A global community of security researchers, developers, and enthusiasts building open-source tools to secure generative AI applications and infrastructure.

GenSecAI is a non-profit community dedicated to using generative AI to defend against AI-powered attacks. We build open-source tools to secure our digital future from emerging AI threats, making AI security accessible to everyone.

Detect npm packages compromised in the Shai-Hulud 2.0 supply-chain attack with a battle-tested GitHub Action and CLI.

• Features: Lockfile and repo scanning, SARIF reports, CI/CD integration, allowlist support
• Tech Stack: TypeScript, GitHub Actions, Node.js
• Target: Supply chain security for npm projects

Security scanner for CVE-2025-55182 – a critical RCE vulnerability in React Server Components.

• Features: Scans npm/pnpm/yarn lockfiles, Docker images, SBOMs, and live URLs; auto-fix mode; SARIF output; GitHub Actions; Vercel runtime protection middleware
• Tech Stack: TypeScript, Node.js, GitHub Actions
• Use Case: React2Shell exposure detection and mitigation

AI-powered security operations with Wazuh SIEM + Claude Desktop.

Transform your SOC with natural language threat detection, automated incident response & compliance monitoring.

• Features: Real-time monitoring, ML anomaly detection, conversational security analysis
• Tech Stack: Python, Wazuh, MCP Protocol
• Status: Production-ready

Developer-first Kubernetes security scanner with instant pod replay.

Debug production issues locally in seconds with AI-powered explanations.

• Features: CERT-IN friendly posture, instant pod replay, AI-guided diagnostics
• Tech Stack: Go, Kubernetes, AI/ML
• Use Case: Kubernetes security scanning and compliance

“The Trivy of MCP security” – a Security Command Center for Model Context Protocol (MCP) servers.

• Features: Detects prompt injection, tool poisoning, secret exposure, and misconfigurations; OWASP MCP Top 10 coverage; SARIF/JSON/HTML/PDF outputs
• Tech Stack: Python, FastAPI, MCP client + YARA rules
• Use Case: Continuous security scanning of MCP servers and CI/CD pipelines

Manage pfSense firewalls using natural language through AI assistants like Claude Desktop.

• Features: 5-level RBAC, REST/XML-RPC/SSH support, built-in compliance checks
• Tech Stack: Python, pfSense, MCP Protocol
• Benefits: Natural language firewall management

API security testing tool that leverages multiple Large Language Models (LLMs) to perform intelligent, context-aware API security assessments.

• Features: Multi-LLM support, context-aware testing, automated vulnerability discovery
• Tech Stack: Python, multiple LLM providers
• Target: API security testing

Automates the scanning process using OpenSCAP Security Guide to harden Ubuntu systems, aligning with DISA-STIG-style compliance.

• Features: Ubuntu 24.04 LTS minimum, opinionated hardening, compliance-friendly profiles
• Tech Stack: Shell scripting, OpenSCAP
• Purpose: System hardening and compliance

Modern web application utilizing Next.js App Router to perform robust RDAP queries.

• Features: Domain/IP/ASN/entity lookup, modern UI, security-centric checks
• Tech Stack: TypeScript/JavaScript, Next.js
• Benefits: Structured registration & domain intelligence data

Demonstrates various MCP poisoning attacks affecting real-world AI agent workflows.

• Purpose: Security research and awareness
• Target: AI agent and tool security
• Type: Proof of Concept

Shell scripts to identify and remediate installations of xz-utils affected by CVE-2024-3094.

• Features: Detection, downgrade/rollback options, Ansible playbook
• Use Case: Fleet-wide validation during critical backdoor incidents

A comprehensive MCP server for analyzing SonicWall firewall logs from SonicOS 7.x and 8.x.

• Features: Intelligent log analysis, threat detection, security insights via MCP tools
• Tech Stack: TypeScript, MCP, SSE/HTTP transport
• Compatibility: SonicOS 7.x and 8.x

A meticulously crafted collection of 75+ specialized Claude Code sub-agents for comprehensive software development support.

• Features: Curated sub-agents, accuracy-focused, efficiency-optimized
• Tech Stack: Claude Code framework
• Purpose: Enhanced AI-assisted development

Specialized framework for MCP development featuring 8 Claude Code sub-agents and production-ready templates.

• Features: Security hooks, FastMCP server templates, markdown-driven agents
• Tech Stack: Python, FastMCP, MCP Protocol
• Benefits: Immediate MCP development assistance

Simplifies obtaining and managing Let’s Encrypt IP certificates with automatic renewal and comprehensive validation.

• Features: Automatic renewal, robust validation, logging
• Tech Stack: Shell scripting, Let’s Encrypt/Certbot
• Use Case: SSL certificate management for IP-only endpoints

Simple shell script for automating the installation and renewal of Let’s Encrypt SSL certificates on Linux servers using Nginx.

• Features: Automated installation, renewal, Nginx integration
• Tech Stack: Shell scripting, Nginx, Let’s Encrypt
• Purpose: Simplify SSL certificate management

We believe in the power of community-driven security research.
Our projects are:

• ✅ 100% Open Source – All tools are freely available
• 🌍 Globally Collaborative – Contributors from around the world
• 🧪 Research-Focused – Advancing the state of AI and security
• 🧱 Practical & Production-Ready – Real-world, deployable solutions

1. Browse our repositories for tools that match your needs
2. Check individual project documentation for installation and deployment guides
3. Join our community discussions to share insights and get help

1. Fork the repository you’re interested in
2. Create a feature branch (git checkout -b feature/AmazingFeature)
3. Commit your changes (git commit -m 'Add some AmazingFeature')
4. Push to the branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

• 15+ Active Projects – Covering multiple areas of AI and security
• Growing Community – Security researchers, developers, and enthusiasts
• Global Reach – Contributors and users worldwide
• Enterprise-Ready – Tools used in production environments

• Website: gensecai.org
• Email: ask@gensecai.org
• Twitter: @GensecAI
• GitHub: github.com/gensecaihq

1. AI-First Security – We leverage AI to defend against AI threats
2. Open Source Philosophy – Democratizing AI security for everyone
3. Practical Solutions – Production-ready tools, not just research
4. Community Driven – Built by the community, for the community
5. Compliance Focus – Tools designed with regulatory requirements in mind

Most of our projects are released under open-source licenses (MIT, Apache 2.0, etc.).
Please check individual repositories for specific licensing information.

As a non-profit organization, we rely on community support to continue our work. You can help by:

• ⭐ Starring our repositories
• 🐛 Reporting bugs and suggesting features
• 🧩 Contributing code and documentation
• 📣 Spreading the word about our projects
• ☁️ Supporting our infrastructure costs

Building a secure AI future, one commit at a time.
Made with ❤️ by the GenSecAI Community