Guard Your AI: Tencent Unveils A.I.G for MCP and Infrastructure Security

A.I.G (AI-Infra-Guard) integrates capabilities such as AI infra vulnerability scan, MCP Server risk scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination.

Core Features

• AI Infra Scan:Identifies known CVE vulnerabilities in web services of AI frameworks and components (e.g., Ollama, ComfyUI) used across AI training, deployment, and application development through precise fingerprint matching.
• MCP Scan:Leverages AI Agents to intelligently detect security threats in MCP Servers – including tool poisoning, code vulnerabilities, and data exfiltration risks – enabling MCP developers and marketplaces to complete security certification prior to release.
• Jailbreak Evaluation:Uses high-quality, diverse datasets to automatically evaluate LLM resilience against malicious, adversarial, or deceptive prompts, exporting vulnerable cases to support model security alignment and guardrail reinforcement.

Additional Benefits

• Modern Web Interface: User-friendly UI with one-click scanning and real-time progress tracking
• Complete API: Full interface documentation and Swagger specifications for easy integration
• Multi-Language: Chinese and English interfaces with localized documentation
• Cross-Platform: Linux, macOS, and Windows support with Docker-based deployment
• Free & Open Source: Completely free under the MIT license

A.I.G Case Studies

Internal AI Infrastructure Vulnerability Scanning

A.I.G’s AI Infra Scan feature supports the detection of CVE vulnerabilities in the web services of AI frameworks such as vLLM, ComfyUI, Ollama, Triton Inference Server, and Ray.

More Recommended Integration Scenarios

A.I.G can be flexibly integrated into existing business pipelines to achieve automated security testing. Below are some common integration scenarios and tool types:

CI/CD Pipelines:

A.I.G can serve as a security gate in a CI/CD pipeline, automatically triggering scans during code submission, build, or deployment phases to ensure that only applications that pass security checks can proceed to the next stage.

• Example Integration Point: Call A.I.G’s API for security detection after an MCP Server is built or before it is deployed.

DevSecOps Platforms:

Integrate with DevSecOps platforms to aggregate all of A.I.G’s risk scan results into a unified security dashboard, providing comprehensive security posture awareness.

• Example Integration Point: Import A.I.G’s scan reports into the DevSecOps platform via API or report export functionality.

Git Code Security Review:

Integrate with code repositories to automatically trigger security scans during Pull Requests or Merge Requests, with results displayed directly in the code review interface. Common integration tools include:

• Example Integration Point: Configure webhooks to trigger A.I.G scans on PR/MR events and send the status check results back to the code repository.

Install & Use

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy