Project Aegis: GenAI Security Framework

python pytest pydantic click
Visit Project → View on GitHub
Project Aegis: GenAI Security Framework

Project Aegis: Autonomous Agent Security Framework

Project Aegis is a next-generation security scanner designed to robustly evaluate and red-team Autonomous AI Agents. Built natively in Python, Aegis addresses the emerging attack surfaces of LLM-powered applications, from Prompt Injections and Agentic Hijacking to Data Leakage and Financial Denial of Service.

Project Overview

As organizations rapidly adopt LLM-powered autonomous agents to manage workloads, traditional security scanners fail to address new vulnerabilities introduced by dynamic memory, non-deterministic reasoning, and permissive agent tools. Project Aegis acts as an automated security orchestrator, ingesting an AgentManifest configuration and unleashing a battery of adversarial testing modules mapped directly to the OWASP Top 10 for LLMs and MAESTRO Framework standards.

Technologies Used

  • Python (3.11+): The core engine, chosen for its dominant AI and security ecosystem workflows.
  • Pydantic: Strictly validates and manages complex agent manifest schemas and scanner telemetry.
  • Pytest (Asyncio): Drives the underlying dynamic evaluation modules, enabling asynchronous high-concurrency behavioral testing against agent contexts.
  • Click: Powers the pipeline-ready Command Line Interface (CLI).

Key Features

  • 🧬 Genetic Fuzzer & Prompt Injection: Mutates adversarial templates dynamically to hunt for zero-day jailbreaks that coerce agents into bypassing their core system instructions.
  • 🛡️ Agentic Action Security: Analyzes agent tools for destructive permissions, missing directory traversal safeguards, and Human-in-the-Loop (HITL) bypass vulnerabilities.
  • 🕵️ Data Privacy Validator: Includes an intrinsic LLM-as-a-Judge pipeline to differentiate between harmless LLM hallucinations and genuine PII data leakage stemming from insecure memory endpoints.
  • 📊 AI-CVSS Reporting: Consolidates penetration telemetry into pipeline-ready JSON outputs or crisp Markdown reports graded using an adapter for the Common Vulnerability Scoring System (CVSS) tailored to AI layers.