Tencent

Tencent/AI-Infra-Guard

Python Apache-2.0 Security

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

4.1k stars
394 forks
active
GitHub +54 / week

4.1k

Stars

394

Forks

18

Open issues

30

Contributors

v4.1.15 25 Jun 2026

AI Analysis

AI-Infra-Guard is a comprehensive red teaming platform by Tencent's Zhuque Lab designed to identify security vulnerabilities in AI systems through multiple specialized scanners: OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI infrastructure vulnerability assessment, and LLM jailbreak evaluation. It serves AI security teams, researchers, and organizations deploying AI agents and language models who need systematic security risk assessment. This is a specialized security tool for ...

Security Security Tool Discovery value: 6/10
Documentation 8/10
Activity 9/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

ai-security red-teaming llm-jailbreak agent-security vulnerability-scanner
Actively maintained Well documented Niche/specialized use case Popular Production ready
Deep Analysis · Based on README and public signals
2w ago

Tencent's AI red teaming platform covering LLM jailbreaks, agent vulnerabilities, and infrastructure security scanning

AI-Infra-Guard is a comprehensive red teaming platform designed to identify and assess security risks across AI systems—covering LLM jailbreaks, agent behavior exploitation, MCP server vulnerabilities, and infrastructure misconfigurations. Built by Tencent's Zhuque Lab, it targets AI teams, security researchers, and infrastructure operators who need to self-audit AI deployment security before production. The project shows active development with frequent releases, multi-language documentation, and demonstrated adoption in security conferences and integration ecosystems.

Origin

Created 2024-12-25, AI-Infra-Guard emerged as Tencent's response to the growing need for structured AI security assessment tooling. The project evolved rapidly through 2025–2026, expanding from core LLM jailbreak detection to a modular platform covering agents, infrastructure, and MCP servers—reflecting the widening attack surface as AI systems became more complex and interconnected.

Growth

The project gained ~4,000 stars in roughly 18 months, with 53 stars in the last 7 days (as of 2026-06-29). Growth appears driven by: (1) corporate backing from Tencent (Zhuque Lab), (2) presence at Black Hat EU 2025, (3) inclusion in multiple awesome-* lists, (4) active release cadence (5–6 releases per month visible in changelog), and (5) multi-language documentation suggesting international outreach. Docker adoption metrics are referenced but not detailed in README.

In production

Adoption appears present but adoption metrics not quantified: (1) Black Hat EU 2025 Arsenal inclusion suggests security professional interest; (2) ClawHub integration implies internal Tencent platform use; (3) Docker pull metrics referenced but not shown; (4) Multi-language documentation (8 languages) signals international adoption effort. However, no public case studies, no disclosed enterprise users, no GitHub discussions revealing production deployment scale. Adoption not verified at enterprise scale but adoption not verified does not mean absent.

Code analysis
Architecture

Appears to be a modular scanning platform with distinct subsystems: OpenClaw Security Scan (general security), Agent Scan (behavioral exploitation), Skills Scan (AI skill exploitation), MCP Scan (Model Context Protocol server vulnerability detection), AI Infra Scan (deployment misconfiguration), and LLM Jailbreak Evaluation (prompt injection testing). README indicates REST API, Docker deployment, and integration with ClawHub ecosystem. Likely uses Python backend with modular scanner architecture, though specific framework details not documented in README.

Tests

Not documented in README. No mention of CI/CD test results, coverage reports, or testing methodology. Cannot infer test rigor from available metadata.

Maintenance

Strong maintenance signals: last push 2026-06-29 (same day as analysis date); 5–6 releases per month across June 2026; 385 forks indicating active forking; explicit versioning (v4.1.15 as latest). No evidence of stagnation. README references recent additions (MCP threat rules, jailbreak operators, CVE expansions, fingerprint library updates) all dated within last 2 weeks of analysis date, suggesting continuous feature velocity.

Honest verdict

ADOPT IF: your organization deploys multiple AI systems (LLMs, agents, MCP servers) and needs structured self-assessment before production; you want a modular platform covering multiple threat vectors; you accept using a 18-month-old project backed by a major vendor. AVOID IF: you need hardened, extensively battle-tested tooling with published case studies and third-party security audits; your threat model is highly specialized outside the documented scanner types; you require on-premise deployment without Docker/API dependency. MONITOR IF: you are a security researcher evaluating emerging AI red teaming tools; you want to assess whether Tencent's platform becomes an industry standard; you are considering contributing to an actively maintained open-source security project in the AI space.

Independent dimensions

Mainstream potential

6/10

Technical importance

7/10

Adoption evidence

5/10

Risks
  • Project is 18 months old; long-term maintenance commitment by Tencent not guaranteed despite current corporate backing; potential for abandonment if internal priorities shift.
  • Test coverage and security audit status not documented; no evidence of third-party security validation of the scanning rules themselves—risk that detectors may have false positives/negatives.
  • Adoption scale not publicly documented; real-world production usage may be limited despite star count; unclear if adoption is concentrated within Tencent or distributed.
  • Multi-language documentation and broad feature set may indicate scope creep; maintenance burden could increase; unclear which scanner types receive most investment.
  • Dependency on external LLM APIs (implied by jailbreak evaluation); cost and latency not discussed; potential vendor lock-in if platform strongly coupled to specific model providers.
Prediction

Project likely to remain active and maintained through 2027 given current release velocity and corporate backing. Mainstream adoption will depend on: (1) success at Black Hat and security conference visibility, (2) documented enterprise case studies, (3) ecosystem integration depth. May carve out a stable niche in large-organization AI security workflows, particularly those already using Tencent infrastructure or favoring Tencent-backed tooling. Unlikely to displace mature category leaders but could become standard practice for comprehensive pre-deployment AI security audits.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Python
75.7%
Go
23.3%
HTML
0.6%
Shell
0.3%
Dockerfile
0.1%

Information

Language
Python
License
Apache-2.0
Last updated
2d ago
Created
19mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

Unclecheng-li

Unclecheng-li/VulnClaw

VulnClaw is an AI-driven penetration testing CLI tool that automates the full...

2k Python Security
confident-ai

confident-ai/deepteam

DeepTeam is an open-source red teaming framework for LLMs that simulates...

2.1k Python Security
CyberStrikeus

CyberStrikeus/CyberStrike

CyberStrike is an open-source AI-powered offensive security agent that...

1.2k TypeScript Security
NVIDIA

NVIDIA/SkillSpector

SkillSpector is a security scanner specifically designed to detect...

12.7k Python Security
elder-plinius

elder-plinius/T3MP3ST

T3MP3ST is an autonomous multi-agent offensive security framework that...

4.2k TypeScript Security
vs. alternatives
NVIDIA/SkillSpector

11,289 stars vs. 4,005; SkillSpector focuses narrowly on AI skill/tool exploitation; AI-Infra-Guard is broader (infrastructure + jailbreak + agent + MCP). SkillSpector likely more established; AI-Infra-Guard more comprehensive.

PurpleAILAB/Decepticon

4,532 stars vs. 4,005; both recent projects in AI red teaming space; Decepticon appears focused on deception/adversarial testing; AI-Infra-Guard more infrastructure-oriented. Similar maturity level, different scope.

confident-ai/deepteam

1,916 stars; appears to focus on testing/evaluation rather than security red teaming; different use case, not direct competitor.

Armur-Ai/Pentest-Swarm-AI

1,978 stars, Go-based; Pentest-Swarm may target swarm-based penetration testing; AI-Infra-Guard is security scanning platform. Different execution models.