極秘

EMERGENCY: VULNERABILITY DETECTED

AGENT PREY

人工知能防衛
$ cargo install agentprey

PROJECT: AGENT PREY

TYPE: AGENT SECURITY SCANNER

STATUS: ACTIVE

“CODE IS IN THE REPO.
ALL'S RIGHT WITH THE AGENT.”
THREAT ASSESSMENT
脅威評価

YOUR AGENTS HAVE
VULNERABILITIES.
YOU JUST DON'T
KNOW IT YET.

A January 2026 OpenClaw audit reported 512 security findings [1]. Business Insider later reported that Meta alignment director Summer Yue had to stop OpenClaw from deleting her inbox after it lost approval instructions during compaction [4]. Oasis Security then disclosed ClawJacked, a website-to-local-agent takeover chain through the OpenClaw gateway [5]. Meanwhile, Gartner says more than 40% of agentic AI projects will be canceled by end of 2027, and IBM found 63% of organizations lacked AI governance policies to limit shadow AI [2][3].

STAT.01
512
SECURITY FINDINGS IN
OPENCLAW ISSUE #1796
Source: Argus Security / GitHub
STAT.02
40%+
OF AGENTIC AI PROJECTS
CANCELED BY END OF 2027
Source: Gartner
STAT.03
63%
OF ORGS LACKED AI GOVERNANCE
TO LIMIT SHADOW AI
Source: IBM / Ponemon
[1] Argus Security issue #1796 reported 512 findings in a January 2026 OpenClaw security audit.[2] Gartner: over 40% of agentic AI projects will be canceled by end of 2027.[3] IBM Cost of a Data Breach Report 2025: 63% lacked AI governance policies to manage AI or prevent shadow AI proliferation.[4] Business Insider: Meta alignment director Summer Yue said OpenClaw tried to delete her inbox after losing approval instructions during compaction.[5] Oasis Security: ClawJacked allowed website-to-local-agent takeover through the OpenClaw gateway.
01

Modern Agent Attack Coverage

AgentPrey tests the attack surfaces that matter right now: prompt injection, MCP exposure, tool misuse, approval bypass, and risky remote fallbacks. Run local HTTP scans, descriptor-based MCP checks, and OpenClaw evaluations from one CLI. The result is concrete evidence, not vibes.

TARGET ACQUIRED
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SCAN COMPLETE
GRADE: DSCORE: 42/100
PROMPT INJECTION38%
GUARDRAIL BYPASS27%
DATA EXFIL61%
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
02

Evidence You Can Gate On

Every scan produces structured findings, category-level scoring, and a clear pass/fail trail for what broke. Review the HTML locally, parse the JSON in automation, and keep a reproducible artifact for each run. When something fails, you can see exactly which vectors and rules triggered it.

03

Reports That Fix Problems

Every scan generates a self-contained HTML report and machine-readable JSON artifact. Findings include severity, evidence, and remediation guidance, with OWASP LLM Top 10 mapping where available. Open the HTML locally, or upload a completed artifact when you want a hosted share link.

CRITICAL
FINDING: SYSTEM PROMPT EXTRACTION
VECTOR:pi-direct-003
STATUS:VULNERABLE
REMEDIATION:
Implement input/output boundary tokens.
Add system prompt isolation middleware.

DEPLOYMENT PHASES

展開フェーズ
PHASE 01
INSTALL
$ cargo install agentprey
PHASE 02
CONFIGURE
$ agentprey init
PHASE 03
HUNT
$ agentprey scan --target <url>

SYSTEM GRID

分析システム
1

NODE 01

NOMINAL
[SCAN SURFACES]

Local HTTP scans, descriptor-based MCP checks, and OpenClaw evaluations for modern agent attack surfaces.

SYNC RATIO
2

NODE 02

NOMINAL
[RULE COVERAGE]

Prompt injection, dangerous capability exposure, approval gaps, tool misuse, and remote trust-boundary checks are live today.

SYNC RATIO
3

NODE 03

NOMINAL
[REPORTING ENGINE]

Self-contained HTML and machine-readable JSON locally, plus hosted public-by-link reports for uploaded Pro scan artifacts.

SYNC RATIO

CLASSIFIED // OPEN SOURCE

機密情報 // オープンソース

The CLI is MIT-licensed. Install it, scan your agents, contribute attack vectors, and help secure the agentic era. No signup required for the OSS path. No API key required for local scans.

GITHUB REPOSITORY
agentprey/agentprey
AI agent security testing CLI. Prompt injection scanner built in Rust.
RUST00MIT LICENSE
CONTRIBUTE VECTORS

BUDGET APPROVAL

RESOURCE ALLOCATION PROTOCOLS
予算承認
LOCAL DEPLOYMENT
CIVILIAN
$0
FOREVER
  • OSS CLI scanner
  • Local HTTP, MCP, and OpenClaw scans
  • HTML and JSON reports
  • Community support
DOWNLOAD
RECOMMENDED DEPLOYMENT
HOSTED SHARE + PRO COVERAGE
TACTICAL
$24
PER MONTH
  • Everything in Civilian
  • CLI API key with auth activate/status/refresh/logout
  • Entitled Pro vector sync
  • Upload completed scans and generate share links
  • Hosted public-by-link report viewing
REQUEST AUTHORIZATION

TACTICAL
DEPLOYMENT

戦術的展開

AgentPrey is open source and free. Install the CLI, scan your agent locally, and inspect the evidence in HTML or JSON. No signup required for the OSS path. No API key required for local scans.

SURFACES: HTTP / MCP / OPENCLAW

ENGINE: RUST/TOKIO

STATUS: HUNTING

TERMINAL 01
$ cargo install agentprey
TERMINAL 02
$ agentprey scan --target https://your-agent.com/api
STAR ON GITHUBREAD THE DOCS