20 open-source cybersecurity tools to keep your team ready for anything

AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-source releases for vulnerability research, application security testing, container security, endpoint protection, AI security, and penetration testing.

latest open-source cybersecurity tools

AIMap: Open-source tool finds and tests exposed AI endpoints

Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate limits. AIMap is an open-source platform that finds these systems at internet scale, fingerprints them, scores their exposure, and runs protocol-specific attack tests against authorized targets.

latest open-source cybersecurity tools

AgentGG: Open-source agentic SAST scanner

Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a finding before they report it. The project is an open-source agentic SAST scanner released under the Apache 2.0 license.

Agent Beacon: Open-source telemetry layer for AI agents

AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for those runtimes and writes a normalized record of what each agent does across local, CI, and cloud-agent surfaces.

Agent Threat Rules: Open detection rule format for AI agent security threats

AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, and credential theft. Public CVE feeds carry agent-execution flaws that reach production faster than the tooling built to catch them. Agent Threat Rules, or ATR, is an open detection format aimed at this category of attack.

CVE Lite CLI: Open-source dependency vulnerability scanner

Dependency vulnerability scanning in JavaScript and TypeScript projects typically happens late in the development process, forcing developers to address vulnerabilities after code is written. CVE Lite CLI, now an OWASP Incubator Project, moves vulnerability scanning to the terminal, checking project lockfiles against the Open Source Vulnerabilities database and providing fix commands for npm, pnpm, Yarn, and Bun.

DockSec: Open-source AI-powered Docker security scanner

DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns a 0-100 security score, and proposes line-specific fixes.

Lyrie: Open-source autonomous pentesting agent

Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase.

DarkMoon: Open-source AI pentesting platform

Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises to narrow those gaps. A growing set of projects now hands the work to AI agents that plan and execute on their own. DarkMoon, an open-source platform, sits in that group. It runs a security assessment end to end and delivers an evidence-backed report at the finish.

Microsoft AntiSSRF open-source library helps block server-side request forgery

AntiSSRF is an open-source code library from Microsoft that validates URLs and network connections to reduce server-side request forgery (SSRF) risks in web applications. It supports .NET and Node.js applications and is distributed under the MIT license. The library works as a drop-in component, giving developers a way to check untrusted input before their applications make outbound requests.

latest open-source cybersecurity tools

Microsoft open-sources tools for designing and testing AI agents

Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that stress-tests its own AI systems, and both tools have been used internally before being open-sourced.

Nika: Open-source code analysis tool

Many web application vulnerabilities span multiple files, making them difficult for file-by-file scanners to detect. Nika, an open-source tool from PhonePe, performs cross-file taint analysis for Java microservices, tracing untrusted input across application layers to identify exploitable data flows.

OpenHack: Open-source AI-powered vulnerability research

AI coding assistants such as Claude Code, Codex, and Cursor are used for source-guided vulnerability research. OpenHack, a new MIT-licensed project from Hadrian, packages this approach into a file-based workspace that enables agent-driven code reviews across multiple coding harnesses, with durable state stored in plain files and support for human-in-the-loop approval.

Open-source privacy proxy masks PII before prompts reach external AI services

Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an open-source local gateway that detects and masks personally identifiable information before requests leave the network.

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

AI agents rely on persistent memory across sessions, creating opportunities for attackers to inject malicious instructions that influence future behavior. Agent Memory Guard is an open-source runtime defense layer that screens every memory read and write using detection pipelines and policy-based controls.

Pipelock: Open-source AI agent firewall

AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under the PipeLab project, addresses this exposure by inserting an enforcement layer between agents and the network.

latest open-source cybersecurity tools

Praxen: Open-source AI agent behavior verification

Praxen is an open-source tool with a simple job: it checks whether an AI agent does what it claims to do. The tool takes an agent’s declared policy, looks at how the agent operates, and points out every spot where the two drift apart.

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a Rust-based endpoint agent, is an attempt to collapse that work into a single codebase.

Sandyaa: Open-source autonomous security bug hunter

Source code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace how data moves through it, and produce working exploit code for the vulnerabilities it confirms. Their open-source tool, called Sandyaa, was released under an MIT license.

latest open-source cybersecurity tools

Vigolium: Open-source vulnerability scanner

Vigolium, an open-source vulnerability scanner, combines deterministic scanning with AI-driven auditing. It includes 235+ scanner modules and an AI agent that automates endpoint discovery, attack planning, finding triage, source code audits, and dynamic security testing.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!

Don't miss