A self-expanding AI agent system that autonomously collects emerging AI/agent security threats, builds defense layers, and tests them against realistic victim agents in Docker sandboxes.
+------------------+
| Threat Intel |
| Sources |
| (arXiv, RSS, Web) |
+--------+---------+
|
+--------v---------+
| Collector |
| Manager |
+--------+---------+
|
+--------v---------+
| Analyzer |
| (Classify, Plan, |
| Generate Tests) |
+--------+---------+
|
+---------------+---------------+
| |
+--------v---------+ +--------v---------+
| Implementer | | Test Generator |
| (Claude Code CLI)| | (Attack Payloads)|
+--------+---------+ +--------+---------+
| |
+--------v---------+ +--------v---------+
| Defense Layer | | Sandbox |
| Registry & |<---------->| (Docker Victim |
| Pipeline | | Agent) |
+--------+---------+ +--------+---------+
| |
+--------v---------+ +--------v---------+
| Optimizer |<----------+ Evaluator |
| (Reorder, Prune) | | (Metrics, Report) |
+-------------------+ +-------------------+
# Install dependencies
pip install -e ".[dev]"
# Set API key
export ANTHROPIC_API_KEY="your-key-here"
# Run the full cycle: collect -> analyze -> implement -> test -> optimize
python -m src.main cycle
# Or run individual steps
python -m src.main collect # Gather threat intelligence
python -m src.main analyze # Classify threats, plan defenses, generate tests
python -m src.main implement # Auto-implement defense layers via Claude Code CLI
python -m src.main test # Red team test against sandboxed victims
python -m src.main optimize # Optimize defense layer pipeline
python -m src.main report # Generate dashboard report
python -m src.main status # Show system status| Command | Description |
|---|---|
collect |
Fetch threats from arXiv, RSS feeds, vendor blogs, conference sites |
analyze |
Classify threats, generate defense plans, create attack test payloads |
implement |
Use Claude Code CLI to auto-implement new defense layers |
test |
Run attack payloads against Docker-sandboxed victim agents |
optimize |
Reorder, prune, and improve defense layer pipeline |
cycle |
Run all steps in sequence |
report |
Generate markdown dashboard with metrics |
status |
Show threat counts, active layers, latest test results |
The defense pipeline processes inputs and outputs through ordered layers:
Input -> [InputValidator] -> [ContextIsolator] -> [ToolSandbox] -> Agent
|
Output <- [OutputFilter] <- [RateLimiter] <---------------------- Agent
| Layer | Priority | Defends Against |
|---|---|---|
| InputValidator | 10 | Prompt injection, jailbreak, context manipulation |
| ContextIsolator | 20 | Context manipulation, privilege escalation |
| ToolSandbox | 30 | Tool abuse, data exfiltration, privilege escalation |
| RateLimiter | 40 | Tool abuse, data exfiltration |
| OutputFilter | 50 | Data exfiltration, context manipulation |
New layers are automatically generated by the Implementer when novel threats are detected that existing layers don't cover.
Three pre-configured victim profiles for realistic testing:
- corporate_assistant: Has API keys, customer DB, internal strategy docs, PII
- code_agent: Has source code, deployment secrets, CI/CD configs, SSH keys
- data_analyst: Has PII datasets, financial records, patient records, salary data
Each runs in an isolated Docker container with no external network access.
config/default.yaml- Main settings (scheduler, API, Docker, DB)config/sources.yaml- Threat intelligence source definitionsconfig/victim_profiles.yaml- Victim agent configurations
The system automatically expands its defenses:
- New threat detected with no existing layer coverage
- DefensePlanner generates implementation spec via Claude API
- Implementer writes new layer code via Claude Code CLI
- Layer is registered in the pipeline and tested
- If effectiveness < threshold, implementation is retried with feedback
- Optimizer continuously reorders and prunes the defense stack
Apache License 2.0