Thank you for helping improve Awesome Agentic AI Security.
This repository is a structured field guide for securing agentic, multi-agent, tool-using, memory-using, and self-improving AI systems. It is not a flat link dump. Contributions should help readers understand risks, controls, benchmarks, architectures, research, or secure engineering patterns for AI systems that can act.
Good contributions include:
- Standards, frameworks, guidance, and public specifications.
- Vendor research and independent research with clear relevance to agentic AI security.
- Tools that help observe, interpret, constrain, govern, evaluate, or audit agentic systems.
- Benchmarks that test agentic behaviour, tool use, memory, credentials, autonomy, or multi-agent workflows.
- Case studies that teach defensive lessons about agentic attack surfaces or breach chains.
- Pattern improvements for secure agent runtimes, tool calling, MCP, memory, credentials, approval gates, sandboxing, observability, or policy enforcement.
Please avoid generic AI news, promotional material, unsupported claims, copied source material, or items that do not have durable security relevance.
For substantial additions, include enough context for maintainers to assess quality and relevance:
- Source type, such as standard, vendor research, independent research, tool, benchmark, guide, case study, or opinion piece.
- Producer or publisher.
- Why the item matters for agentic execution security.
- Risks, behaviours, controls, architectures, or evaluation methods covered.
- Evidence quality and maturity level.
- Last-checked date for external resources.
- Important limitations, caveats, or scope boundaries.
The repository favours fewer, better-labelled entries over a large unstructured catalogue.
Use British English, except for established names such as AI Defense Plane.
Keep the tone calm, precise, and evidence-led. Avoid hype, fear-based language, exaggerated maturity claims, or presenting unverified claims as settled fact. When describing attacks or failures, focus on defensive understanding, affected surfaces, controls, and lessons learned rather than unnecessary operational exploit detail.
Use the issue templates when suggesting resources, case studies, benchmarks, or pattern improvements. The structured fields are there to keep review efficient and to preserve the repository quality bar.
If the issue involves a vulnerability, unsafe guidance, sensitive disclosure, exposed secret, or security concern about repository-maintained content, do not include sensitive details in a public issue. Use GitHub private vulnerability reporting if it is available; otherwise open a minimal public issue asking for a private reporting path.
Before opening a pull request:
- Keep the change narrow and reviewable.
- Explain the evidence behind new resources, claims, or recommendations.
- Label planned or incomplete areas clearly instead of presenting them as finished.
- Do not include generated outputs, built documentation, logs, traces, screenshots, reports, exports, or local analysis artefacts.
- Do not add copied source material when a concise summary and link are enough.
Pull requests should strengthen the map of agentic execution security without broadening the repository into unrelated AI security material.
To contribute to the documentation platform, please follow these steps:
- Install Python 3.11+
- Install dependencies:
pip install -r requirements.txt
- Serve the docs locally:
The site will be available at http://localhost:8000
mkdocs serve
- Build the docs for validation:
mkdocs build --strict
- Lint Markdown files:
pip install markdownlint-cli markdownlint '**/*.md' --ignore site - Check Markdown links:
pip install markdown-link-check find . -name '*.md' -not -path './site/*' -exec markdown-link-check -q {} \;
- Do not commit the generated
site/directory. - All documentation must remain readable in GitHub without the site.
- Use clear, public-ready language and reference the roadmap, mission, and tech stack for direction.
- See
specs/2026-04-29-docs-platform-implementation/requirements.mdfor scope and decisions.