Agentic AI Security - built for developers

Ship AI applications with confidence

  • AI-SBOM — map every agent, model, tool, and datastore from source code
  • Static Analysis — AI Stack analysis, MITRE ATLAS, CVEs, IaC misconfigurations
  • Cognitive Policy — document and enforce behavioral intent
  • Behavior Validation — ensure AI agents and MCP tools act as intended
  • Red-Team — offensive testing that exercises your sub-agents and MCP tools
Star on GitHub
$ pip install nuguard
End-to-end AI application security pipeline
Source Code
Python · TypeScript
Jupyter · SQL
Dockerfiles · K8s
YAML · Nginx
Cognitive Policy
Allowed Topics
Human-in-the-loop
Restricted Actions
AI-SBOM
Agents · Models · Tools
Prompts · Datastores
Guardrails · Auth · IaC
PII/PFI/PHI identification
Output: CycloneDX, SPDX, Markdown
Static Analysis
AI Safety & Security Analysis
MITRE ATLAS v2 mapping
CVE Scanning
Sandbox: Live App
Behavior Validation
Policy-driven test cases
Static & dynamic checks
MCP tool validation
Guardrail verification
Red-Team
Context-specific Attacks
Multi-turn Conversations
Data exfiltration
MCP Tool specific
Risk Analysis
AI Judge evaluation
Risk scoring & severity
Remediation guidance
Cognitive Policy feeds into Analysis & Testing
Who it's for

Built for everyone who needs to trust AI in production

NuGuard answers the questions that matter most to each stakeholder — from source code evidence, not manual attestation.

🧑‍💻

AI Developers

  • Reduce security review overhead — generate security artifacts automatically
  • Agentic stack validation — Test generation, judgment, and remediations
  • Agility — adapt validation rules to changing AI policies and agentic stack
👔

CTO / VP Engineering

  • Strategic oversight — ensure AI initiatives align with business goals and risk appetite
  • Developers productivity — reduce friction in AI validation and deployment
  • Faster deployment — accelerate time-to-market with automated validation
🔒

CISO / Security Director

  • Self-serve & automated validation — less impact on security teams
  • Audit ready - detailed evidence, documented AI policy enforcement
  • Identify PII/PFI/PHI flowing to external LLM APIs — the #1 AI data-risk concern
4
Integrated AI security capabilities
20+
AI frameworks supported
100+
Dynamically generated tests
100%
Air-gapped — LLM optional
What gets detected

Every AI component

Filename and line number as evidence. Full relationship graphs.

🤖

Agents

Frameworks like LangGraph, CrewAI, AutoGen, OpenAI Agents SDK, Google ADK, AWS BedrockAgentCore, Azure Semantic Kernel, Agno, and more.

🧠

Models

LLM and embedding model references with provider, version, and model cards.

🔧

Tools & MCP Servers

Function tools, MCP tools, and decorated callables wired to agents — including privilege scope (db_write, code_execution, shell).

📝

Prompts

System instructions and prompt templates — full content preserved, template variables identified, sensitive values redacted.

🗄️

Datastores

Vector stores, databases, and caches with PII/PHI classification.

🛡️

Guardrails

Content filters and safety validators.

🔑

Auth & IAM

OAuth2, API key, Bearer, JWT, and MCP auth nodes. IAM roles, privilege scopes.

☁️

Deployment & IaC

Kubernetes manifests, Terraform, CloudFormation, Azure Bicep, etc. Cloud region, HA mode, secret stores, IAM roles, encryption settings.

Behavior Validation

Verify your AI Agent behaves as intended — before it ships

NuGuard checks agentic behavior against your Cognitive Policy — catching policy drift, unexpected refusals, and guardrail gaps before they reach production.

Policy-Driven Test Generation

  • Tests derived from your declared intent
  • Ensures compliance with your Cognitive Policy

Static & Dynamic Checks

  • Static tests at build time
  • Dynamic tests against a live endpoint
  • Pass / fail verdicts with evidence snippets

MCP Tools & Guardrail Validation

  • MCP tool output conformance checks
  • Guardrail boundary & edge-case probes
  • Iterates through all MCP tools and guardrails
Red-Team Engine

Adversarial testing that knows your application

Most red-team tools fire generic prompt libraries at an LLM endpoint. NuGuard knows your application context and tailors attacks accordingly. Attacks for a healthcare app vs a code generation tool are going to be different.

Context-driven Attacks

  • Multi-turn conversational attacks
  • Attack Efficiency — no wasted API calls
  • Canary gives definitive proof of data exfiltration

Developer-Friendly

  • Minimal input required
  • Automated judgment of attack results
  • Remediation guidance across all attack scenarios

Full Agentic App Coverage

  • MCP toxic flow injection via untrusted tool output
  • Tool-chain privilege escalation to admin actions
  • Guardrail bypass via multi-turn Crescendo prompts
Quickstart

From install to security posture in minutes

Developer-friendly security tool — AI-SBOM generation, Deep AI Stack Analysis, Cognitive Policy Enforcement — requires minimal security expertise to get started.

Add --llm for LLM enrichment. Most features work out-of-the-box without an LLM key.

Full guide → Behavior Testing Guide → Red Team Guide → 
# Install
$ pip install nuguard

# Generate AI-SBOM from source
$ nuguard sbom generate --source ./my-ai-app --output app.sbom.json

# Static analysis (7 scanners, no running app needed)
$ nuguard analyze --sbom app.sbom.json --format markdown

# Behavior Validation
$ nuguard behavior --policy cognitive_policy.md \
    --output behavior_report.md

# Dynamic red-team scan (requires running app)
$ nuguard redteam --policy cognitive_policy.md \
    --output redteam_report.md


from pathlib import Path
from nuguard.sbom import AiSbomConfig, AiSbomExtractor, AiSbomSerializer
from nuguard.sbom.toolbox.plugins.vulnerability import VulnerabilityScannerPlugin

# Generate AI-SBOM
doc = AiSbomExtractor().extract_from_path(
    path=Path("./my-ai-app"),
    config=AiSbomConfig(),
)
print(f"nodes={len(doc.nodes)}, edges={len(doc.edges)}")

# Serialize
json_str = AiSbomSerializer.to_json(doc)

# Run structural vulnerability scan
sbom   = doc.model_dump(mode="json")
result = VulnerabilityScannerPlugin().run(sbom, {"provider": "all"})
for f in result.details["findings"]:
    print(f["severity"], f["rule_id"], f["title"])
# .github/workflows/ai-security.yml
name: AI Security Scan
on: [push, pull_request]

jobs:
  nuguard:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install NuGuard
        run: pip install nuguard
      - name: Generate AI-SBOM
        run: nuguard sbom generate --source . --output app.sbom.json
      - name: Static analysis — fail on HIGH+
        run: nuguard analyze --sbom app.sbom.json \
               --format sarif --output analysis.sarif \
               --min-severity high
      - name: Policy compliance check
        run: nuguard policy check --sbom app.sbom.json \
               --framework owasp-llm-top10
      - name: Upload SARIF to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: analysis.sarif
Supported frameworks

Deep support across the AI ecosystem

Python

LangChain LangGraph OpenAI Agents SDK CrewAI (code + YAML) AutoGen (code + YAML) Google ADK LlamaIndex Agno AWS BedrockAgentCore Azure AI Agent Service Guardrails AI MCP Server (FastMCP) MCP Server (low-level) Azure Semantic Kernel

TypeScript / JavaScript

LangChain.js LangGraph.js OpenAI Agents (TS) Azure AI Agents (TS) Agno (TS) MCP Server (TS)

Infrastructure & Configuration

Terraform CloudFormation Azure Bicep Kubernetes manifests GCP Deployment Manager GitHub Actions Dockerfiles Nginx configs

Data & Storage

SQL schemas (PHI/PII classification) SQLAlchemy models Django models Pydantic models Prompt files (.txt / .md / .jinja)

Output Formats

SARIF CycloneDX SPDX Markdown
Get started

Know your AI attack surface before your adversaries do

Install NuGuard, run your first scan, and get a complete security picture of every AI component in your codebase — in minutes, from source code, no API key required.

Read the docs → CLI reference
$ pip install nuguard