Argus

Argus is a tool that tests AI-powered applications for security weaknesses by attacking them the way a real adversary would. You point it at any AI agent that accepts HTTP requests, gRPC calls, or controls a web browser, and it sends hundreds of specially crafted inputs designed to make the agent misbehave, reveal secrets, or bypass its intended restrictions.

The tests are grouped around well-known AI security frameworks, including the OWASP LLM Top 10 (a list of the most common ways AI language models fail) and MITRE ATLAS (a catalog of real-world AI attacks). Argus runs probes that attempt prompt injection, hiding malicious instructions inside documents the agent reads, jailbreaks that build up over multiple turns of conversation, and attacks that conceal content in invisible characters. There are over 160 individual probes in the bundled library.

After each test run, Argus grades the results using a second AI model that acts as a judge. The judge evaluates whether each attack succeeded. Results come out in standard report formats that security and engineering teams already use: SARIF (which drops directly into GitHub Code Scanning), JUnit XML (which can block a build if critical issues are found), and HTML for human reading.

Setting up a scan requires writing a small configuration file that describes your agent's address and authentication method, then running the argus-probe command-line tool. A bundled GitHub Action makes it straightforward to run scans automatically whenever code changes. The repo also includes a deliberately insecure demo agent so you can try everything without connecting to a real system first.

Argus is designed for security testing, not for running inline as a production filter. It is released under the Apache 2.0 License.