How does Agentic Radar compare to traditional SAST tools for AI security?

Agentic Radar is specialized for agentic AI workflows, focusing on unique vulnerabilities like prompt injection and MCP server risks, whereas traditional SAST tools are broader but less targeted for AI-specific threats. It integrates runtime testing and prompt hardening, which are often missing in general security scanners.

How to set up Agentic Radar for a CrewAI project?

Install the CrewAI extras via 'pip install agentic-radar[crewai]', then use the scan command with the crewai framework flag to analyze your workflow. Note that runtime testing isn't yet supported for CrewAI, so focus on static analysis and prompt hardening if enabled.

Is Agentic Radar free to use?

The core scanning features are open-source and free, but advanced capabilities like prompt hardening and runtime testing require an OpenAI API key, which may incur costs based on usage. Local analysis for basic vulnerabilities doesn't need external APIs.

What AI frameworks does Agentic Radar support?

It currently supports OpenAI Agents, CrewAI, n8n, LangGraph, and Autogen for static scanning, with MCP detection and prompt hardening available for most. However, runtime testing is only implemented for OpenAI Agents, as shown in the roadmap.

Can Agentic Radar detect prompt injection in real-time?

No, it doesn't provide real-time monitoring; instead, it performs pre-deployment runtime testing by simulating adversarial inputs to identify vulnerabilities like prompt injection. This is done during development or CI/CD scans, not in live production environments.

How to customize vulnerability tests in Agentic Radar?

You can create custom YAML configuration files to define specific tests, including input text and success conditions, then run the test command with the --config option. This allows tailored security assessments, though it requires manual setup and understanding of your agent's behavior.

Open-Awesome

Agentic Radar

Apache-2.0Pythonv0.14.1

A security scanner that analyzes agentic AI workflows for vulnerabilities, visualizes their structure, and hardens system prompts.

Visit Website GitHub

985 stars134 forks0 contributors

What is Agentic Radar?

Agentic Radar is an open-source security scanner specifically built for AI agentic workflows. It analyzes multi-agent systems to visualize their structure, detect external tools and MCP servers, map security vulnerabilities, and harden system prompts. The tool helps identify risks like prompt injection and PII leakage while providing actionable reports.

Target Audience

Developers, security professionals, and researchers building or deploying AI agentic systems using frameworks like OpenAI Agents, CrewAI, LangGraph, n8n, or Autogen.

Value Proposition

Agentic Radar offers a specialized, integrated security suite for agentic AI—combining static analysis, runtime testing, and prompt hardening in one tool. Its focus on agent-specific vulnerabilities and support for multiple frameworks makes it a unique solution for securing complex AI workflows.

Overview

A security scanner for your LLM agentic workflows

Use Cases

Best For

Securing multi-agent AI systems against prompt injection attacks
Visualizing and documenting complex agentic workflow architectures
Hardening system prompts in AI agents to follow security best practices
Integrating security scanning into CI/CD pipelines for AI projects
Detecting external tool dependencies and MCP servers in agentic workflows
Testing AI agents for PII leakage and harmful content generation risks

Not Ideal For

Projects using AI agent frameworks not listed in the roadmap, such as custom or niche systems
Teams with strict data privacy policies that prohibit any external API calls, due to features like prompt hardening requiring OpenAI API
Applications needing real-time, continuous security monitoring in production environments, as the tool focuses on pre-deployment scanning and testing

Pros & Cons

Pros

Multi-Framework Scanning

Supports key agentic frameworks like OpenAI Agents, CrewAI, and LangGraph out of the box, enabling broad compatibility for diverse AI projects.

Integrated Runtime Testing

Performs automated vulnerability tests for prompt injection and PII leakage during execution, providing actionable security insights beyond static analysis.

CI/CD Pipeline Automation

Includes pre-built GitHub Actions workflows for seamless integration into development pipelines, ensuring regular security checks without manual setup.

Prompt Hardening Automation

Uses LLMs to automatically improve system prompts based on best practices, enhancing security and reducing manual tuning effort for supported frameworks.

Cons

Incomplete Feature Coverage

Critical features like runtime vulnerability testing are only available for OpenAI Agents, leaving other frameworks with limited security assessment capabilities.

External API Dependency

Advanced functionalities such as prompt hardening and runtime testing require an OpenAI API key, introducing additional costs and potential data privacy concerns.

Early-Stage Limitations

As a new project, it may lack maturity with potential bugs and limited documentation for complex use cases, as noted in the roadmap for future framework support.

Frequently Asked Questions

Related Projects

promptfoo

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

💡 All-in-one AI framework for semantic search, LLM orchestration and language model workflows

Stars12,682

Forks835

Last commit6 days ago

Kedro

Kedro is a toolbox for production-ready data science. It uses software engineering best practices to help you create data engineering and data science pipelines that are reproducible, maintainable, and modular.

Stars10,903

Forks1,045

Last commit2 days ago

RunAnywhere

Production ready toolkit to run AI locally

Stars10,315

Forks359