AgentSearch Directory

Cybersecify

Enterprise AI Application Security Platform

Six pillars, one platform: AI DAST for agents and MCP, AI SCA for supply chain, ASPM integrations for your existing dashboard, Agent Identity & Trust, Runtime Protection, and Compliance mapped to OWASP MCP / LLM / Agentic AI Top 10, AISVS, EU AI Act and SOC 2.

See the platform Cybersecify Pro Install Community Edition
6
Platform Pillars
19
Security Tools
30+
Standards Controls
0
Dependencies
Get Started

One line install

Register with your email to get install instructions. Free, no registration fees.

Enter your email to unlock install instructions
We'll send a verification link. No spam, ever. Your email is used solely for licence compliance.
Capabilities

20 security tools

MCP server scanning, agent DAST, OpenAPI x-agent-trust audit, supply chain checks, and runtime decisions -- all from natural language.

MCP Security

scan_server

Full OWASP MCP Top 10 scan of any MCP server endpoint. Tests authentication, input validation, rate limiting, and more.

Scan this MCP server

assess_risk

Risk-rate all exposed tools on a server. Flags dangerous capabilities like file system access, code execution, and network calls.

How risky is this server?

check_call

Runtime GO/CAUTION/BLOCK decision for any MCP tool call. Evaluates the tool, arguments, and context before execution.

Should I make this call?

check_args

Injection pattern detection across tool arguments. Catches prompt injection, SQL injection, command injection, and XSS patterns.

Are these arguments safe?
Supply Chain

safe_to_install

Pre-install safety check for any npm or PyPI package. Checks age, maintainers, known vulnerabilities, and typosquatting signals.

Is litellm safe to install?

audit_dependencies

Bulk dependency audit from package.json or requirements.txt. Checks every dependency against vulnerability databases in parallel.

Audit my package.json

check_cves

CVE database lookup for any package. Returns known vulnerabilities with severity ratings and fix versions.

Any CVEs for mcp-bridge?

check_repo

GitHub repo trust scoring. Checks stars, forks, contributors, license, recent activity, and open security advisories.

Is this repo safe?
Threat Intelligence

check_agent

Query the Agent Threat Database for known incidents. Checks AI agents, MCP servers, and packages against real-world data exfiltration, credential theft, and supply chain attacks.

Any known threats for mcp-remote?
Compliance

compliance_scan

Scan any MCP server against EU AI Act, OWASP Agentic AI Top 10, and OWASP MCP Top 10 in one command. Unified compliance report with remediation.

Is my MCP server EU compliant?
Agent DASTNEW

Dynamic security testing for AI agents. Not the code they write -- the agents themselves. Test identity enforcement, trust boundaries, privilege escalation, and credential handling on live agents.

scan_agent

Full OWASP Agentic AI Top 10 assessment of a live agent. Tests identity verification, trust boundaries, privilege controls, and data handling.

Scan this agent for vulnerabilities

test_identity

Verify agent identity enforcement. Tests whether an agent rejects unverified peers, validates certificates, and enforces trust levels before acting.

Does this agent verify who calls it?

test_escalation

Privilege escalation testing. Can a low-trust agent trick a higher-trust agent into performing actions beyond its scope? Simulates confused deputy attacks.

Can this agent be tricked into escalating?

test_credentials

Credential leakage detection. Tests whether an agent exposes API keys, tokens, certificates, or private keys in responses, logs, or error messages.

Does this agent leak credentials?

test_trust_boundary

Agent-to-agent trust boundary testing. Injects a rogue agent into the pipeline and tests whether the target agent blindly trusts it or verifies identity first.

Does this agent blindly trust other agents?

test_poisoning

MCP tool poisoning resistance. Tests whether an agent validates tool definitions before execution or blindly runs modified tool schemas.

Is this agent resistant to tool poisoning?

agent_posture

Full security posture report. Combines all agent DAST tests into a single trust score with OWASP Agentic AI Top 10 mapping and remediation guidance.

Give me this agent's security score

monitor_agent

Runtime agent behaviour monitoring. Watches an agent's MCP calls in real-time, flags anomalous patterns, and alerts on trust violations.

Watch this agent for suspicious behaviour
New in v0.6.0 · OpenAPI Approved

Cybersecify now audits x-agent-trust compliance

The first security scanner to support the officially registered OpenAPI extension for AI agent authentication.

View in Registry →

audit_x_agent_trust

Audit any OpenAPI spec for x-agent-trust compliance. Flags weak algorithms (HS256), non-HTTPS JWKS endpoints, missing trust level declarations, and sensitive operations (payments, admin, delete) that do not enforce x-agent-trust-required. Reads YAML or JSON. Zero network calls -- pure static audit.

Audit my openapi.yaml for x-agent-trust
Compliance

EU AI Act mapping

Cybersecify checks map directly to articles of the EU AI Act (Regulation 2024/1689). We do not certify conformity — we produce evidence to support an Article 11 technical file or an Article 16 conformity assessment.

ArticleWhat it requiresWhat Cybersecify checksAutomated
Art 9
Risk management		 Risk management system proportionate to the AI system's intended purpose and risk level. Trust levels (L0-L4), per-tool sensitivity-based access control, runtime risk rating of exposed tools. PARTIAL
Art 12
Record-keeping		 Automatic recording of events ("logs") over the lifetime of the AI system, tamper-evident. MCPS per-message signing, audit trail endpoints, structured log format, append-only chain. YES
Art 13
Transparency		 The AI system must be sufficiently transparent to enable users to interpret its output and use it appropriately. Agent passport (declares identity and capabilities), model_id in responses, declared tool surface. YES
Art 14
Human oversight		 Humans can effectively oversee, intervene, override, or shut down the AI system. Trust level gating, runtime GO/CAUTION/BLOCK decisions, kill-switch endpoints, confirmation prompts on destructive tools. PARTIAL
Art 15
Cybersecurity		 Appropriate level of accuracy, robustness and cybersecurity throughout the AI system's lifecycle. Authentication, TLS, rate limiting, per-message signing, replay protection, dependency CVE checks, injection pattern detection. YES
Art 16
Provider obligations		 Quality management system, conformity assessment, technical documentation, registration in the EU database. Tool integrity (signed schemas), supply-chain audit, dependency provenance, structured compliance report for the technical file. YES
Art 17
Quality management		 Documented quality management system covering compliance strategy, design controls, testing and validation. Structured audit trail format, exportable compliance report, machine-readable evidence bundle. PARTIAL
Art 50
AI identification		 Users must be informed they are interacting with an AI system. AI-generated content must be marked. Agent passport header, agent_type field, MCP-layer identity declaration on every tool call. YES
38
Automated checks across OWASP AISVS C10 (Component Integrity, AuthN/AuthZ, Secure Transport, Schema Validation, Outbound Access, Boundary Controls). CyberSecAI Ltd contributed 5 of the C10 requirements via OWASP/AISVS PR #608.
10/10
OWASP MCP Top 10 risks mapped 1:1: Token Mismanagement, Privilege Escalation, Tool Poisoning, Supply Chain, Command Injection, Intent Subversion, Insufficient Auth, Lack of Audit, Shadow Servers, Context Injection.
22
MCP Security Controls -- 22 hardening controls across authentication, signing, audit, and supply chain. Auto-cited in every Cybersecify remediation report.

Cybersecify produces evidence to support Article 11 technical documentation and Article 16 conformity assessment. It does not certify conformity. Always engage qualified legal and audit personnel for the formal Article 16 assessment. Mapping based on the EU AI Act final text (Regulation (EU) 2024/1689).

Try It

See it in action

Test against our deliberately vulnerable MCP server.

Scan dvmcp.co.uk -- our deliberately vulnerable MCP server

Or install cybersecify and ask your AI to scan any server.

Why This Matters

Supply chain attacks are real.

These are not hypothetical threats. Compromised packages, credential stealers, and typosquats are hitting AI developers every week. Cybersecify catches them before you install.

litellm CVE-2026-33634
TeamPCP compromised LiteLLM on PyPI (Mar 2026). Malicious versions contained a multi-stage credential stealer targeting SSH keys, cloud tokens, Kubernetes secrets, and .env files plus a persistent systemd backdoor.
3.4M downloads/day · Used by Stripe, Netflix, Google · CVSS 9.4
Detected: safe_to_install returns DANGER (17 known CVEs)
Datadog Security Labs →
npm worm (Shai-Hulud) CRITICAL
Self-replicating npm worm that steals tokens, then publishes trojanised versions of every package the victim maintains. SANDWORM_MODE phase injected MCP servers into AI coding tools (Claude Code, Cursor, VS Code) to manipulate agents into exfiltrating credentials.
796+ packages compromised · 132M monthly downloads affected · CISA advisory issued
Detected: check_cves flags compromised packages from vulnerability databases
Socket.dev →
ultralytics HIGH
Attackers exploited GitHub Actions script injection to push malicious versions of the popular YOLO AI library. Compromised builds deployed XMRig crypto miners on every install. Google Colab users were banned for "abusive activity".
30K+ GitHub stars · 60M+ total PyPI downloads · Malicious for 12 hours
Detected: safe_to_install flags crypto miner CVE (PYSEC-2024-154)
PyPI Official Blog →
deepseeek / deepseekai CRITICAL
Typosquatted DeepSeek packages on PyPI (Jan 2025). Infostealer payload exfiltrated API keys, database credentials, and infrastructure access tokens. The malware itself was AI-generated.
200+ downloads before removal · Targeted ML engineers
Detected: safe_to_install flags new package age, low downloads, name similarity
Dark Reading →
Hugging Face models HIGH
Malicious ML models uploaded in PyTorch format but compressed with 7z to bypass Hugging Face's Picklescan security scanner. Exploited Python's Pickle deserialization to execute arbitrary code when models were loaded.
Bypassed primary security scanning · Prompted safetensors migration
Out of scope: model files, not packages — requires runtime sandboxing
ReversingLabs →
Slopsquatting EMERGING
Attackers register package names that LLMs hallucinate. When an AI assistant recommends a non-existent package, attackers have already created it with malware. 20-35% of hallucinated names were weaponised.
Affects every AI coding assistant · Growing attack vector
Detected: safe_to_install flags zero-history packages with suspicious metadata
Aikido.dev →

73% rise in malicious open-source packages year over year. — ReversingLabs 2026 Report

Credentials

Standards-backed

Built by contributors to the standards that define MCP security.

OWASP

MCP Security Cheat Sheet

Section 7: Message Integrity & Replay Protection. Merged into the official OWASP cheat sheet series.

cheatsheetseries.owasp.org →
IETF

6 Internet-Drafts

Six Internet-Drafts submitted to the IETF covering MCP security, agent identity, audit trails, and ATTP -- the Agent Trust Transport Protocol.

datatracker.ietf.org →

Need runtime protection for production MCP deployments? See MCPSaaS.

Capability · AI DAST

Agent-native AI DAST — with ASPM integrations

Run dynamic security testing against any MCP server or AI agent. All 3 transports (Streamable HTTP, SSE, stdio). 8 testing dimensions. Active exploitation with safety gates. SARIF 2.1 output. Plug into your existing ASPM — Veracode Risk Manager is the first integration, more on the way.

Step 1
AI DAST scan
Step 2
SARIF 2.1
Step 3
Your ASPM

Run a scan in one command

Findings carry full mappings to OWASP MCP Top 10, OWASP LLM Top 10, OWASP Agentic AI Top 10, EU AI Act, SOC 2, PCI-DSS, and CWE. For regulated buyers running an existing ASPM, results land in the dashboard your security team already trusts — no new silo, no new procurement.

aidast https://dvmcp.co.uk

Independent integration. CyberSecAI Ltd is in no way affiliated with, endorsed by, sponsored by, or in any partnership with Veracode, Inc. “Veracode”, “Veracode Risk Manager” and “Longbow” are trademarks of Veracode, Inc., used here under nominative fair use solely to identify a third-party API surface that one of our ASPM integrations targets. All other trademarks are property of their respective owners.

CYBERSECIFY PRO · v2.0

Enterprise MCP Security Platform

Everything in Community, plus fingerprinting, DVMCP benchmarking, rug-pull detection, board-ready PDF reports, taint tracking, deep SAST, and 22 MCP Security Controls.

Community Edition FREE

For individual developers and researchers

  • 9 security tools
  • OWASP MCP Top 10 scan
  • Supply chain checks
  • Threat intelligence
  • CLI and MCP interface
  • Terminal output
  • BSL 1.1 License
Register Free
v2 AVAILABLE

Pro Edition v2.0

For teams and enterprise security

  • Everything in Community, plus:
  • OWASP Top 10 Active Scan Rules (6 checks)
  • OWASP Top 10 Passive Scan Rules (4 checks)
  • MCP Security Controls (22 hardening checks)
  • EU AI Act compliance scan
  • DAST mode with SARIF output
  • New in v2:
  • MCP Server Fingerprinting — SDK, version, transport, auth, capabilities, CVE lookup
  • DVMCP Benchmark Score — compare your server against the deliberately-vulnerable baseline
  • Rug Pull Detection — snapshots + diffs on tool definitions to catch MCP03 poisoning
  • Board-ready PDF Reports — classified, cover page, OWASP + MCP Security Controls matrices
  • Taint Tracker — source-to-sink data-flow analysis for MCP packages
  • Deep Scan (SAST) — pull any npm / pypi / git package, run 15 rules before you install
  • CI/CD integration (GitHub Actions, GitLab)
  • REST API access
  • Scheduled and recurring scans
  • Multi-target scanning
  • SIEM integration (Splunk, Sentinel)
  • Historical trend tracking
  • Team scoreboard and progress
  • Priority support with SLA
Request Pro v2 access

From CyberSecAI Ltd

A coordinated agent & MCP security stack: scanning, signing, identity, payments, training, and standards work.

Sites

cybersecai.co.uk
CyberSecAI Ltd — main brand and standards portfolio
mcp-secure.co.uk
MCPS — cryptographic identity, message signing and trust for MCP
mcpsaas.co.uk
MCPSaaS — managed secure MCP proxy
agentpass.co.uk
AgentPass — trust scoring, sanctions screening and signed payments for agents
dvmcp.co.uk
DVMCP — deliberately vulnerable MCP server for training and scanner validation
dvrag.com
DVRAG — deliberately vulnerable RAG site for security testing and scanner validation

Live demos

ATTP demo
Agent Trust Transport Protocol — sync agent-to-server with mandatory signing
x-agent-auth demo
Agent-Signature header — RFC 9421 wire format and tamper test

npm packages

mcp-secure
Per-message signing for MCP. Zero dependencies.
model-secure
ECDSA signing and verification for AI model files (GGUF, AWQ, GPTQ).
cybersecify
This MCP security scanner, distributed as an npm package.
@proofxhq/attp
Agent Trust Transport Protocol reference implementation.

Standards

OWASP MCP Security Cheat Sheet
CyberSecAI Ltd is a contributor to the message-integrity, replay protection and tool-return prompt-injection sections.

Cybersecify is provided as-is. CyberSecAI Ltd accepts no liability for reliance on scan results. See Disclaimer for full terms.