AgentNull: AI System Security Threat Catalog + Proof-of-Concepts. Collection of PoCs for using Agents, MCP, and RAG in bad ways.
Overview
What is AgentNull?
AgentNull is a repository that catalogs attack vectors targeting autonomous AI agents, providing proof-of-concepts (PoCs) for each vector, aimed at enhancing security research and threat modeling.
How to use AgentNull?
To use AgentNull, navigate into each pocs/<attack_name>/ folder and follow the README instructions to replicate the attack scenarios.
Key features of AgentNull?
- Comprehensive threat catalog for AI agents
- Individual proof-of-concepts for various attack vectors
- Structured data for SOC/SIEM ingestion
Use cases of AgentNull?
- Red team exercises to test the security of AI systems.
- Educational purposes for understanding AI vulnerabilities.
- Internal security research to develop better defenses against AI threats.
FAQ from AgentNull?
- Is AgentNull suitable for production use?
No, AgentNull is intended for educational and internal security research purposes only.
- Can I use the techniques in AgentNull against systems I do not own?
No, you must have explicit authorization to test any systems with the techniques provided.