It's like Rust, but in Go

image scaling attacks for multi-modal prompt injection

HTTPLeaks - All possible ways, a website can leak HTTP requests

Go lib (and CLI) for quick creation of TLS keys and certificates for use in tests

An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.

Buttercup finds and patches software vulnerabilities

A declarative logic and rules engine framework with static analysis for Ruby

Observes and records changes to public OIDC metadata and JWKS for services listed in the jwks-catalog.

This project runs a Model Context Protocol (MCP) server that wraps the CodeQL query server. It enables tools like [Cursor](https://cursor.sh/) or AI agents to interact with CodeQL through structure…

A neurosymbolic perspective on LLMs

mbake is a Makefile formatter and linter. It only took 50 years!

MemProcFS

Direct Memory Access (DMA) Attack Software

Containerization is a Swift package for running Linux containers on macOS.

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

Documenting your Threat Models with HCL

Stalker, the Extensible Attack Surface Management tool.

A TypeScript implementation of the age file encryption format, available as an npm package or as a bundled .js file.

GenAI Agent Framework, the Pydantic way

An extremely fast Python type checker and language server, written in Rust.

Safer python package installs with audit and consent 𝘣𝘦𝘧𝘰𝘳𝘦 install

A tool for securing CI/CD workflows with version pinning.

Proof of concept agentic solver for nfuncs from DEF CON Quals 2025

Source code for the DEF CON 33 CTF Qualifiers.

Constrain, log and scan your MCP connections for security vulnerabilities.

Supply chain security for ML

keep-sorted is a language-agnostic formatter that sorts lines between two markers in a larger file.