# AgentGuardian > Open-source adversarial-swarm framework for red-teaming LLM agents. Find prompt-injection, tool-abuse and RAG-poisoning vulnerabilities before production. ## Docs - [Live dashboard](https://docs.agentguardian.io/architecture/live-dashboard.md): The auto-served scan dashboard: architecture, auth model, and loopback-default security. - [Observability](https://docs.agentguardian.io/architecture/observability.md): OTLP-HTTP export with GenAI semantic-conventions for spans, metrics, and per-agent traces. - [System overview](https://docs.agentguardian.io/architecture/system-overview.md): Top-down architecture of AgentGuardian: CLI, swarm, adapters, reports, signing, and dashboard. - [Attack library](https://docs.agentguardian.io/attacks/overview.md): 96 probes across 10 OWASP-ASI 2026 categories, exercised by 14 parallel specialist agents. - [Prompt injection (ASI01)](https://docs.agentguardian.io/attacks/prompt-injection.md): Goal-hijack via direct and indirect prompts, mapped to OWASP ASI 2026 ASI01 and MITRE ATLAS AML.T0051 / AML.T0054. - [RAG poisoning (ASI06)](https://docs.agentguardian.io/attacks/rag-poisoning.md): Corpus inject, persistent triggers, embedding collisions, cross-tenant vector bleed — the eight memory-poisoning attacks on retrieval-augmented agents. - [Tool abuse (ASI02)](https://docs.agentguardian.io/attacks/tool-abuse.md): Argument injection, chain exfiltration, parameter smuggling, recursion bombs - the eight ways an agent's tool surface gets weaponised, plus the privilege-escalation (ASI03) and code-execution (ASI05) families that compose with them. - [Write a custom attack](https://docs.agentguardian.io/build-with/write-a-probe.md): Add a new YAML probe to the AgentGuardian corpus — the Probe schema, the triple-framework gate (ASI + MITRE ATLAS + CSA), and where probes live on disk. - [Write a custom target adapter](https://docs.agentguardian.io/build-with/write-an-adapter.md): Implement the TargetAdapter protocol to point AgentGuardian at any agent runtime — a Python callable, a hosted HTTP API, or a framework-native object. - [Fail builds on critical findings](https://docs.agentguardian.io/ci-cd/fail-builds-on-critical-findings.md): Turn a single critical-band finding into a non-zero exit, without double-counting against the AIVSS gate. - [Security gates](https://docs.agentguardian.io/ci-cd/security-gates.md): Block merges when AgentGuardian's AIVSS score drops below your floor, with the authoritativeness rules that make the gate honest. - [GitHub Actions](https://docs.agentguardian.io/ci/github-actions.md): Gate every pull request on an AIVSS floor with SARIF auto-upload to GitHub's Security tab. - [GitLab CI](https://docs.agentguardian.io/ci/gitlab.md): Gate every merge request on an AIVSS floor using GitLab CI/CD. - [AIVSS scoring](https://docs.agentguardian.io/concepts/aivss.md): The deterministic 0-100 risk score: formula, severity weights, tier weights, and band cutoffs. - [Evidence packs](https://docs.agentguardian.io/concepts/evidence-packs.md): Self-contained, checksummed bundles that prove every finding. - [Scan modes](https://docs.agentguardian.io/concepts/scan-modes.md): Fast, smart, full: wall-time, cost, and authoritativeness trade-offs. - [The agent swarm](https://docs.agentguardian.io/concepts/swarm.md): The 11 specialist agents + 4 OWASP-LLM specialists, Commander/Attacker/Evaluator split, and parallelism. - [Contributing](https://docs.agentguardian.io/contributing.md): Six ways to contribute to AgentGuardian — probes, adapters, evaluations, demo agents, docs, and security disclosures — all under DCO sign-off. - [Scan a CrewAI agent](https://docs.agentguardian.io/examples/crewai-agent.md): Point AgentGuardian at a CrewAI Crew using the framework adapter and CLI. - [LangGraph agent](https://docs.agentguardian.io/examples/langgraph-agent.md): Scan a compiled LangGraph StateGraph end-to-end with --framework langgraph. - [Scan an MCP server](https://docs.agentguardian.io/examples/mcp-server.md): Point AgentGuardian at a Model Context Protocol server via a target contract. - [OpenAI Agents SDK](https://docs.agentguardian.io/examples/openai-agents.md): Scan an openai-agents Agent (with Runner) via --framework openai_agents. - [Your first scan](https://docs.agentguardian.io/first-scan.md): Point AgentGuardian at a deliberately-vulnerable hosted agent and read every line of the resulting AIVSS report. - [How AgentGuardian works](https://docs.agentguardian.io/how-it-works.md): The core mental model: generate adversarial scenarios, execute them against your agent, judge whether each scenario broke a safety boundary, and ship evidence-backed findings. - [AgentGuardian](https://docs.agentguardian.io/index.md): Open-source adversarial-swarm framework for red-teaming LLM agents. Eleven specialist attackers, a deterministic AIVSS score, OWASP ASI 2026 / MITRE ATLAS v5.4.0 / CSA Agentic-RT aligned. - [Installation](https://docs.agentguardian.io/installation.md): Install AgentGuardian with pip, pipx, uv, or Docker, plus the right extras for your scan target. - [Quickstart](https://docs.agentguardian.io/quickstart.md): Three minutes from pip install to a real AIVSS score on a deliberately-vulnerable agent. - [CLI reference](https://docs.agentguardian.io/reference/cli.md): Every command, flag, and exit code of the agent-guardian CLI. - [Configuration](https://docs.agentguardian.io/reference/config.md): YAML config schema, env vars, and precedence rules. - [Error codes](https://docs.agentguardian.io/reference/error-codes.md): CLI exit codes and the LLM provider exception taxonomy. - [Python SDK](https://docs.agentguardian.io/reference/python-sdk.md): The public Python API for embedding AgentGuardian in your own code. - [Report schema](https://docs.agentguardian.io/reference/report-schema.md): Field-by-field reference for the agentguardian-scan-v1 JSON and SARIF 2.1.0 outputs. - [Reports](https://docs.agentguardian.io/reports/overview.md): Five emitters (JSON, SARIF, JUnit, Markdown, PDF), Ed25519-signed evidence bundles, and the canonical scan.json schema. - [OWASP mapping](https://docs.agentguardian.io/reports/owasp-mapping.md): Canonical mapping from every shipped probe to OWASP ASI 2026, OWASP LLM Top 10, MITRE ATLAS, and CSA Agentic Risk categories — sourced directly from src/agent_guardian/probes/. - [Report signatures](https://docs.agentguardian.io/reports/signatures.md): HMAC + Ed25519 signing, verification with anchors, and the fail-closed verify command. ## Optional - [GitHub](https://github.com/glacien-technologies/agent-guardian) - [PyPI](https://pypi.org/project/agent-guardian/)