The Builder

Autonomous AI that finds your vulnerabilities and exploits them — for you

“I've been paying $400/month for a pentesting retainer for pre-launch checks. Shannon Lite ran against my staging environment and surfaced an actual SQLi vulnerability in 20 minutes that my last manual audit missed. The AGPL license means I can self-host it in my CI pipeline without worrying about data leaving my network.”

Open-source runtime security control plane for LLM agents in production

“OPA for policy enforcement means you can write Rego rules that your compliance team can audit — that's actually deployable in enterprise contexts. The Kafka/Flink pipeline is heavy infrastructure overhead for small teams, but for anyone running production agents at scale, this is addressing a real gap.”

Battle-tested LLM security scanner from the team that broke every frontier model

“Every team shipping LLM features in production should be running this in CI. The OWASP LLM Top 10 alignment means it maps directly to compliance frameworks. The fact that it's built from actual vulnerabilities found in frontier models — not synthetic prompts — gives it way more credibility than competitors.”

Open-source security scanner for AI agents — catches MCP poisoning and prompt injection

“I've been looking for exactly this since MCP started proliferating. Pattern-based detection over ML is the right call for security tooling — I can audit what it's flagging and why. Dropping this into my agent pipeline CI was a 30-minute job. The MCP tool poisoning scanner alone is worth it.”

AI-driven hardware hacking arm — CNC-controlled PCB probing with an LLM agent

“The safety constraint validation layer before any CNC motion is the right call and shows the author understands what goes wrong when you mix LLMs with physical actuators. The DSL for motion commands is clean. This is a real research tool, not a toy.”

Zero-trust Rust runtime that governs every AI agent action before it runs

“I've been looking for exactly this: a framework-agnostic safety layer I can drop in front of my agents without rewriting them. The credential leak scanning alone is worth the integration cost — agents have a bad habit of echoing secrets into tool calls.”

MITRE ATLAS detection engine for LLM and AI agent attacks

“97 detection rules for adversarial LLM attacks and it runs in a single pass — this is the kind of foundational security tooling the ecosystem has been missing. Drop this into your API gateway and you immediately have ATLAS coverage. Exactly what regulated industries need.”

Runtime policy enforcement for AI agents — covers all OWASP Agentic Top 10

“Finally, something that treats agent security as a runtime enforcement problem rather than a prompting problem. The multi-language, multi-framework support is essential — real enterprise deployments aren't all Python. Sub-millisecond overhead means you can actually use this in production without performance concerns.”

Open-source security scanner purpose-built for AI agent systems and MCP deployments

“I've been manually reviewing MCP tool schemas before deploying them — QSAG-Core automates that. 26 MCP poisoning patterns and 28 prompt injection patterns in a single pip install is a no-brainer to add to any agent pipeline's security layer.”

Offline AI agent that runs your pentest tools and writes the report

“Finally a pentest assistant that doesn't phone home. The agentic loop between recon tools and the local Qwen model is genuinely clever — it actually chooses follow-up scans based on initial findings rather than just dumping raw output at you. Setup takes maybe 30 minutes if you have Ollama running.”

Runtime security for autonomous AI agents — covers all 10 OWASP agentic risks

“This fills a real gap — most agent frameworks have no native governance layer and you're left writing your own. Sub-millisecond policy enforcement with full OWASP coverage and multi-framework support is exactly what production agent deployments need, and the multi-language support is practical.”

Trap AI web crawlers in an endless poison pit

“Dead simple to deploy — drop it on any server and point suspicious crawlers at it. The infinite page generation is clever engineering. My only gripe is it needs better bot fingerprinting out of the box, but the plugin system lets you extend it.”

Open-source secret management platform

“Open-source Doppler alternative with self-hosting. Secret rotation and the CLI are well-designed.”

Secure your software supply chain

“Behavior analysis catches supply chain attacks that CVE databases miss. The GitHub integration flags suspicious packages in PRs.”

Secrets management for development teams

“Secret references in .env files, SSH agent, and CLI are seamlessly integrated. Best DX for secret management.”

Open-source authentication for any app

“Auth that integrates directly with Postgres RLS policies. Social logins, magic links, and MFA all included.”

Static analysis at the speed of thought

“Fast, accurate, and the custom rule syntax is intuitive. Catches real security bugs without drowning in false positives.”

Zero-config private networking

“Zero-config VPN that actually works. SSH, self-hosted services, and dev server access from anywhere. MagicDNS is genius.”

Universal secrets manager

“Syncs secrets to every platform automatically. The CLI and dashboard make secret management painless.”

Open-source password management

“Open source and self-hostable password manager. The CLI and secrets manager are well-designed for dev workflows.”

Secrets management and data protection

“The gold standard for secrets management. Dynamic database credentials and PKI automation are game-changing.”

Developer-first security platform

“Catches dependency vulnerabilities before they hit production. The PR fix suggestions save time and teach secure coding.”

Identity platform for developers

“Universal Login, Actions, and the SDK cover every auth pattern. RBAC and Organizations for B2B are well-designed.”

AI-native cybersecurity platform

“Not a developer tool. Enterprise security platform for SOC teams and security operations.”

Security, performance, and reliability for the web

“Free SSL, CDN, and DDoS protection. The developer platform (Workers, Pages, D1, R2) is a bonus game-changer.”

The world's most trusted password manager

“Best password manager for developer teams. SSH key management, CLI, and service accounts extend beyond passwords.”