TypeScript ai-security

Open-source TypeScript projects categorized as ai-security
Edit details
llm-security TypeScript mcp prompt-injection ai-agents
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 23 TypeScript ai-security Projects

TypeScript logo
ai-security

  1. numasec

    The AI Agent for Cyber Security.

    Project mention: I ran an AI pentester on a vibe-coded quiz app and found 22 vulnerabilities | news.ycombinator.com | 2026-04-07

  2. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  3. secureclaw

    SecureClaw - Security Plugin and Skill for OpenClaw OWASP-Aligned

    Project mention: Every AI Agent Skills Platform You Need to Know in 2026 | dev.to | 2026-02-19

    ClawHub + SecureClaw. Install SecureClaw first, then use it to audit everything else.

  4. agent-threat-rules

    Open detection standard -- like Sigma, but for AI agents. 425 rules, shipped in Microsoft AGT, Cisco AI Defense, MISP, OWASP A-S-R-H. 97.1% recall on NVIDIA garak. NIST OSCAL Path 1.

    Project mention: I Scanned 2,386 MCP Packages on npm. 402 Were Critical. Here's What I Found. | dev.to | 2026-03-22

    Everything is open source (MIT): ATR rules + PanGuard scanner

  5. node9-proxy

    The Execution Security Layer for the Agentic Era. Providing deterministic "Sudo" governance and audit logs for autonomous AI agents.

    Project mention: Running Hermes Agent in the Cloud Safely: A Reader's Guide to Their Trust Model | dev.to | 2026-06-10

    If you want the in-process gate to be sharper, you can layer one on. This is where Node9 fits in a Hermes deployment: an AST-based policy engine that parses shell commands the way the OS does (not the way regex does), so obfuscated payloads (echo "Y3VybCAuLi4="| base64 -d | bash) collapse into their actual execution graph before the approval decision is made. It also runs a per-call inspection layer that catches credentials in outbound arguments, anomalously large payloads, and force-push patterns that simple denylists miss. The AST-parsing approach is covered in detail in Why Regex Is Not Enough.

  6. toolhive-studio

    ToolHive is an application that allows you to install, manage and run MCP servers and connect them to AI agents

    Project mention: Taming MCPs, Skills, and Agent Chaos with ToolHive | dev.to | 2026-04-25

    I ended up using their CLI and desktop app, ToolHive Studio. My hope was that ToolHive could become the control plane for running MCPs, storing auth, and distributing skills. Most importantly, I wanted one command that could register an MCP or skill across all of my coding agents.

  7. deterministic-agent-control-protocol

    Governance gateway for AI agents — bounded, auditable, session-aware control with MCP proxy, shell proxy & HTTP API. Works with Cursor, Claude Code, Codex, and any MCP-compatible agent.

    Project mention: Show HN: DACP – governance gateway for AI coding agents | news.ycombinator.com | 2026-02-10

  8. rehydra-sdk

    Prevent accidental PII leakage in LLM prompts before they hit the model.

    Project mention: Stop Sending Your .env to OpenAI: A Privacy Layer for OpenCode | dev.to | 2026-03-24

    And it isn't destructive. Unlike regex scrubbing for analytics pipelines, this is fully reversible. Your data is abstracted during transit and restored for local execution. Nothing is lost (that's the whole point of Rehydra).

  9. panguard-ai

    Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。

    Project mention: I Scanned 2,386 MCP Packages on npm. 402 Were Critical. Here's What I Found. | dev.to | 2026-03-22

    Everything is open source (MIT): ATR rules + PanGuard scanner

  10. prompt-injector

    AI security and prompt injection payload toolkit

    Project mention: Prompt Injection 2.0: Hybrid AI Threats – Paper and Open Source Testing Toolkit | news.ycombinator.com | 2025-07-23

    - GitHub: https://github.com/preambleai/prompt-injector

    Background: We first discovered prompt injection vulnerabilities in GPT-3 back in May 2022 and responsibly disclosed to OpenAI. This new research shows how the threat landscape has evolved with agentic AI systems.

  11. agentshield-benchmark

    Open benchmark for AI agent security tools — prompt injection, data exfiltration, tool abuse, provenance

    Project mention: GentShield – Open benchmark of 6 AI agent security tools (537 test cases) | news.ycombinator.com | 2026-02-15

  12. PROMPTPurify

    Prompt-injection guardrail for LLM applications. Compact model that outperforms larger open-source guards. No regex, no signatures. Demo: anton.securelayer7.net

    Project mention: PROMPTPurify: MB CPU-only prompt-injection guard (benchmarked vs. OSS guard) | news.ycombinator.com | 2026-05-29

  13. sdk-javascript

    The official JavaScript SDK for the Modzy Machine Learning Operations (MLOps) Platform.

  14. agent-shield

    Multi-engine security scanner for AI agents, MCP servers & plugins — 13 engines, one report.

    Project mention: We Scanned 17 Popular MCP Servers — Here's What We Found | dev.to | 2026-03-13

    We built Agent Shield, a security scanner for AI agent tools, and used it to audit 17 of the most popular MCP servers — including official ones from Anthropic, AWS, Cloudflare, Docker, Brave, and Azure.

  15. aegis

    Credential isolation for AI agents. Local-first transparent proxy — your agent never sees your API keys. (by getaegis)

    Project mention: How I Built Aegis — A Credential Isolation Proxy for AI Agents | dev.to | 2026-03-19

    The source is at github.com/getaegis/aegis — Apache 2.0 licensed. If this approach resonates, stars, issues, and feedback are genuinely helpful.

  16. aiignore-cli

    One command to protect your secrets from all AI coding tools

    Project mention: File exclusion reliability of AI coding tools | news.ycombinator.com | 2026-03-22

  17. scopeblind-gateway

    Active development continues at ScopeBlind/scopeblind-gateway. - Security gateway for MCP servers. Cedar policy engine, Ed25519-signed receipts, per-tool enforcement. IETF Internet-Draft. 4 patents pending. npx protect-mcp

    Project mention: Signed receipts for MCP tool calls – prove what your agent did | news.ycombinator.com | 2026-03-25

  18. universal-prompt-security-standard

    Universal Prompt Security Standard (UPSS): A framework for externalizing, securing, and managing LLM prompts and genAI systems, inspired by and extending OWASP OPSS concepts for any organization or project.

    Project mention: Ask HN: What Are You Working On? (Nov 2025 | news.ycombinator.com | 2025-11-09

    - Support both startups and enterprises with practical, not theoretical, security

    Version 1.1.0 is now available with Python implementation and examples for Node.js, Java, Go, Rust.

    We're actively looking for community contributions - security primitives, framework integrations, language implementations, and adoption stories.

    https://github.com/upss-standard/universal-prompt-security-s...

  19. enforra

    Open source action governance SDK for AI agent tool calls.

    Project mention: System prompts are not a security boundary for AI agents | dev.to | 2026-05-21

  20. TrustVector

    Independent, evidence-based trust evaluations for 100+ AI models, agents, and tools.

    Project mention: Show HN: TrustVector – Trust evaluations for AI models, agents, & MCP | news.ycombinator.com | 2026-02-13

  21. id.wispera

    Passport & visa system for AI agent credentials. Detect, classify, and govern API keys, tokens, and secrets across MCP, OpenAI, Anthropic, LangChain, and more. Encrypted vault, policy engine, audit trails, delegation chains. Drop-in MCP server replaces plaintext credential storage.

    Project mention: An open-source credential manager for AI agents | dev.to | 2026-02-13

    Website: id.wispera.ai Repo: github.com/gecochief/id.wispera Docs: docs.id.wispera.ai npm: @id-wispera/core PyPI: id-wispera

  22. mguard

    Memory defense for AI agents — stops MINJA, AgentPoison, and MemoryGraft attacks. Zero dependencies.

    Project mention: Show HN: Mguard – First defense against MINJA memory poisoning attacks | news.ycombinator.com | 2026-03-08

  23. capkit

    Scoped, time-bound, cryptographically-signed capabilities for AI agents. Zero dependencies. Sovereign by design.

    Project mention: I built a 200-line library to stop AI agents from going rogue (capkit) | news.ycombinator.com | 2026-03-22

  24. asqav-compliance

    CI/CD compliance scanner for AI agents - EU AI Act, DORA, ISO 42001. GitHub Action for automated compliance checks on every PR.

    Project mention: We just launched asqav on Hacker News - quantum-safe audit trails for AI agents | dev.to | 2026-04-06
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

TypeScript ai-security discussion

Log in or Post with

TypeScript ai-security related posts

  • System prompts are not a security boundary for AI agents

    1 project | dev.to | 21 May 2026

  • Show HN: Enforra – open-source action governance for AI agent tool calls

    3 projects | news.ycombinator.com | 19 May 2026

  • I ran an AI pentester on a vibe-coded quiz app and found 22 vulnerabilities

    1 project | news.ycombinator.com | 7 Apr 2026

  • 285 Ways to Attack an AI Agent — A Security Taxonomy

    1 project | dev.to | 30 Mar 2026

  • Stop Sending Your .env to OpenAI: A Privacy Layer for OpenCode

    1 project | dev.to | 24 Mar 2026

  • How I Built Aegis — A Credential Isolation Proxy for AI Agents

    2 projects | dev.to | 19 Mar 2026

  • Node9 – A "sudo" wrapper for AI agents with auto Git snapshots

    1 project | news.ycombinator.com | 19 Mar 2026
  • A note from our sponsor - SaaSHub
    www.saashub.com | 16 Jun 2026
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source ai-security projects in TypeScript? This list will help you:

# Project Stars
1 numasec 390
2 secureclaw 345
3 agent-threat-rules 248
4 node9-proxy 202
5 toolhive-studio 136
6 deterministic-agent-control-protocol 88
7 rehydra-sdk 68
8 panguard-ai 48
9 prompt-injector 26
10 agentshield-benchmark 24
11 PROMPTPurify 17
12 sdk-javascript 16
13 agent-shield 14
14 aegis 11
15 aiignore-cli 9
16 scopeblind-gateway 8
17 universal-prompt-security-standard 7
18 enforra 4
19 TrustVector 4
20 id.wispera 4
21 mguard 4
22 capkit 3
23 asqav-compliance 2

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
Loading...