AI-Infra-Guard (A.I.G)
Author: Tencent
Description: AI-Infra-Guard (A.I.G) is a full-stack AI red teaming / security scanning platform by Tencent Zhuque Lab. It provides a web UI and APIs to assess security risks across the AI agent ecosystem and AI infrastructure. Key capabilities (from README): - OpenClaw Security Scan (ClawScan): insecure configuration detection, Skill risk detection, CVE vulnerability checks, privacy leakage detection. - Agent-Scan: multi-agent automated scanning framework for agent workflows (e.g., Dify, Coze). - MCP Server & Agent Skills scan: scans MCP servers and agent skills across 14 categories; supports scanning from source code or remote URLs. - AI infra vulnerability scan: identifies 43+ AI framework components; covers 589+ known CVEs (examples: Ollama, ComfyUI, vLLM, n8n, Triton). - Jailbreak Evaluation: dataset-driven prompt robustness evaluation and cross-model comparison.
Stars: 3.2k
Forks: 323
License: MIT License
Category: Specialized
Overview
Installation
# This method pulls pre-built images from Docker Hub for a faster start
git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# For Docker Compose V2+, replace 'docker-compose' with 'docker compose'
docker-compose -f docker-compose.images.yml up -d# This method will automatically install Docker and launch A.I.G with one command
curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bashgit clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# This method builds a Docker image from local source code and starts the service
# (For Docker Compose V2+, replace 'docker-compose' with 'docker compose')
docker-compose up -dOpenClaw Security Scan
One-click evaluation of OpenClaw security risks, including insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage.
Agent-Scan
Independent multi-agent automated scanning framework to evaluate the security of AI agent workflows across platforms (e.g., Dify, Coze).
EdgeOne ClawScan
Hosted/online option to try ClawScan for evaluating OpenClaw security risks.
ClawScan(OpenClaw Security Scan)
One-click OpenClaw security risk evaluation; detects insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage.
Agent Scan
Multi-agent automated scanning framework for assessing the security of AI agent workflows across platforms (including Dify and Coze).
MCP Server & Agent Skills scan
Security scanning for MCP Servers and Agent Skills covering 14 major risk categories; supports scanning from source code and remote URLs.
AI infra vulnerability scan
Identifies AI framework components and scans for known CVE vulnerabilities across supported AI infrastructure (e.g., Ollama, ComfyUI, vLLM, n8n, Triton Inference Server).
Jailbreak Evaluation
Evaluates prompt security robustness using curated datasets and multiple attack methods, with cross-model comparison and detailed results.
FAQs
What are the 14 MCP security risk categories that AI-Infra-Guard detects?
The content mentions fourteen risk categories exist but names only six explicitly: indirect prompt injection, tool poisoning, SSRF, authorization bypass, data leakage, and Agent Skill intent misalignment. The complete list of all fourteen categories is not disclosed in the available documentation, requiring direct consultation of AI-Infra-Guard's technical specification or scanning output to identify the remaining eight.
Does AI-Infra-Guard require an LLM API key to run MCP scans, and which LLM providers are supported?
Yes, AI-Infra-Guard requires an LLM API key for MCP scanning because the module uses LLM-based analysis rather than static rules. The setup instructions show OPENROUTER_API_KEY in the environment configuration, indicating OpenRouter as the supported provider. OpenRouter acts as a gateway to multiple LLM backends, giving access to models from Anthropic, OpenAI, Google, and other providers through a single API integration.
How do I integrate AI-Infra-Guard into a CI/CD pipeline to scan MCP servers on pull requests?
Deploy AI-Infra-Guard on internal infrastructure, then call scan endpoints from CI workflows using curl or HTTP clients. Configure pipelines to fail builds when critical vulnerabilities appear in the JSON response. Deploy behind authentication or VPN since the platform lacks built-in auth, and ensure OPENROUTER_API_KEY is available to the scanning container for LLM-based analysis.
What are the biggest limitations of using AI-Infra-Guard for MCP server security in production environments?
The biggest limitations are no built-in authentication requiring network isolation, LLM-based analysis introducing non-deterministic results and API costs at scale, and false positive rates from static analysis that demand manual security review. The Chinese-default interface requires explicit language flags, and scanning speed may bottleneck rapid deployment pipelines when evaluating multiple servers concurrently.
Should I use AI-Infra-Guard alongside Trivy or Grype, and what security gaps does each tool cover?
Yes, use AI-Infra-Guard alongside Trivy or Grype because they cover complementary security layers. Trivy and Grype scan for package vulnerabilities, container misconfigurations, and OS-level CVEs across your entire stack. AI-Infra-Guard adds detection for MCP-specific threats like prompt injection and tool poisoning, plus CVE tracking for AI frameworks that traditional scanners miss entirely.
How does AI-Infra-Guard's MCP scanning compare to Promptfoo and Enkrypt AI for securing MCP servers?
AI-Infra-Guard offers broader MCP-specific coverage with fourteen risk categories through autonomous agent analysis, while Enkrypt AI focuses narrowly on MCP scanning without disclosed methodology. Promptfoo provides partial MCP coverage but excels at CI/CD integration for LLM security testing. Choose AI-Infra-Guard for comprehensive open-source MCP security, Enkrypt for vendor-supported scanning, or Promptfoo for DevOps-native workflows.