{"id":"agentic-radar","name":"Agentic Radar","homepage":"https://github.com/splx-ai/agentic-radar","repo_url":"https://github.com/splx-ai/agentic-radar","category":"security","subcategories":["static-analysis","vulnerability-scanning","llm-security","prompt-injection","ai-security"],"tags":["security","scanner","owasp","prompt-injection","static-analysis","agentic-ai","crewai","langgraph","openai-agents","n8n","autogen","ci-cd","splx"],"what_it_does":"Agentic Radar is a security scanner by SPLX.ai that performs static analysis on agentic AI system codebases to identify vulnerabilities specific to AI workflows — prompt injection risks, PII leakage through tool outputs, insecure tool integrations, and over-privileged agent permissions. It supports multiple agent frameworks (OpenAI Agents SDK, CrewAI, LangGraph, n8n, AutoGen) and generates visual dependency graphs mapping the agent's tool and service exposure. The tool maps findings to OWASP LLM Top 10 categories and can run runtime adversarial prompt injection tests against live OpenAI Agents-based systems. It is designed to be run in CI/CD pipelines as a gate before deploying agentic systems to production.","use_cases":["Pre-deployment security audit of agentic AI systems: scan the codebase for prompt injection vulnerabilities, PII exposure risks, and insecure tool configurations","Generating visual dependency graphs showing which external tools, APIs, and data sources an agent can reach — essential for scope assessment","CI/CD security gate: block deployment of agentic systems that fail minimum security thresholds","OWASP LLM Top 10 compliance reporting for AI governance and security reviews","Runtime adversarial testing of OpenAI Agents systems with automated prompt injection payloads","Auditing MCP server integrations within agent codebases for security misconfigurations"],"not_for":["Providing MCP tools to agents — this scans agents, not empowers them","Scanning traditional web applications without agentic AI components","Agent frameworks not yet supported: custom LangChain setups, Vertex AI agents, AWS Bedrock agents","Runtime monitoring of production agents in real-time (it's a point-in-time scanner)"],"best_when":"You need to audit the security posture of an agentic AI system before production deployment, especially when using popular frameworks like CrewAI, LangGraph, or OpenAI Agents.","avoid_when":"You need an MCP server that provides tools to agents rather than scanning them, or you're using unsupported frameworks like custom LangChain or AWS Bedrock agents.","alternatives":[{"id":"garak","reason":"LLM-focused adversarial red-teaming with broader attack probe coverage"},{"id":"promptfoo","reason":"Better for systematic LLM prompt evaluation and regression testing"},{"id":"semgrep-api","reason":"More mature SAST for detecting vulnerabilities in the surrounding application code"}],"af_score":61.2,"security_score":75.0,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"current","last_evaluated":"2026-03-01T09:50:05.194156+00:00","performance":{"latency_p50_ms":null,"latency_p99_ms":null,"uptime_sla_percent":null,"rate_limits":null,"data_source":"llm_estimated","measured_on":null}}