A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.
4.1k
Stars
394
Forks
18
Open issues
30
Contributors
AI Analysis
AI-Infra-Guard is a comprehensive red teaming platform by Tencent's Zhuque Lab designed to identify security vulnerabilities in AI systems through multiple specialized scanners: OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI infrastructure vulnerability assessment, and LLM jailbreak evaluation. It serves AI security teams, researchers, and organizations deploying AI agents and language models who need systematic security risk assessment. This is a specialized security tool for ...
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Tencent's AI red teaming platform covering LLM jailbreaks, agent vulnerabilities, and infrastructure security scanning
AI-Infra-Guard is a comprehensive red teaming platform designed to identify and assess security risks across AI systems—covering LLM jailbreaks, agent behavior exploitation, MCP server vulnerabilities, and infrastructure misconfigurations. Built by Tencent's Zhuque Lab, it targets AI teams, security researchers, and infrastructure operators who need to self-audit AI deployment security before production. The project shows active development with frequent releases, multi-language documentation, and demonstrated adoption in security conferences and integration ecosystems.
Created 2024-12-25, AI-Infra-Guard emerged as Tencent's response to the growing need for structured AI security assessment tooling. The project evolved rapidly through 2025–2026, expanding from core LLM jailbreak detection to a modular platform covering agents, infrastructure, and MCP servers—reflecting the widening attack surface as AI systems became more complex and interconnected.
The project gained ~4,000 stars in roughly 18 months, with 53 stars in the last 7 days (as of 2026-06-29). Growth appears driven by: (1) corporate backing from Tencent (Zhuque Lab), (2) presence at Black Hat EU 2025, (3) inclusion in multiple awesome-* lists, (4) active release cadence (5–6 releases per month visible in changelog), and (5) multi-language documentation suggesting international outreach. Docker adoption metrics are referenced but not detailed in README.
Adoption appears present but adoption metrics not quantified: (1) Black Hat EU 2025 Arsenal inclusion suggests security professional interest; (2) ClawHub integration implies internal Tencent platform use; (3) Docker pull metrics referenced but not shown; (4) Multi-language documentation (8 languages) signals international adoption effort. However, no public case studies, no disclosed enterprise users, no GitHub discussions revealing production deployment scale. Adoption not verified at enterprise scale but adoption not verified does not mean absent.
Appears to be a modular scanning platform with distinct subsystems: OpenClaw Security Scan (general security), Agent Scan (behavioral exploitation), Skills Scan (AI skill exploitation), MCP Scan (Model Context Protocol server vulnerability detection), AI Infra Scan (deployment misconfiguration), and LLM Jailbreak Evaluation (prompt injection testing). README indicates REST API, Docker deployment, and integration with ClawHub ecosystem. Likely uses Python backend with modular scanner architecture, though specific framework details not documented in README.
Not documented in README. No mention of CI/CD test results, coverage reports, or testing methodology. Cannot infer test rigor from available metadata.
Strong maintenance signals: last push 2026-06-29 (same day as analysis date); 5–6 releases per month across June 2026; 385 forks indicating active forking; explicit versioning (v4.1.15 as latest). No evidence of stagnation. README references recent additions (MCP threat rules, jailbreak operators, CVE expansions, fingerprint library updates) all dated within last 2 weeks of analysis date, suggesting continuous feature velocity.
ADOPT IF: your organization deploys multiple AI systems (LLMs, agents, MCP servers) and needs structured self-assessment before production; you want a modular platform covering multiple threat vectors; you accept using a 18-month-old project backed by a major vendor. AVOID IF: you need hardened, extensively battle-tested tooling with published case studies and third-party security audits; your threat model is highly specialized outside the documented scanner types; you require on-premise deployment without Docker/API dependency. MONITOR IF: you are a security researcher evaluating emerging AI red teaming tools; you want to assess whether Tencent's platform becomes an industry standard; you are considering contributing to an actively maintained open-source security project in the AI space.
Independent dimensions
Mainstream potential
6/10
Technical importance
7/10
Adoption evidence
5/10
- Project is 18 months old; long-term maintenance commitment by Tencent not guaranteed despite current corporate backing; potential for abandonment if internal priorities shift.
- Test coverage and security audit status not documented; no evidence of third-party security validation of the scanning rules themselves—risk that detectors may have false positives/negatives.
- Adoption scale not publicly documented; real-world production usage may be limited despite star count; unclear if adoption is concentrated within Tencent or distributed.
- Multi-language documentation and broad feature set may indicate scope creep; maintenance burden could increase; unclear which scanner types receive most investment.
- Dependency on external LLM APIs (implied by jailbreak evaluation); cost and latency not discussed; potential vendor lock-in if platform strongly coupled to specific model providers.
Project likely to remain active and maintained through 2027 given current release velocity and corporate backing. Mainstream adoption will depend on: (1) success at Black Hat and security conference visibility, (2) documented enterprise case studies, (3) ecosystem integration depth. May carve out a stable niche in large-organization AI security workflows, particularly those already using Tencent infrastructure or favoring Tencent-backed tooling. Unlikely to displace mature category leaders but could become standard practice for comprehensive pre-deployment AI security audits.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Python
- License
- Apache-2.0
- Last updated
- 2d ago
- Created
- 19mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Top contributors
Similar repos
Unclecheng-li/VulnClaw
VulnClaw is an AI-driven penetration testing CLI tool that automates the full...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
4.1k | +54 | Python | 7/10 | 2d ago |
|
|
2k | — | Python | 8/10 | 8h ago |
|
|
2.1k | — | Python | 8/10 | 2d ago |
|
|
1.2k | — | TypeScript | 7/10 | 14h ago |
|
|
12.7k | — | Python | 8/10 | 3d ago |
|
|
4.2k | — | TypeScript | 7/10 | 24h ago |
11,289 stars vs. 4,005; SkillSpector focuses narrowly on AI skill/tool exploitation; AI-Infra-Guard is broader (infrastructure + jailbreak + agent + MCP). SkillSpector likely more established; AI-Infra-Guard more comprehensive.
4,532 stars vs. 4,005; both recent projects in AI red teaming space; Decepticon appears focused on deception/adversarial testing; AI-Infra-Guard more infrastructure-oriented. Similar maturity level, different scope.
1,916 stars; appears to focus on testing/evaluation rather than security red teaming; different use case, not direct competitor.
1,978 stars, Go-based; Pentest-Swarm may target swarm-based penetration testing; AI-Infra-Guard is security scanning platform. Different execution models.




