Agentic Hardening

πŸ›‘οΈ A curated list of tools, papers, frameworks, and best practices for hardening agentic AI systems.

Explore on GitHub δΈ­ζ–‡η‰ˆ
GitHub stars

Why This List

From Threats to Governance

Organized along the "Attack Surface β†’ Hardening β†’ Evaluation β†’ Governance" pipeline, covering three authoritative source families.

⚠️

Attack Surface

Know your enemy β€” understand the threats facing agentic AI systems

↓
πŸ”’

Hardening Techniques

Proactive defense β€” reduce the attack surface of your systems

↓
πŸ”

Evaluation & Testing

Measure and validate β€” ensure defenses actually work

↓
πŸ“‹

Governance & Standards

Institutional guardrails β€” policies, standards, and compliance

Source Coverage
OWASP Agentic Top 10 (2026) All ASI01–ASI10 risk items
arXiv Academic Surveys 5 threat categories + 4 defense categories
NIST / McKinsey / CSA Full governance coverage

Taxonomy

12 Categories, 4 Groups

A comprehensive taxonomy covering the full lifecycle of agentic AI security.

Threat Landscape

πŸ’‰
01

Prompt Injection & Jailbreaks

Direct/indirect injection, multimodal injection, multilingual obfuscation, payload splitting
πŸ”§
02

Tool Misuse & Autonomous Exploitation

Unauthorized tool invocation, CVE exploitation, SQL injection chains, code execution escapes
🧠
03

Memory & Context Poisoning

Long-term memory poisoning, RAG data contamination, session context tampering
🌐
04

Multi-Agent & Protocol-Level Threats

MCP/A2A protocol attacks, rogue agent registration, cross-agent transitive injection
πŸ”‘
05

Identity, Privilege & Supply Chain

Non-human identity management, privilege abuse, credential theft, supply chain poisoning

Hardening Techniques

πŸ›‘οΈ
06

Prompt Hardening & Input Sanitization

Instruction isolation, sandwich defense, delimiter strategies, paraphrase detection
πŸ“¦
07

Runtime Sandboxing & Capability Confinement

Runtime sandboxing, least-privilege tool invocation, capability-based access control
πŸ“‘
08

Detection, Monitoring & Observability

Behavioral anomaly detection, tool call chain auditing, real-time intent monitoring
πŸ”—
09

Multi-Agent Security & Protocol Hardening

MCP/A2A authentication, agent identity verification, cross-agent trust chain management

Evaluation & Testing

🎯
10

Red Teaming & Benchmarks

Security evaluation benchmarks (AgentHarm, InjectAgent, ASB), adversarial testing frameworks
πŸ“Š
11

Datasets & Reproducible Research

Attack/defense datasets, reproducible experiments, CTF challenge resources

Governance & Standards

πŸ“œ
12

Frameworks, Standards & Compliance

OWASP Agentic Top 10, NIST AI RMF, Microsoft Governance Framework, CSA AAGATE, McKinsey Handbook

Mapping

Threat β†’ Defense

Each threat category maps to specific hardening techniques. Here's how they connect.

Threats
πŸ’‰ Prompt Injection & Jailbreaks
πŸ”§ Tool Misuse & Exploitation
🧠 Memory & Context Poisoning
🌐 Multi-Agent Protocol Threats
πŸ”‘ Identity & Supply Chain
Hardening
πŸ›‘οΈ Prompt Hardening & Sanitization
πŸ“¦ Runtime Sandboxing & Confinement
πŸ“‘ Detection & Observability
πŸ”— Protocol Hardening
πŸ“‹ Governance & Standards

Get Involved

Help Build the List

Agentic Hardening is community-driven. Every contribution helps the entire ecosystem.

🌟

Star & Share

Star the repo on GitHub to help others discover it, and share with your network.

Star on GitHub
πŸ“

Submit Resources

Found a paper, tool, or framework? Open a PR following our contribution guidelines.

Contributing Guide
πŸ›

Report Issues

Spot a broken link, outdated entry, or missing category? Let us know via GitHub Issues.

Open an Issue
Explore the Full List