🦞 Get CyberSecClaw SDK SECURE AGENT LIBRARY
🦞
██████╗██╗ ██╗██████╗ ███████╗██████╗ ███████╗███████╗ ██████╗ ██████╗██╗ █████╗ ██╗ ██╗ ██╔════╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔══██╗██╔════╝██╔════╝██╔════╝██╔════╝██║ ██╔══██╗██║ ██║ ██║ ╚████╔╝ ██████╔╝█████╗ ██████╔╝███████╗█████╗ ██║ ██║ ██║ ███████║██║ █╗ ██║ ██║ ╚██╔╝ ██╔══██╗██╔══╝ ██╔══██╗╚════██║██╔══╝ ██║ ██║ ██║ ██╔══██║██║███╗██║ ╚██████╗ ██║ ██████╔╝███████╗██║ ██║███████║███████╗╚██████╗╚██████╗███████╗██║ ██║╚███╔███╔╝ ╚═════╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝ ╚═════╝ ╚═════╝╚══════╝╚═╝ ╚═╝ ╚══╝╚══╝ v1.0.0 | AI Agent Security Platform | CyberSecAI Ltd

DAST for AI Agents

The first dynamic application security testing platform built for AI agents. 8 dimensions. 38 real checks. Every production MCP server fails.

8
Dimensions
38
Security Checks
0%
Industry Pass Rate
14
MITRE Techniques
5s
Scan Time
Request Access Learn More
THE FRAMEWORK

8-Dimension Agent Security Assessment

Every agent gets tested across 8 security dimensions. Pass all 8, get an AgentPass passport. Fail any, get denied from production.

DIM 01
Identity
Auth bypass, agent spoofing, expired credentials, invalid signatures, certificate validation
DIM 02
Injection
Command, SQL, path traversal, SSRF, prompt injection, XSS, tool poisoning detection
DIM 03
Escalation
Dangerous tool exposure, low-trust admin access, tool chaining, self-escalation attempts
DIM 04
Exfiltration
External URL injection, PII leakage, secrets in errors, DNS tunneling, data staging
DIM 05
Trust Boundary
Agent relay attacks, cross-server instruction following, context poisoning, multi-hop chains
DIM 06
Autonomy
Rate limits, action budgets, kill switch, drift detection, monitoring disablement resistance
DIM 07
Integrity
ECDSA signing, replay protection, tool hash pinning, tamper-evident audit, fail-closed semantics
DIM 08
Compliance
OWASP MCP Top 10, OWASP Agentic AI Top 10, EU AI Act, AISVS C10, SOC2 evidence
LIVE OUTPUT

Real scan. Real results.

Point CyberSecClaw at any MCP server. 38 checks in 5 seconds. Every finding mapped to OWASP, MITRE ATLAS, and CWE.

cybersecclaw agent-dast
$ cybersecclaw agent-dast https://target-mcp-server.com Running 8-Dimension Agent DAST... [1/8] IDENTITY........... 0% (0 pass, 4 fail) [2/8] INJECTION.......... 4% (1 pass, 6 fail) [3/8] ESCALATION......... 0% (0 pass, 4 fail) [4/8] EXFILTRATION...... 50% (2 pass, 2 fail) [5/8] TRUST BOUNDARY..... 0% (0 pass, 4 fail) [6/8] AUTONOMY........... 0% (0 pass, 5 fail) [7/8] INTEGRITY.......... 0% (0 pass, 5 fail) [8/8] COMPLIANCE......... 0% (0 pass, 4 fail) MITRE ATLAS: 14/14 techniques triggered ATTACK CHAINS: 5 multi-step exploits identified KILL CHAIN: 8/9 stages VULNERABLE ================================================ SCORE: 7/100 (F) | VERDICT: FAIL | PASSPORT: DENY ================================================
CAPABILITIES

Beyond scanning

Agent DAST

Dynamic testing of live agents. 38 real attack payloads across 8 dimensions. Not simulated. Real injection, real escalation, real exfiltration attempts.

MITRE ATLAS Mapping

First-ever mapping of agent security findings to MITRE ATLAS techniques. 14 AI-specific attack techniques tracked across reconnaissance, execution, and impact.

🔗 Attack Chain Analysis

Identifies multi-step exploit chains. Shows how individual vulnerabilities combine into full compromise paths: recon to injection to exfiltration.

🔒 CVE Cross-Reference

Checks detected SDK and version against 13+ known MCP ecosystem CVEs. Flags critical vulnerabilities before they're exploited.

📄 Agent Passport

Pass all 8 dimensions, get a cryptographically signed AgentPass passport. Fail, and the agent is denied from production. The credit check for AI agents.

AutoFix

Every failing dimension gets a code-level fix recommendation with OWASP references. Copy-paste patches. One-line integration with MCPS 2.0.

📈 Kill Chain Visualisation

9-stage agent kill chain mapping. See which stages your agent is vulnerable at: reconnaissance, initial access, execution, lateral movement, exfiltration, impact.

🛡 Runtime Gateway

Real-time MCP proxy. Inspects every message. Blocks injection. Strips PII. Signs with MCPS. Hash-chained audit trail. Deploy as sidecar or gateway.

📦 Deep Scan (SAST)

Pull any npm, PyPI, or git package. Run 15 SAST rules before installation. Find CWE-770, command injection, secrets, path traversal in source code.

THE SDK

Build Secure Agents with CyberSecClaw

One import. Every agent is secure by default. Identity, signing, injection blocking, output filtering, trust levels, rate limiting, kill switch, audit trail. All baked in from line one.

WITHOUT CYBERSECCLAW
insecure-agent.js
// No auth. No signing. No filtering. // No audit. No rate limits. Grade F. const server = new MCPServer(); server.addTool('search', handler); server.listen(3000); // Score: 7/100 | Grade: F // Passport: DENY // 34 security checks failed
WITH CYBERSECCLAW SDK
secure-agent.js
// One import. Everything secured. const { SecureAgent } = require('@cybersecclaw/sdk'); const agent = new SecureAgent({ identity: true, // ECDSA P-256 keys signing: true, // Per-message HMAC inputGuard: true, // 8 injection types outputFilter: true, // PII/secret redaction trustGate: true, // RBAC per tool rateLimit: 60, // Per-minute limit actionBudget: 1000, // Max actions auditTrail: true, // Hash-chained logs compliance: ['owasp-mcp', 'eu-ai-act', 'aisvs'] }); agent.addTool('search', { description: 'Search knowledge base', handler: (args) => ({ results: [] }) }); agent.listen(3000); // Score: 94/100 | Grade: A // Passport: ISSUED // All 8 dimensions pass
OR JUST ONE LINE
one-liner.js
const { secure } = require('@cybersecclaw/sdk'); const agent = secure(myHandler); // That's it. Everything enabled.
10 SECURITY ENGINES INCLUDED
🔐
Identity
ECDSA P-256 keys
Agent passports
Spoofing rejection
🔒
Signing
Per-message HMAC
Nonce + timestamp
Replay protection
🛡
InputGuard
8 injection types
Prompt injection
SSRF + traversal
🚫
OutputFilter
PII redaction
Secret stripping
Card masking
🔓
TrustGate
RBAC per tool
Trust levels L0-L4
Self-escalation block
📈
Behaviour
Rate limiting
Action budgets
Kill switch
📜
AuditTrail
Hash-chained logs
Tamper-evident
Integrity verify
Compliance
OWASP mapping
EU AI Act
AISVS + SOC2
📄
Passport
ECDSA signed cert
8-dim assessment
Sub-1ms verify
secure()
One-line wrapper
All engines on
Zero config
FREE BUILT-IN ENDPOINTS
built-in endpoints
GET /health Engine status + tool count GET /passport Agent's ECDSA-signed passport GET /compliance OWASP + EU AI Act + AISVS assessment GET /audit Tamper-evident hash-chained audit trail POST /kill Emergency kill switch -- deny all requests
10
Engines
25
Tests Passing
0
Dependencies
1
File
1
Line to Secure
THE LIFECYCLE

Build. Scan. Protect. Certify.

Every stage of your agent's life is covered. From the first line of code to production monitoring.

🔨
BUILD
@cybersecclaw/sdk
Secure by default. One import. 10 engines. Every agent ships safe from line one.
🔍
SCAN
Agent DAST Engine
8 dimensions. 38 checks. MITRE ATLAS mapping. Attack chains. CVE cross-reference. 5 seconds.
🛡
PROTECT
Gateway Proxy
Real-time MCP proxy. Inspects every message. Blocks injection. Signs with MCPS. Hash-chained audit.
📄
CERTIFY
AgentPass Passport
ECDSA-signed passport. 8-dimension posture. Pass = production. Fail = denied. The credit check for agents.
STANDARDS

We don't just test against the standards. We wrote them.

OWASP MCP Cheat Sheet Section 7 -- authored
OWASP AISVS 10.2.13, 10.4.11, 10.6.4 -- authored
8 IETF Internet-Drafts -- authored
OpenAPI x-agent-trust -- authored + merged
OWASP MCP Top 10 -- 10/10 coverage
OWASP Agentic AI Top 10 -- 8/10 coverage
EU AI Act Art 12-16, 50
MITRE ATLAS -- 14 techniques mapped
CSA AI Controls Matrix -- contributing

Request Early Access

CyberSecClaw is available to select security teams and design partners.

Request Access

Or email directly: [email protected]