This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

🐢 Open-Source Evaluation & Testing for AI & LLM systems

A curated list of useful resources that cover Offensive AI.

A list of backdoor learning resources

a prompt injection scanner for custom LLM applications

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With built-in command automation, output parsing, and AI‑assisted summaries, it delivers faster, more structured, and high‑quality security assessments.

ToolHive makes deploying MCP servers easy, secure and fun

A security scanner for your LLM agentic workflows

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

RuLES: a benchmark for evaluating rule-following in language models

Toolkits to create a human-in-the-loop approval layer to monitor and guide AI agents workflow in real-time.

A curated list of academic events on AI Security & Privacy

A curated list of AI-powered coding tools

Build Secure and Compliant AI agents and MCP Servers. YC W23

[CCS'24] SafeGen: Mitigating Unsafe Content Generation in Text-to-Image Models

Framework for testing vulnerabilities of large language models (LLM).

Whistleblower is a offensive security tool for testing against system prompt leakage and capability discovery of an AI application exposed through API. Built for AI engineers, security researchers and folks who want to know what's going on inside the LLM-based app they use daily

Reading list for adversarial perspective and robustness in deep reinforcement learning.

The official implementation of the CCS'23 paper, Narcissus clean-label backdoor attack -- only takes THREE images to poison a face recognition dataset in a clean-label way and achieves a 99.89% attack success rate.