AI Infra Guard is a lightweight, cross-platform tool from Tencent Zhuque Lab designed for AI infrastructure security. It addresses vulnerability assessment for AI components and security analysis for MCP (Machine Conversation Platform) servers, targeting developers and security professionals seeking to integrate automated security scanning into their workflows.

How It Works

The tool offers three core modules: AI component vulnerability scanning (scan), MCP server code analysis (mcp), and a WebUI (webserver). The scan module uses fingerprinting rules and vulnerability databases to detect known exploits in AI web components. The mcp module leverages AI agents and LLMs (like OpenAI's GPT) to analyze MCP server code for common security risks such as tool poisoning, data exfiltration, and insecure key storage. The WebUI provides a visual interface for these operations.

Quick Start & Requirements

• Installation: Download pre-compiled binaries from the Releases page.
• Dependencies:
  • scan module: No explicit dependencies listed beyond standard network access.
  • mcp module: Requires an LLM API token (e.g., OpenAI) and optionally a base URL.
• Usage:
  • Start WebUI: ./ai-infra-guard webserver
  • Scan local services: ./ai-infra-guard scan --localscan
  • Scan MCP code: ./ai-infra-guard mcp --code <path> --model <model_name> --token <api_token>
• Resources: Described as lightweight with low resource consumption and small binary size.
• Documentation: Usage examples provided within the README.

Highlighted Details

• Detects 200+ vulnerability fingerprints across 28 AI component frameworks (e.g., Langchain, Gradio, Jupyter).
• Analyzes 9 common MCP security risks, with continuous updates.
• Supports custom fingerprinting and vulnerability rules via YAML.
• AI Agent-driven analysis for MCP security offers "one-click" intelligent scanning.

Maintenance & Community

• Developed by Tencent Zhuque Lab.
• Welcomes contributions via Issues and Pull Requests.
• Contact email provided for cooperation inquiries.

Licensing & Compatibility

• License: MIT License.
• Compatibility: Suitable for private deployment and integration into internal security scanning pipelines. Cross-platform (Windows, macOS, Linux).

Limitations & Caveats

The mcp module's AI analysis requires LLM API tokens and configuration, potentially incurring costs and depending on external service availability. The list of supported AI components and their vulnerability counts is extensive but subject to ongoing updates.