mcp-audit and agent-bom
These are complementary tools—agent-bom provides runtime security monitoring and enforcement across infrastructure, while mcp-audit performs static configuration scanning and inventory—together covering both preventive and detective security postures for MCP deployments.
About mcp-audit
apisec-inc/mcp-audit
See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.
This tool helps security and compliance teams understand what information their AI agents can access before deployment. It scans configuration files from AI development tools to identify exposed secrets, API endpoints, and AI models. The output is a clear report, including AI-BOMs, that pinpoints potential security risks, enabling teams to remediate issues and ensure compliance.
About agent-bom
msaad00/agent-bom
Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime enforcement across MCP servers, containers, cloud, and GPU.
Performs AST analysis on 14 AI frameworks to extract system prompts and tool signatures, then maps CVE→package→MCP server→agent→credentials→tools blast radius. Built around MCP client discovery (30 types), runtime protection via proxy with 112 detection patterns, and AI BOM generation with CycloneDX extensions—integrating package ecosystems (15), container/IaC scanning, cloud AI infrastructure, and the Shield SDK for agent-level enforcement.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work