HackAgent is a comprehensive Python SDK and CLI designed to help security researchers, developers, and AI safety practitioners evaluate and strengthen the security of AI agents.
As AI agents become more powerful and autonomous, they face security challenges that traditional testing tools cannot address:
| Threat | Description |
|---|---|
| Prompt Injection | Malicious inputs that hijack agent behavior |
| Jailbreaking | Bypassing safety guardrails and content filters |
| Goal Hijacking | Manipulating agents to pursue unintended objectives |
| Tool Misuse | Exploiting agent capabilities for unauthorized actions |
HackAgent automates testing for these vulnerabilities using research-backed attack techniques, helping you identify and fix security issues before they are exploited.
Interactive TUI with real-time attack progress and visual reporting.
python3 -m venv .venv
source .venv/bin/activate
pip install hackagentNo API key required: HackAgent works locally out of the box.
Questions? Join community discussions or email ais@ai4i.it.
HackAgent uses a modular pipeline to test agent robustness end-to-end.
| Component | Description |
|---|---|
| Attack Engine | Orchestrates attacks using AdvPrefix, AutoDAN-Turbo, PAIR, TAP, FlipAttack, BoN, h4rm3l, CipherChat, PAP, and Baseline |
| Generator | LLM role that creates adversarial prompts to test the target agent |
| Judge | LLM role that evaluates whether attacks bypass safety measures |
| Target Agent | Your AI agent under test across supported frameworks |
| Datasets | Pre-built benchmark presets plus custom HuggingFace/file datasets |
HackAgent supports both local and remote reporting.
- Local mode stores test results in SQLite and includes a built-in dashboard.
- Cloud mode syncs runs to the HackAgent remote platform when an API key is configured.
hackagent webAccess cloud reporting at https://app.hackagent.dev.
HackAgent is designed for authorized security testing only. Always obtain explicit permission before testing any AI system.
- Test your own agents
- Conduct authorized pentesting
- Follow coordinated disclosure
- Share security knowledge responsibly
- Test systems without permission
- Exploit vulnerabilities maliciously
- Violate terms of service
- Share harmful exploit instructions irresponsibly
Read the full guidelines: Responsible Disclosure
Contributions are welcome. See CONTRIBUTING.md and CODE_OF_CONDUCT.md.
Licensed under Apache-2.0. See LICENSE.
HackAgent is intended for security research and AI safety improvement. The authors are not responsible for misuse.