{"slug": "agentguard-open-source-security-scanning-for-ai-agent-code", "title": "AgentGuard: Open-Source Security Scanning for AI Agent Code", "summary": "Dockfix Labs released AgentGuard, an open-source static analysis tool that scans AI agent codebases for all 10 OWASP Agentic Security Initiative risks, including prompt injection, tool abuse, and data exfiltration. The tool can be integrated into CI/CD pipelines and supports SARIF output for GitHub code scanning, as well as a Model Context Protocol server for real-time scanning in AI coding assistants.", "body_md": "AI agents are being deployed at scale — in customer support, code generation, data analysis, and autonomous workflows. But the code that powers these agents is rarely security-audited.\n\nConsider this pattern, common in production agent codebases:\n\n```\nuser_input = request.json()[\"prompt\"]\nprompt = f\"You are a helpful assistant. {user_input}\"\nresponse = openai.chat.completions.create(\n    model=\"gpt-4\",\n    messages=[{\"role\": \"user\", \"content\": prompt}]\n)\n```\n\nThis is a **prompt injection** vulnerability. A user can override the system prompt and manipulate the agent's behavior. It is the AI equivalent of SQL injection — and it is everywhere.\n\nThe [OWASP Agentic Security Initiative](https://owasp.org/www-project-agentic-security/) published a Top 10 list of risks specific to AI agent systems:\n\n| ID | Risk |\n|---|---|\n| ASI01 | Prompt Injection |\n| ASI02 | Tool Abuse / Unintended Tool Use |\n| ASI03 | Data Exfiltration / Sensitive Data Leakage |\n| ASI04 | Unauthorized Actions / Excessive Agency |\n| ASI05 | Supply Chain / Untrusted Components |\n| ASI06 | Insecure Output Handling |\n| ASI07 | Credential / Secret Exposure |\n| ASI08 | Context Window Manipulation |\n| ASI09 | Agent Loop Exploitation |\n| ASI10 | Trust Boundary Violation |\n\nMost of these have no coverage in traditional SAST tools. Semgrep and CodeQL were built for a world without LLMs.\n\n[AgentGuard](https://github.com/dockfixlabs/agentguard) is an open-source static analysis tool that scans AI agent codebases for all 10 OWASP ASI categories.\n\n```\npip install dfx-agentguard\n# Scan current directory\nagentguard .\n\n# JSON output for CI/CD\nagentguard src/ --format json\n\n# SARIF for GitHub code scanning\nagentguard . --format sarif\n```\n\n**Prompt Injection (ASI01)** — f-string prompt construction, string concatenation with user input, system prompt overrides.\n\n```\n# Vulnerable\nprompt = f\"You are a helpful assistant. {user_input}\"\n\n# AgentGuard flags this as ASI01-PROMPT-INJECTION\n```\n\n**Tool Abuse (ASI02)** — `os.system()`\n\n, `subprocess`\n\nwith user input, `eval()`\n\n/`exec()`\n\nin agent tool functions.\n\n``` python\n# Vulnerable\ndef run_command(query):\n    return os.system(f\"echo {query}\")\n\n# AgentGuard flags this as ASI02-TOOL-ABUSE\n```\n\n**Data Exfiltration (ASI03)** — `requests.post()`\n\nto external URLs, `fetch()`\n\ncalls, webhook configurations, DNS-based exfiltration patterns, subprocess `curl`\n\n/`wget`\n\ncalls.\n\n```\n# Vulnerable\nrequests.post(\"https://analytics-server.com/collect\", json=agent_data)\n\n# AgentGuard flags this as ASI03-DATA-EXFIL\n```\n\n**Credential Exposure (ASI07)** — hardcoded API keys (`sk-proj-*`\n\n, `AKIA*`\n\n, `ghp_*`\n\n), private keys, connection strings with passwords, wallet seed phrases, Slack tokens, Google API keys.\n\n```\n# Vulnerable\nOPENAI_API_KEY = \"sk-proj-Tq8m2X4vN7bR1wK9pL3hY6jD5cF0aZ8s\"\n\n# AgentGuard flags this as ASI07-CREDENTIAL-LEAK\n```\n\nPlus: Excessive Agency (ASI04), Supply Chain (ASI05), Insecure Output Handling (ASI06), Context Manipulation (ASI08), Agent Loop Exploitation (ASI09), Trust Boundary Violations (ASI10).\n\n```\nagentguard . --format text\nagentguard . --format json --exit-code\nagentguard . --format sarif\n# .pre-commit-config.yaml\nrepos:\n  - repo: https://github.com/dockfixlabs/agentguard\n    rev: v0.2.2\n    hooks:\n      - id: agentguard\n# .github/workflows/security.yml\nname: Agent Security Scan\non: [pull_request]\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: dockfixlabs/agentguard@v0.2.2\n        with:\n          path: src/\n          format: sarif\n```\n\nAgentGuard can run as a Model Context Protocol server, letting AI coding assistants (Claude Code, Cursor) scan code in real-time:\n\n```\nagentguard --mcp\n```\n\nInline diagnostics, scan-on-save, and a findings tree view. Available as a VSIX on the [releases page](https://github.com/dockfixlabs/agentguard-vscode/releases).\n\nThe [AgentGuard Benchmark](https://github.com/dockfixlabs/agentguard-benchmark) provides 28 vulnerable code samples across 5 OWASP ASI categories, plus clean code for false-positive testing.\n\n```\ngit clone https://github.com/dockfixlabs/agentguard-benchmark\ncd agentguard-benchmark\npython benchmark.py\n```\n\nFull roadmap on [GitHub](https://github.com/dockfixlabs/agentguard/blob/main/ROADMAP.md).\n\n| Repository | Description |\n|---|---|\n|\n\n```\npip install dfx-agentguard\nagentguard . --format text\n```\n\nIf you find this useful, star the repo on [GitHub](https://github.com/dockfixlabs/agentguard). Contributions welcome — see [CONTRIBUTING.md](https://github.com/dockfixlabs/agentguard/blob/main/CONTRIBUTING.md).\n\n*AgentGuard is MIT-licensed and built by Dockfix Labs.*", "url": "https://wpnews.pro/news/agentguard-open-source-security-scanning-for-ai-agent-code", "canonical_source": "https://dev.to/dockfixlabs/agentguard-open-source-security-scanning-for-ai-agent-code-2d66", "published_at": "2026-06-28 22:41:23+00:00", "updated_at": "2026-06-28 23:27:19.100610+00:00", "lang": "en", "topics": ["ai-safety", "developer-tools", "large-language-models", "ai-agents"], "entities": ["Dockfix Labs", "AgentGuard", "OWASP Agentic Security Initiative", "OpenAI", "GPT-4", "Semgrep", "CodeQL", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/agentguard-open-source-security-scanning-for-ai-agent-code", "markdown": "https://wpnews.pro/news/agentguard-open-source-security-scanning-for-ai-agent-code.md", "text": "https://wpnews.pro/news/agentguard-open-source-security-scanning-for-ai-agent-code.txt", "jsonld": "https://wpnews.pro/news/agentguard-open-source-security-scanning-for-ai-agent-code.jsonld"}}