection, security scanning, compliance benchmarks, behavioral governance, and credential management. Apache-2.0, self-hostable, works independently or together.

Start Here

npx opena2a-cli review

One command scans your project for shadow AI, credentials, config integrity, and governance gaps. Opens an HTML dashboard with a security score.

Tools

Tool What it does Try it
opena2a-cli Unified CLI. Shadow AI detection, identity, governance, scanning, protection. npx opena2a-cli review
HackMyAgent 209 static checks, 29 NanoMind semantic checks, 164 attack payloads, auto-fix. npx hackmyagent secure
Secretless AI Keep secrets out of AI tools: Claude Code, Cursor, Copilot, Windsurf. npx secretless-ai init
AIM Cryptographic identity, capability policies, audit logging, trust scoring. opena2a identity create
ai-trust Pre-install trust verification for AI packages: MCP servers, A2A agents, skills, AI tools. npx ai-trust check <pkg>
Browser Guard Detect and control AI agents in the browser. Chrome Web Store
DVAA Intentionally vulnerable AI agents for security training. opena2a train start

Standards

Spec What it defines
OASB-1 46 security controls across 10 categories, 3 maturity levels
OASB-2 Behavioral governance — 72 controls across 9 domains, 4 agent tiers
OASB Eval 222 attack scenarios for evaluating AI security tools
ABGS Agent Behavioral Governance Specification — what goes in SOUL.md
awesome-agent-souls 100+ SOUL.md templates by role, industry, and use case

Upstream Contributions

We contribute security fixes back to the projects we audit — not just reports, production code.

OpenClaw (205K+ stars) — 8 security PRs, 7 merged:

  • Credential redaction in gateway config responses (#9858)
  • Skill/plugin code safety scanner — 1,721 lines (#9806)
  • Path traversal prevention in A2UI file serving (#10525)
  • Timing-safe comparison for hook token auth (#10527)
  • Supply chain hardening with --ignore-scripts (#10528)
  • File permission enforcement for credential files (#10529)
  • Security headers for gateway HTTP responses (#10526)
  • Skill scanner false positive reduction (#10530)

Architecture

┌─────────────────────────────────────────────────────────────────┐
│              opena2a-cli  (unified entry point)                  │
│              npx opena2a-cli review                              │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  opena2a detect         → Shadow AI discovery                    │
│  opena2a identity       → AIM  (cryptographic identity)          │
│  opena2a scan           → HackMyAgent  (209 security checks)     │
│  opena2a secrets        → Secretless AI (credential protection)  │
│  opena2a trust          → ai-trust (pre-install trust check)     │
│  opena2a mcp            → MCP server signing and trust           │
│  opena2a benchmark      → OASB (222 attack scenarios)            │
│  opena2a harden-soul    → ABGS (behavioral governance)           │
│  opena2a shield init    → All of the above, one command          │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘

Recent Updates

Date Update
Apr 17 HackMyAgent v0.17.11detect Shadow AI audit command, --nanomind opt-in for AI-powered analysis, unified output across secure/scan-soul/harden-soul/explain, 209 checks + 29 semantic checks, 164 attack payloads across 16 categories
Apr 8 opena2a-cli v0.8.19 — Runtime HMA version check, unified publish endpoint
Apr 8 HackMyAgent v0.15.7 — GitHub repo scanning, unified publish endpoint
Mar 18 opena2a-cli v0.8.7 -- OAuth login, identity lifecycle (suspend/revoke/reactivate), tag/MCP/activity management, server policies, detect --auto-scan
Mar 15 opena2a-cli v0.7.2 — Shadow AI detection with governance scoring, HTML reports, CSV export, community trust data
Mar 15 HackMyAgent v0.11.0 — Attack taxonomy, CVE-2026-25253 detection
Mar 14 Secretless AI v0.12.4 — MCP server credential protection, broker auth hardening
Mar 11 opena2a-cli v0.5.11 — Runtime command fixes, Shield improvements
Mar 10 OASB-2 — Agent Soul specification published, 72 behavioral governance controls
Mar 5 Secretless AI v0.11.4 — HashiCorp Vault backend, graceful fallback
Mar 4 ABGS v1.0 — Agent Behavioral Governance Specification, 9 domains, 72 controls

License

All tools are Apache-2.0.

Popular repositories Loading

  1. agent-identity-management agent-identity-management Public

    AIM - The open-source NHI platform for AI agents. Cryptographic identity, governance, and access control.

    Go 43 13

  2. hackmyagent hackmyagent Public

    Security toolkit for AI agents - verify skills, harden setups, scan for exposures

    TypeScript 27 2

  3. damn-vulnerable-ai-agent damn-vulnerable-ai-agent Public

    A deliberately vulnerable AI agent platform for security testing and education. Like DVWA but for AI agents.

    JavaScript 20 12

  4. secretless-ai secretless-ai Public

    One command to keep secrets out of AI (LLMs). Works with Claude Code, Cursor, Copilot, Windsurf, and any AI coding tool.

    TypeScript 19 4

  5. opena2a opena2a Public

    Open-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.

    TypeScript 14 5

  6. ai-browserguard ai-browserguard Public

    AI Browser Guard - Protect users from AI agent takeover in browser sessions

    TypeScript 3 1

Repositories

Showing 10 of 42 repositories
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…