Open-source AI security repositories published or significantly updated in August 2025, sorted by stars.

Join the AI Security community on Twitter and LinkedIn group for additional updates.

🧰 Claude Code Security Review — Prompts and scripts to run code security reviews with Claude Code, producing structured findings and suggested fixes ⭐️2.2k https://github.com/anthropics/claude-code-security-review

🧰 Beelzebub — Offensive AI security toolkit and honeypot framework for detecting and analyzing malicious AI agent behavior ⭐️1.4k https://github.com/mariocandela/beelzebub

🧰 AutorizePro — AI-assisted Burp Suite extension for broken access control and authorization testing with lower false positives ⭐️422 https://github.com/WuliRuler/AutorizePro

🧰 Atlantis CRS (Team Atlanta) — AIxCC finals Cyber Reasoning System from Team Atlanta ⭐️332 https://github.com/Team-Atlanta/aixcc-afc-atlantis

🧰 Open-Prompt-Injection — Benchmark and tooling for implementing and evaluating prompt injection attacks and defenses in LLM apps ⭐️268 https://github.com/liu00222/Open-Prompt-Injection

🧰 HOUND — Language-agnostic AI code security analysis that mirrors expert auditor workflows for automated audits ⭐️174 https://github.com/muellerberndt/hound

🧰 Theori AIxCC Finals Archive — Public release of Theori’s AIxCC finals CRS ⭐️141 https://github.com/theori-io/aixcc-afc-archive

🧰 Anamorpher — Image scaling attack generator and visualizer for multi-modal prompt injection testing ⭐️115 https://github.com/trailofbits/anamorpher

🧰 HackGpt — LLM-powered offensive security assistant for recon and exploitation workflows ⭐️72 https://github.com/yashab-cyber/HackGpt

🧰 SHERPA (AIxCyberChallenge) — LLM-powered targeted fuzzing and harness generation for attacker-controlled entry points ⭐️67 https://github.com/AIxCyberChallenge/sherpa

🧰 BugTrace-AI — AI-assisted bug triage and reproduction from logs and traces to accelerate debugging ⭐️63 https://github.com/yz9yt/BugTrace-AI

🧰 Flagwise — Shadow AI detection and LLM traffic monitoring server with analytics and real-time alerting ⭐️24 https://github.com/bluewave-labs/flagwise

🧰 Xiangxin Guardrails — Enterprise-grade AI safety guardrails platform for prompt attack detection and content compliance with on-prem deployment and SDKs ⭐️23 https://github.com/xiangxinai/xiangxin-guardrails

🧰 AWS iReveal MCP — Sysdig Labs MCP tool to surface AWS identity and resource exposure insights for investigations ⭐️13 https://github.com/sysdiglabs/aws-ireveal-mcp

🧰 BugBuster CRS (42-b3yond-6ug) — AIxCC finals Cyber Reasoning System (CRS) release ⭐️11 https://github.com/42-b3yond-6ug/42-b3yond-6ug-crs

🧰 RAG Firewall — Client-side retrieval firewall for RAG systems that blocks prompt injection and secret leaks and re-ranks untrusted content ⭐️7 https://github.com/taladari/rag-firewall

🧰 Phantomwall — Open-source prompt-injection firewall and telemetry to ship AI apps safely in minutes ⭐️3 https://github.com/c77-source/phantomwall