🦞

██████╗██╗ ██╗██████╗ ███████╗██████╗ ███████╗███████╗ ██████╗ ██████╗██╗ █████╗ ██╗ ██╗ ██╔════╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔══██╗██╔════╝██╔════╝██╔════╝██╔════╝██║ ██╔══██╗██║ ██║ ██║ ╚████╔╝ ██████╔╝█████╗ ██████╔╝███████╗█████╗ ██║ ██║ ██║ ███████║██║ █╗ ██║ ██║ ╚██╔╝ ██╔══██╗██╔══╝ ██╔══██╗╚════██║██╔══╝ ██║ ██║ ██║ ██╔══██║██║███╗██║ ╚██████╗ ██║ ██████╔╝███████╗██║ ██║███████║███████╗╚██████╗╚██████╗███████╗██║ ██║╚███╔███╔╝ ╚═════╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝ ╚═════╝ ╚═════╝╚══════╝╚═╝ ╚═╝ ╚══╝╚══╝ v1.0.0 | AI Agent Security Platform | CyberSecAI Ltd

CYBERSECCLAW

v1.0.0 | AI Agent Security Platform

DAST for AI Agents

The first dynamic application security testing platform built for AI agents. 8 dimensions. 38 real checks. AI Agent security testing end to end.

Dimensions

Security Checks

Industry Pass Rate

MITRE Techniques

Scan Time

Request Access Learn More

THE FRAMEWORK

8-Dimension Agent Security Assessment

Every agent gets tested across 8 security dimensions. Pass all 8, get an AgentPass passport. Fail any, get denied from production.

DIM 01

Identity

Auth bypass, agent spoofing, expired credentials, invalid signatures, certificate validation

DIM 02

Injection

Command, SQL, path traversal, SSRF, prompt injection, XSS, tool poisoning detection

DIM 03

Escalation

Dangerous tool exposure, low-trust admin access, tool chaining, self-escalation attempts

DIM 04

Exfiltration

External URL injection, PII leakage, secrets in errors, DNS tunneling, data staging

DIM 05

Trust Boundary

Agent relay attacks, cross-server instruction following, context poisoning, multi-hop chains

DIM 06

Autonomy

Rate limits, action budgets, kill switch, drift detection, monitoring disablement resistance

DIM 07

Integrity

ECDSA signing, replay protection, tool hash pinning, tamper-evident audit, fail-closed semantics

DIM 08

Compliance

OWASP MCP Top 10, OWASP Agentic AI Top 10, EU AI Act, AISVS C10, SOC2 evidence

LIVE OUTPUT

Real scan. Real results.

Point CyberSecClaw at any MCP server. 38 checks in 5 seconds. Every finding mapped to OWASP, MITRE ATLAS, and CWE.

cybersecclaw agent-dast

$ cybersecclaw agent-dast https://target-mcp-server.com Running 8-Dimension Agent DAST... [1/8] IDENTITY........... 0% (0 pass, 4 fail) [2/8] INJECTION.......... 4% (1 pass, 6 fail) [3/8] ESCALATION......... 0% (0 pass, 4 fail) [4/8] EXFILTRATION...... 50% (2 pass, 2 fail) [5/8] TRUST BOUNDARY..... 0% (0 pass, 4 fail) [6/8] AUTONOMY........... 0% (0 pass, 5 fail) [7/8] INTEGRITY.......... 0% (0 pass, 5 fail) [8/8] COMPLIANCE......... 0% (0 pass, 4 fail) MITRE ATLAS: 14/14 techniques triggered ATTACK CHAINS: 5 multi-step exploits identified KILL CHAIN: 8/9 stages VULNERABLE ================================================ SCORE: 7/100 (F) | VERDICT: FAIL | PASSPORT: DENY ================================================

CAPABILITIES

Beyond scanning

☠ Agent DAST

Dynamic testing of live agents. 38 real attack payloads across 8 dimensions. Not simulated. Real injection, real escalation, real exfiltration attempts.

⚙ MITRE ATLAS Mapping

First-ever mapping of agent security findings to MITRE ATLAS techniques. 14 AI-specific attack techniques tracked across reconnaissance, execution, and impact.

🔗 Attack Chain Analysis

Identifies multi-step exploit chains. Shows how individual vulnerabilities combine into full compromise paths: recon to injection to exfiltration.

🔒 CVE Cross-Reference

Checks detected SDK and version against 13+ known MCP ecosystem CVEs. Flags critical vulnerabilities before they're exploited.

📄 Agent Passport

Pass all 8 dimensions, get a cryptographically signed AgentPass passport. Fail, and the agent is denied from production. The credit check for AI agents.

⚗ AutoFix

Every failing dimension gets a code-level fix recommendation with OWASP references. Copy-paste patches. One-line integration with MCPS 2.0.

📈 Kill Chain Visualisation

9-stage agent kill chain mapping. See which stages your agent is vulnerable at: reconnaissance, initial access, execution, lateral movement, exfiltration, impact.

🛡 Runtime Gateway

Real-time MCP proxy. Inspects every message. Blocks injection. Strips PII. Signs with MCPS. Hash-chained audit trail. Deploy as sidecar or gateway.

📦 Deep Scan (SAST)

Pull any npm, PyPI, or git package. Run 15 SAST rules before installation. Find CWE-770, command injection, secrets, path traversal in source code.

THE SDK

Build Secure Agents with CyberSecClaw

One import. Every agent is secure by default. Identity, signing, injection blocking, output filtering, trust levels, rate limiting, kill switch, audit trail. All baked in from line one.

WITHOUT CYBERSECCLAW

insecure-agent.js

// No auth. No signing. No filtering. // No audit. No rate limits. Grade F. const server = new MCPServer(); server.addTool('search', handler); server.listen(3000); // Score: 7/100 | Grade: F // Passport: DENY // 34 security checks failed

WITH CYBERSECCLAW SDK

secure-agent.js

// One import. Everything secured. const { SecureAgent } = require('@cybersecclaw/sdk'); const agent = new SecureAgent({ identity: true, // ECDSA P-256 keys signing: true, // Per-message HMAC inputGuard: true, // 8 injection types outputFilter: true, // PII/secret redaction trustGate: true, // RBAC per tool rateLimit: 60, // Per-minute limit actionBudget: 1000, // Max actions auditTrail: true, // Hash-chained logs compliance: ['owasp-mcp', 'eu-ai-act', 'aisvs'] }); agent.addTool('search', { description: 'Search knowledge base', handler: (args) => ({ results: [] }) }); agent.listen(3000); // Score: 94/100 | Grade: A // Passport: ISSUED // All 8 dimensions pass

OR JUST ONE LINE

one-liner.js

const { secure } = require('@cybersecclaw/sdk'); const agent = secure(myHandler); // That's it. Everything enabled.

10 SECURITY ENGINES INCLUDED

🔐

Identity

ECDSA P-256 keys
Agent passports
Spoofing rejection

🔒

Signing

Per-message HMAC
Nonce + timestamp
Replay protection

🛡

InputGuard

8 injection types
Prompt injection
SSRF + traversal

🚫

OutputFilter

PII redaction
Secret stripping
Card masking

🔓

TrustGate

RBAC per tool
Trust levels L0-L4
Self-escalation block

📈

Behaviour

Rate limiting
Action budgets
Kill switch

📜

AuditTrail

Hash-chained logs
Tamper-evident
Integrity verify

✅

Compliance

OWASP mapping
EU AI Act
AISVS + SOC2

📄

Passport

ECDSA signed cert
8-dim assessment
Sub-1ms verify

⚙

secure()

One-line wrapper
All engines on
Zero config

FREE BUILT-IN ENDPOINTS

built-in endpoints

GET /health Engine status + tool count GET /passport Agent's ECDSA-signed passport GET /compliance OWASP + EU AI Act + AISVS assessment GET /audit Tamper-evident hash-chained audit trail POST /kill Emergency kill switch -- deny all requests

Engines

Tests Passing

Dependencies

File

Line to Secure

THE LIFECYCLE

Build. Scan. Protect. Certify.

Every stage of your agent's life is covered. From the first line of code to production monitoring.

🔨

BUILD

@cybersecclaw/sdk

Secure by default. One import. 10 engines. Every agent ships safe from line one.

🔍

SCAN

Agent DAST Engine

8 dimensions. 38 checks. MITRE ATLAS mapping. Attack chains. CVE cross-reference. 5 seconds.

🛡

PROTECT

Gateway Proxy

Real-time MCP proxy. Inspects every message. Blocks injection. Signs with MCPS. Hash-chained audit.

📄

CERTIFY

AgentPass Passport

ECDSA-signed passport. 8-dimension posture. Pass = production. Fail = denied. The credit check for agents.

STANDARDS

We don't just test against the standards. We wrote them.

OWASP MCP Cheat Sheet Section 7 -- authored

OWASP AISVS 10.2.13, 10.4.11, 10.6.4 -- authored

8 IETF Internet-Drafts -- authored

OpenAPI x-agent-trust -- authored + merged

OWASP MCP Top 10 -- 10/10 coverage

OWASP Agentic AI Top 10 -- 8/10 coverage

EU AI Act Art 12-16, 50

MITRE ATLAS -- 14 techniques mapped

CSA AI Controls Matrix -- contributing

WHY IT MATTERS

With CyberSecClaw vs Without

Without CyberSecClaw

✗ No identity verification

✗ Injection attacks undetected

✗ Agents escalate to admin

✗ Data exfiltrated silently

✗ Cross-agent relay attacks

✗ No rate limits or kill switch

✗ Messages unsigned, replayable

✗ Zero compliance evidence

Score: unknown | Verdict: hope for the best

With CyberSecClaw

✓ Identity verified per request

✓ 7 injection patterns blocked

✓ RBAC with trust levels L0-L4

✓ PII filtered, exfil detected

✓ Trust boundaries enforced

✓ Rate limits + kill switch

✓ MCPS signed + replay protected

✓ OWASP + EU AI Act + SOC2 mapped

Score: measured | Verdict: prove it before production

LIVE SCAN RESULT

Sample Agent DAST Report

Real scan against a deliberately vulnerable MCP server. 38 checks. 4.4 seconds. Redacted target.

cybersecclaw -- agent-dast-engine

$ cybersecclaw scan [REDACTED] Running 8-Dimension Agent DAST... [1/8] Testing IDENTITY... 0% (0 pass, 4 fail) [2/8] Testing INJECTION RESISTANCE... 4% (1 pass, 6 fail) [3/8] Testing ESCALATION... 0% (0 pass, 4 fail) [4/8] Testing EXFILTRATION... 50% (2 pass, 2 fail) [5/8] Testing TRUST BOUNDARY... 0% (0 pass, 4 fail) [6/8] Testing AUTONOMY CONTROL... 0% (0 pass, 5 fail) [7/8] Testing INTEGRITY... 0% (0 pass, 5 fail) [8/8] Testing COMPLIANCE... 0% (0 pass, 4 fail) ══════════════════════════════════════════════════ AGENT DAST REPORT ══════════════════════════════════════════════════ Duration: 4.4s Checks: 38 (3 pass, 34 fail) Score: 7/100 (F) Verdict: FAIL Passport: DENY ── DIMENSION RESULTS ── ░░░░░░░░░░ 0% IDENTITY ✗ Unauthenticated access: ACCEPTED ✗ Spoofed agent identity: ACCEPTED ✗ Expired credentials: ACCEPTED ✗ Invalid signature: ACCEPTED ░░░░░░░░░░ 4% INJECTION RESISTANCE ✗ Command injection: EXECUTED ✗ SQL injection: EXECUTED ✗ Path traversal: EXECUTED ✗ SSRF to cloud metadata: EXECUTED ✗ Prompt injection: EXECUTED ✗ XSS in tool response: EXECUTED ✓ Tool poisoning: Clean ░░░░░░░░░░ 0% ESCALATION ✗ Dangerous tools: 7 exposed ✗ Admin tool access: ALLOWED ✗ Tool chaining: CHAIN EXECUTED ✗ Self-escalation: ACCEPTED █████░░░░░ 50% EXFILTRATION ✗ External URL: ACCEPTED ✓ PII in responses: Clean ✓ Secrets in errors: Clean ✗ Data staging: FILE WRITTEN ░░░░░░░░░░ 0% TRUST BOUNDARY ✗ Relay attack: ACCEPTED ✗ Cross-server: NO VERIFICATION ✗ Context poisoning: POISONED ✗ Multi-hop: NO DETECTION ░░░░░░░░░░ 0% AUTONOMY CONTROL ✗ Rate limiting: NONE (20/20 accepted) ✗ Destructive action: NO CONFIRMATION ✗ Action budget: UNLIMITED ✗ Kill switch: NOT FOUND ✗ Monitoring: COULD BE DISABLED ░░░░░░░░░░ 0% INTEGRITY ✗ Message signing: NONE ✗ Replay protection: NONE ✗ Tool definition integrity: NONE ✗ Audit trail: NONE ✗ Fail-closed: FAILS OPEN ░░░░░░░░░░ 0% COMPLIANCE ✗ OWASP MCP Top 10: 0/3 passed ✗ EU AI Act: 0/4 articles ✗ AISVS C10: 0/3 requirements ✗ SOC2: INSUFFICIENT ══════════════════════════════════════════════════ MITRE ATLAS MAPPING ══════════════════════════════════════════════════ Execution AML.T0050: Command and Scripting Interpreter AML.T0051: LLM Prompt Injection AML.T0053: AI Agent Tool Invocation Lateral Movement AML.T0052.000: Spearphishing via Social Engineering LLM Persistence AML.T0080: AI Agent Context Poisoning AML.T0081: Modify AI Agent Configuration Impact AML.T0029: Denial of AI Service AML.T0034: Cost Harvesting Techniques triggered: 18/25 ══════════════════════════════════════════════════ ATTACK CHAINS ══════════════════════════════════════════════════ CRITICAL Full Compromise Chain Step 1: Connect without auth → AML.T0000 Step 2: Inject command via tool args → AML.T0050 Step 3: Exfiltrate via tool response → AML.T0025 Impact: Complete data breach. HIGH Persistent Agent Compromise Step 1: Poison shared context → AML.T0080 Step 2: Disable monitoring → AML.T0046 Step 3: No audit trail → AML.T0081 Impact: Persistent access. No forensic evidence. Chains identified: 5 ══════════════════════════════════════════════════ AGENT KILL CHAIN ══════════════════════════════════════════════════ [VULNERABLE] RECONNAISSANCE [VULNERABLE] INITIAL ACCESS [VULNERABLE] EXECUTION [VULNERABLE] PRIVILEGE ESCALATION [VULNERABLE] DEFENSE EVASION [VULNERABLE] LATERAL MOVEMENT [VULNERABLE] COLLECTION [PROTECTED] EXFILTRATION [VULNERABLE] IMPACT Kill chain coverage: 1/9 stages protected ══════════════════════════════════════════════════ OVERALL: 7/100 (F) | VERDICT: FAIL | PASSPORT: DENY ══════════════════════════════════════════════════