AI Agent Security Scanner
Scan autonomous AI agents for 5 critical vulnerability classes identified by Tsinghua University research. Get CVSS scores, CWE mappings, and NIS2 / EU AI Act compliance gaps in under 60 seconds.
5 Vulnerability Classes
Identified by Tsinghua University / Ant Group in their landmark 2025 paper on autonomous LLM agent frameworks.
Skill / Plugin Poisoning
Tsinghua §3.1Malicious or misconfigured plugins are loaded without integrity verification, allowing attackers to inject code into agent skill chains. Unverified third-party skills execute in the agent's privilege context.
Indirect Prompt Injection
Tsinghua §3.2Attacker-controlled content in documents, web pages, or API responses hijacks agent instructions at runtime. The agent follows injected commands believing they are legitimate user instructions.
Memory Poisoning
Tsinghua §3.3Untrusted input persistently corrupts the agent's long-term memory store. Poisoned memories influence all future decisions, causing the agent to behave maliciously across sessions without further attacker interaction.
Intent Drift (Privilege Escalation)
Tsinghua §3.4The agent gradually escalates from benign actions to privileged operations through multi-step reasoning drift. No single step appears malicious, making detection with per-action rules impossible.
Stealth Command Execution
Tsinghua §3.5Attackers use encoding tricks, Unicode homoglyphs, and command decomposition to bypass safety filters. The agent executes shell commands that content moderation never flags as dangerous.
Ready to scan your agent?
Point KENSAI at any LangChain, AutoGPT, OpenClaw, or custom LLM agent and get a full vulnerability report in under 60 seconds.
How It Works
Three steps from zero to a full AI agent security assessment.
Point at your agent
Provide a GitHub repo URL, filesystem path, or OpenClaw workspace. KENSAI auto-detects the agent framework (LangChain, AutoGPT, OpenClaw, custom) and resolves plugins, memory configs, and tool manifests.
Scan for all 5 classes
The scanner runs 5 specialised checks in parallel — each targeting a distinct Tsinghua vulnerability class. Static analysis, pattern matching, config auditing, and simulation-based checks run in under 60 seconds.
Get a compliance-mapped report
Receive a detailed KENSAI report with CVSS scores, evidence snippets, step-by-step remediation, and automatic NIS2 / EU AI Act compliance mapping — ready to send to your security team or auditor.
Compliance Mapping
Every vulnerability finding is automatically mapped to NIS2 and EU AI Act obligations — so you know exactly which regulatory articles are at risk.
Supply Chain Security
Mandatory security in network and information systems — covers agent plugin/skill supply chains.
Security During Procurement
Controls on acquisition and development of AI systems, including input validation for external content.
Access Control & Privilege Management
Prevention of unauthorized privilege escalation in critical digital infrastructure.
Risk Management System
High-risk AI systems must maintain an ongoing risk management system covering all five agent vulnerability classes.
Human Oversight
AI systems must be monitorable and stoppable; Intent Drift directly defeats human oversight mechanisms.
Accuracy & Robustness
Resilience against adversarial manipulation — directly applicable to prompt injection and memory attacks.
NIS2 Deadline Passed — October 2024
EU member states were required to transpose NIS2 into national law by October 17, 2024. AI agent deployments that handle critical infrastructure or important entity data may now face Article 21 obligations. KENSAI maps each agent finding to specific NIS2 articles automatically.
Supported Agent Frameworks
KENSAI auto-detects your framework and applies the appropriate checks.
Start scanning your AI agents today
Free scan covers all 5 vulnerability classes. No signup required for the first scan. CVSS scores and compliance mapping included.