Tencent

AI-Infra-Guard

Security#AI Security#Red Teaming#Vulnerability Scanner#LLM#Cybersecurity

3,461

// summary

AI-Infra-Guard is a professional AI red teaming security assessment platform developed by Tencent Zhuque Lab, designed to provide comprehensive AI security risk self-inspection solutions for enterprises and individuals. The platform integrates core functions such as AI infrastructure vulnerability scanning, Agent workflow security assessment, MCP server scanning, and jailbreak testing. Users can deploy it quickly via Docker and utilize its modern Web interface and robust API to achieve efficient security detection and management.

// technical analysis

A.I.G (AI-Infra-Guard) is an AI red teaming platform developed by Tencent Zhuque Lab, designed to provide comprehensive security self-examination for AI infrastructure and agent workflows. The project utilizes an extensible plugin-based architecture, allowing for modular vulnerability detection across AI components, MCP servers, and agent skills. By integrating automated scanning frameworks and jailbreak evaluation tools, it addresses the critical need for identifying security risks like configuration errors, privacy leaks, and supply chain vulnerabilities in modern AI deployments. A notable technical decision is its reliance on Docker-based deployment and a standardized fingerprinting system, which simplifies the integration of new security rules and ensures cross-platform compatibility.

// key highlights

ClawScan provides one-click security evaluation for OpenClaw, detecting configuration risks, CVEs, and privacy leaks.

Agent Scan offers an independent, multi-agent framework to assess the security of AI workflows on platforms like Dify and Coze.

MCP Server & Agent Skills scan identifies 14 categories of security risks from both source code and remote URLs.

AI infra vulnerability scanner supports over 57 AI framework components and matches them against 1000+ known CVEs.

Jailbreak Evaluation assesses prompt security using curated datasets and multiple attack methods for robust model testing.

The platform features a modern web interface with real-time progress tracking and comprehensive API documentation for easy integration.

// use cases

AI infrastructure vulnerability scanning, supporting the detection of over 57 AI frameworks and more than 1000 known CVE vulnerabilities.

Agent workflow security assessment, performing risk detection on Agents from platforms like Dify and Coze through an automated framework.

Jailbreak evaluation and MCP server scanning, utilizing various attack methods to test model robustness and identify security risks.

// getting started

To start using A.I.G, ensure you have Docker installed, then clone the repository and run 'docker-compose -f docker-compose.images.yml up -d' to launch the service. Once running, access the web interface at http://localhost:8088 to begin scanning your AI services or configuring model settings. Alternatively, you can use the one-click install script provided in the README for an automated setup.