I build tools that test whether AI agents make safe decisions under adversarial conditions. Published research, production-validated, open source.
342 adversarial security tests for AI agent systems. 4 wire protocols (MCP, A2A, L402, x402), 24 modules, 20+ enterprise platforms.
Now also an MCP server - any AI agent can invoke security tests directly.
- PyPI:
pip install agent-security-harness - GitHub: red-team-blue-team-agent-fabric
- GitHub Action:
uses: msaleme/red-team-blue-team-agent-fabric@v3.8
- 97.9% pass rate against production systems (Wilson 95% CI [0.943, 0.994])
- Independent validation by DrCookies84 against live infrastructure (AutoGen #7432)
- 22 rounds of critical evaluation, 125 issues raised, 94 fixed, 10/10 final score
- CVE-2026-25253 (CVSS 8.8) - our MCP tests catch the exact supply chain attack vector
- Attestation JSON Schema (structured security reports)
- AIUC-1 Certification Prep (maps to all 24 requirements)
- Free MCP Security Scan (5-test, A-F grading)
- Monthly Agent Security Report pipeline
- Discord Security Scan Bot
- Real multi-trial statistical testing (Wilson CIs, NIST AI 800-2 aligned)
| Paper | DOI | What it proves |
|---|---|---|
| Decision Load Index (DLI) | 10.5281/zenodo.18217577 | AI agents increase cognitive burden. Here's how to measure it. |
| Constitutional Self-Governance (CSG) | 10.5281/zenodo.19162104 | The WHO vs HOW governance gap. 77 days production data, 56 agents. |
| Normalization of Deviance (NoD) | 10.5281/zenodo.19195516 | Gateway defenses provide zero protection for protocol-level attacks. |
| Beyond Identity Governance | 10.5281/zenodo.19343034 | Empirical evidence: gateways miss protocol-layer attacks. The WHO vs HOW gap, formalized. |
| Community-Driven Security | 10.5281/zenodo.19343108 | How to scale security testing through community contribution without degrading integrity. |
3 NIST submissions: CAISI RFI (Mar 1), NIST-CONCEPT-1 (Mar 12), NCCoE follow-up (Mar 21, 2026).
Most AI security tools scan configurations or test models. This framework sends real adversarial payloads over the wire and observes what breaks. It's the difference between npm audit and a penetration test.
Complementary to: Invariant MCP-Scan (static scanning), Cisco MCP Scanner (YARA rules), Snyk Agent Scan (config analysis), NVIDIA Garak (model-layer).
Unique to us: Multi-protocol (MCP + A2A + L402 + x402), AIUC-1 mapping, MCP server mode, research backing (5 DOIs + NIST), attestation registry, production validation.
| Tier | What you get | Price |
|---|---|---|
| Open Source | 342 tests, GitHub Action, MCP server, attestation reports | Free |
| Guardrail Audit | Run the harness against your deployment + 30-min remediation walkthrough | $3,000 |
| Trusted Context Sprint | Full decision governance implementation + ongoing advisory | $18,000 |
Schedule a call | trusted@synapseops.com
Signal Ops provides operational research and decision-support services only. No investment, legal, or tax advice.
- Moltbook: Signal-Lab-Ops-Bot - 36+ comment threads on agent security
- A2A Protocol: Runtime attestation discussion (#1677, 11 comments)
- AutoGen: Security testing for multi-agent systems (#7432, 22 comments)
- AIUC-1: Pre-certification readiness tool (mapping)
- GitHub: msaleme
- X: @mikesaleme (DLI article: 9.2K views)
- LinkedIn: mikesaleme
- PyPI: agent-security-harness (109 downloads/day)