Ai Infra Guard

 | 

🌐 · · · · · · ·

 

 

🚀 AI Red Teaming Platform by Tencent Zhuque Lab

A.I.G (AI-Infra-Guard) integrates capabilities such as ClawScan(OpenClaw Security Scan), Agent Scan，AI infra vulnerability scan, MCP Server & Agent Skills scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination.

We are committed to making A.I.G(AI-Infra-Guard) the industry-leading AI red teaming platform. More stars help this project reach a wider audience, attracting more developers to contribute, which accelerates iteration and improvement. Your star is crucial to us!

🚀 What's New

• 2026-04-23 · v4.1.6 — Coverage expanded to 58 AI components (added FastGPT, Upsonic); vuln database refreshed across 7 components.
• 2026-04-23 · v4.1.5 — Detects exposed AI agent config files (13 paths); manual update for jailbreak datasets and vuln databases.
• 2026-04-17 · v4.1.4 — HTTPS model endpoints with self-signed certificates now supported.
• 2026-04-09 · v4.1.3 — Coverage expanded to 55 AI components; added crewai, kubeai, lobehub.
• 2026-04-03 · v4.1.2 — Three new skills on ClawHub (edgeone-clawscan, edgeone-skill-scanner, aig-scanner) + manual task stop.
• 2026-03-25 · v4.1.1 — ☠️ Detects LiteLLM supply chain attack (CRITICAL); added Blinko & New-API coverage.
• 2026-03-23 · v4.1 — OpenClaw vulnerability database expanded with 281 new CVE/GHSA entries.
• 2026-03-10 · v4.0 — Launched EdgeOne ClawScan (OpenClaw Security Scan) and Agent-Scan framework.

👉 CHANGELOG · 🩺 Try EdgeOne ClawScan

Table of Contents

• 🚀 Quick Start
• ✨ Features
• 🖼️ Showcase
• 📖 User Guide
• 🔧 API Documentation
• 🏗️ Architecture Evolution
• 📝 Contribution Guide
• 🙏 Acknowledgements
• 💬 Join the Community
• 📖 Citation
• 📚 Related Papers
• ⚖️ License & Attribution

🚀 Quick Start

Deployment with Docker

# This method pulls pre-built images from Docker Hub for a faster start
git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# For Docker Compose V2+, replace 'docker-compose' with 'docker compose'
docker-compose -f docker-compose.images.yml up -d

Once the service is running, you can access the A.I.G web interface at:

http://localhost:8088

Use from OpenClaw

You can also call A.I.G directly from OpenClaw chat via the aig-scanner skill.

clawhub install aig-scanner

Then configure AIG_BASE_URL to point to your running A.I.G service.

For more details, see the [aig-scanner README](./skills/aig-scanner/README.md).

📦 More installation options

Other Installation Methods

Method 2: One-Click Install Script （Recommended）

# This method will automatically install Docker and launch A.I.G with one command
curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bash

Method 3: Build and run from source

git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# This method builds a Docker image from local source code and starts the service
# (For Docker Compose V2+, replace 'docker-compose' with 'docker compose')
docker-compose up -d

Note: The AI-Infra-Guard project is positioned as an AI red teaming platform for internal use by enterprises or individuals. It currently lacks an authentication mechanism and should not be deployed on public networks.

For more information, see: https://tencent.github.io/AI-Infra-Guard/?menu=getting-started

Try the Online Pro Version

Experience the Pro version with advanced features and improved performance. The Pro version requires an invitation code and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: https://aigsec.ai/.

✨ Features

💎 Additional Benefits

• 🖥️ Modern Web Interface: User-friendly UI with one-click scanning and real-time progress tracking
• 🔌 Complete API: Full interface documentation and Swagger specifications for easy integration
• 🤖 Agent-Ready: Plug-and-play agent skills on ClawHub — EdgeOne ClawScan, EdgeOne Skill Scanner, and AIG Scanner — seamlessly embed security scanning into any AI agent workflow
• 🌐 Multi-Language: Chinese and English interfaces with localized documentation
• 🐳 Cross-Platform: Linux, macOS, and Windows support with Docker-based deployment
• 🆓 Free & Open Source: Completely free under the Apache 2.0 license

🖼️ Showcase

A.I.G Main Interface

Plugin Management

🗺️ Quick Usage Guide

After deployment, open http://localhost:8088 in your browser.

AI Infrastructure Vulnerability Scan

What to enter as the target URL / IP?

The target is the network address of a running AI service you want to scan - not a GitHub URL or source code path. A.I.G connects to the live service and fingerprints it for known CVE vulnerabilities.

Step-by-step: Scan a local vLLM instance

1. Start vLLM normally (e.g. python -m vllm.entrypoints.api_server --model meta-llama/...)

2. In the A.I.G web UI, click "AI基础设施安全扫描 / AI Infra Scan"

3. Enter http://127.0.0.1:8000 (or the IP/port where vLLM is listening)

4. Click Start Scan - A.I.G will fingerprint the service and match it against 1200+ known CVEs

5. View the report: component version, matched vulnerabilities, severity, and remediation links

💡 Tip: To scan the *nightly* build of vLLM specifically, just run that nightly build and point A.I.G at its address. The scanner detects the version automatically.

MCP Server & Agent Skills Scan

Enter either a remote URL (e.g. https://github.com/user/mcp-server) or upload a local source archive - no running instance required.

Jailbreak Evaluation

Configure the target LLM's API endpoint (base URL + API key) in Settings → Model Config, then select a dataset and start the evaluation.

---

📖 User Guide

Visit our online documentation: https://tencent.github.io/AI-Infra-Guard/

For more detailed FAQs and troubleshooting guides, visit our documentation.

🔧 API Documentation

A.I.G provides a comprehensive set of task creation APIs that support AI infra scan, MCP Server Scan, and Jailbreak Evaluation capabilities.

After the project is running, visit http://localhost:8088/docs/index.html to view the complete API documentation.

For detailed API usage instructions, parameter descriptions, and complete example code, please refer to the Complete API Documentation.

📝 Contribution Guide

The extensible plugin framework​​ serves as A.I.G's architectural cornerstone, inviting community innovation through Plugin and Feature contributions.​

Plugin Contribution Rules

1. Fingerprint Rules: Add new YAML fingerprint files to the data/fingerprints/ directory.

2. Vulnerability Rules: Add new vulnerability scan rules to the data/vuln/ directory.

3. MCP Plugins: Add new MCP security scan rules to the data/mcp/ directory.

4. Jailbreak Evaluation Datasets: Add new Jailbreak evaluation datasets to the data/eval directory.

Please refer to the existing rule formats, create new files, and submit them via a Pull Request.

Other Ways to Contribute

• 🐛 Report a Bug
• 💡 Suggest a New Feature
• ⭐ Improve Documentation

🙏 Acknowledgements

🎓 Academic Collaborations

We extend our sincere appreciation to our academic partners for their exceptional research contributions and technical support.

👥 Gratitude to Contributing Developers

Thanks to all the developers who have contributed to the A.I.G project, Your contributions have been instrumental in making A.I.G a more robust and reliable AI Red Team platform.

🤝 Appreciation for Our Users

Thanks to the users from the following organizations and teams for using A.I.G and their valuable feedback.

💬 Join the Community

🌐 Online Discussions

• GitHub Discussions: Join our community discussions
• Issues & Bug Reports: Report issues or suggest features

📱 Discussion Community

WeChat Group

Discord

📧 Contact Us

For collaboration inquiries or feedback, please contact us at: zhuque@tencent.com

🔗 Recommended Security Tools

If you are interested in code security, check out A.S.E (AICGSecEval), the industry's first repository-level AI-generated code security evaluation framework open-sourced by the Tencent Wukong Code Security Team.

📖 Citation

If you use A.I.G in your research, please cite:

@misc{Tencent_AI-Infra-Guard_2025,
  author={{Tencent Zhuque Lab}},
  title={{AI-Infra-Guard: A Comprehensive, Intelligent, and Easy-to-Use AI Red Teaming Platform}},
  year={2025},
  howpublished={GitHub repository},
  url={https://github.com/Tencent/AI-Infra-Guard}
}

📚 Related Papers

We are deeply grateful to the research teams who have used A.I.G in their academic work. Click to expand (17 papers)

1. Naen Xu, Jinghuai Zhang, Ping He et al. "FraudShield: Knowledge Graph Empowered Defense for LLMs against Fraud Attacks." arXiv preprint arXiv:2601.22485v1 (2026). [[pdf]](http://arxiv.org/abs/2601.22485v1)

2. Ruiqi Li, Zhiqiang Wang, Yunhao Yao et al. "MCP-ITP: An Automated Framework for Implicit Tool Poisoning in MCP." arXiv preprint arXiv:2601.07395v1 (2026). [[pdf]](http://arxiv.org/abs/2601.07395v1)

3. Jingxiao Yang, Ping He, Tianyu Du et al. "HogVul: Black-box Adversarial Code Generation Framework Against LM-based Vulnerability Detectors." arXiv preprint arXiv:2601.05587v1 (2026). [[pdf]](http://arxiv.org/abs/2601.05587v1)

4. Yunyi Zhang, Shibo Cui, Baojun Liu et al. "Beyond Jailbreak: Unveiling Risks in LLM Applications Arising from Blurred Capability Boundaries." arXiv preprint arXiv:2511.17874v2 (2025). [[pdf]](http://arxiv.org/abs/2511.17874v2)

5. Teofil Bodea, Masanori Misono, Julian Pritzi et al. "Trusted AI Agents in the Cloud." arXiv preprint arXiv:2512.05951v1 (2025). [[pdf]](http://arxiv.org/abs/2512.05951v1)

6. Christian Coleman. "Behavioral Detection Methods for Automated MCP Server Vulnerability Assessment." [[pdf]](https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1138&context=covacci-undergraduateresearch)

7. Bin Wang, Zexin Liu, Hao Yu et al. "MCPGuard: Automatically Detecting Vulnerabilities in MCP Servers." arXiv preprint arXiv:2510.23673v1 (2025). [[pdf]](http://arxiv.org/abs/2510.23673v1)

8. Weibo Zhao, Jiahao Liu, Bonan Ruan et al. "When MCP Servers Attack: Taxonomy, Feasibility, and Mitigation." arXiv preprint arXiv:2509.24272v1 (2025). [[pdf]](http://arxiv.org/abs/2509.24272v1)

9. Ping He, Changjiang Li, et al. "Automatic Red Teaming LLM-based Agents with Model Context Protocol Tools." arXiv preprint arXiv:2509.21011 (2025). [[pdf]](https://arxiv.org/abs/2509.21011)

10. Yixuan Yang, Daoyuan Wu, Yufan Chen. "MCPSecBench: A Systematic Security Benchmark and Playground for Testing Model Context Protocols." arXiv preprint arXiv:2508.13220 (2025). [[pdf]](https://arxiv.org/abs/2508.13220)

11. Zexin Wang, Jingjing Li, et al. "A Survey on AgentOps: Categorization, Challenges, and Future Directions." arXiv preprint arXiv:2508.02121 (2025). [[pdf]](https://arxiv.org/abs/2508.02121)

12. Yongjian Guo, Puzhuo Liu, et al. "Systematic Analysis of MCP Security." arXiv preprint arXiv:2508.12538 (2025). [[pdf]](https://arxiv.org/abs/2508.12538)

13. Yuepeng Hu, Yuqi Jia, Mengyuan Li et al. "MalTool: Malicious Tool Attacks on LLM Agents." arXiv preprint arXiv:2602.12194 (2026). [[pdf]](https://arxiv.org/abs/2602.12194)

14. Yi Ting Shen, Kentaroh Toyoda, Alex Leung. "MCP-38: A Comprehensive Threat Taxonomy for Model Context Protocol Systems (v1.0)." arXiv preprint arXiv:2603.18063 (2026). [[pdf]](https://arxiv.org/abs/2603.18063)

15. Yiheng Huang, Zhijia Zhao, Bihuan Chen et al. "From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers." arXiv preprint arXiv:2604.01905 (2026). [[pdf]](https://arxiv.org/abs/2604.01905)

16. Hengkai Ye, Zhechang Zhang, Jinyuan Jia et al. "TRUSTDESC: Preventing Tool Poisoning in LLM Applications via Trusted Description Generation." arXiv preprint arXiv:2604.07536 (2026). [[pdf]](https://arxiv.org/abs/2604.07536)

17. Zenghao Duan, Yuxin Tian, Zhiyi Yin et al. "SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement." arXiv preprint arXiv:2604.04989 (2026). [[pdf]](https://arxiv.org/abs/2604.04989)

📧 If you have used A.I.G in your research or product, or if we have inadvertently missed your publication, we would love to hear from you! Contact us here.

⚖️ License & Attribution

This project is open-sourced under the Apache License 2.0. We warmly welcome and encourage community contributions, integrations, and derivative works, subject to the following attribution requirements:

1. Retain notices: You must retain the LICENSE and NOTICE files from the original project in any distribution.

2. Product attribution: If you integrate AI-Infra-Guard's core code, components, or scanning engine into your open-source project, commercial product, or internal platform, you must clearly state the following in your product documentation, usage guide, or UI "About" page:

"This project integrates AI-Infra-Guard, open-sourced by Tencent Zhuque Lab."

3. Academic & article citation: If you use this tool in vulnerability analysis reports, security research articles, or academic papers, please explicitly mention "Tencent Zhuque Lab AI-Infra-Guard" and include a link to the repository.

Repackaging this project as an original product without disclosing its origin is strictly prohibited.