Security proxy for AI agents. Scans every message for prompt injection, PII, and secrets. Defense-in-depth: Go proxy + iptables firewall + eBPF kernel monitor. YAML policy engine, audit logging, 5 AI agents with RAG knowledge bases.

Layer for static code analysis and security hardening

FAANG (MANGA) Security Engineer Interview Collection. An ongoing & curated collection of awesome software, frameworks and libraries, learning tutorials and videos, technical guidelines and best practices, and cheatsheets in the world of Security Engineering Career.

An open taxonomy and scoring framework for evaluating AI agent sandboxes: 7 defense layers, 7 threat categories, 3 evaluation dimensions, 27 "sandboxes" scored.

AgentWard – Built for all, hardened for OpenClaw.

This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…

A lightweight, multi-layer Linux sandbox combining namespaces, pivot_root, seccomp-bpf, capability dropping, and an evidence-based verdict engine (Truthimatics Public Version) for secure, auditable code execution.

little-canary is a prompt-injection detector that reads attacks by their effect on a sacrificial canary model before they reach production. Puts a small canary model in front of your app, watches whether untrusted input compromises it, and returns block, flag, or pass as an inbound preflight check before your primary model acts.

Responsive defense layer for Linux; ships kernel-LPE mitigations as 0days land. Coverage: Copy Fail family (cf1, cf2, Dirty Frag, Fragnesia, PinTheft, DirtyDecrypt) + FD-theft (ssh-keysign-pwn). EL7/8/9/10.

Winning entry for the BitGN Personal Agent Challenge (PAC) 2026 — defense-in-depth personal agent with soft SGR, layered prompt-injection hardening, and Vercel AI SDK native tool calling.

Plumbline — a self-learning, customer-value-governed agile AI agent team for Claude Code. 87 subagents + skills, TDD defense-in-depth gates, Kaizen retros, a four-body adversarial council, and an empirically benchmarked QA harness. Does it hang true?

A multi-layered prompt injection detection system built with Laravel.

Self-hosted homelab on Ubuntu 24.04 — ~50 Docker services, defense-in-depth security, zero open inbound ports, fully reproducible IaC

Human-in-the-loop governance middleware preventing AI hallucination at the Git level.

A defense-in-depth sandbox for AI coding agents. Containerized workspace, host Docker socket access, isolated memory and config from the host. Multi-project, single-image.

Defense-in-depth platform for running OpenClaw agents on personal hardware

Production-ready security playbook for AI agent deployments. Addresses backup file persistence, authentication bypass, and prompt injection vulnerabilities. Integrates openclaw-detect, openclaw-telemetry, openclaw-shield, and clawguard.

🔍 Monitor AI activities and enhance security with ClawGuard, the real-time dashboard for OpenClaw, featuring analytics and an emergency kill switch.

AEGIS : Authenticated Execution Gateway for Injection Security. Open-source, model agnostic prompt injection defense gateway for LLM apps. Five composed layers: CCPT, Trust Lattice, Intent Anchor, Canary Tripwires, Capability Tokens.

Eight constrained reviewers. Each scoped to a different failure surface. Hook-enforced walls, not just prompts.