Security●●●●Gem
Vett – Scan, sign, and verify AI agent skills before installing
First real supply-chain defense for AI agent ecosystems; catches nation-state-grade payloads.
Zero to OneBig BrainWizardry
nikon
303mo ago
Back to browse
GitHub Repository
API security testing with LLM-generated attack scenarios
2 starsPython
Entropy – API security testing using LLMs to generate attack scenarios
by arjinexe·Mar 5, 2026·2 points·1 comment
AI Analysis
●●SolidBig BrainWizardry
LLM-generated attack personas beat static scanners, but Burp Suite + custom rules solve this already.
Strengths
- •Five parallel attacker personas (insider, bot swarm, etc.) go beyond typical payload lists
- •Baseline diffing avoids false positives by comparing responses against clean state
- •Works on OpenAPI, GraphQL, or autodiscovered endpoints without spec files
Weaknesses
- •Relies entirely on LLM quality—bad prompts mean bad attacks; no evaluation against real CVEs
- •Traditional scanners (Burp, Zap) + BDD frameworks already solve business logic testing
Category
Target Audience
API developers, security engineers, DevSecOps teams
Similar To
Burp Suite · OWASP ZAP · Nuclei
Post Description
I built Entropy to solve a specific problem: traditional API scanners often miss business logic flaws because they rely on static attack lists. Entropy uses LLMs to analyze your API schema (OpenAPI/GraphQL) and think like an adversary to generate custom attack sequences.Note: I'm currently fixing a small packaging issue, so "pip install" might be temporarily unavailable for the next few hours. In the meantime, you can run it directly from the source by cloning the repo. I'd love to hear your thoughts and feedback!
Similar Projects
Security●●Solid
Open-source white-box agentic red teamer for AI agents
White-box agent red teaming finds 5x more vulns than black-box prompt injection.
Dark HorseSolve My Problem
ashish-a
102mo ago
Security●●●Banger
Promptinel – A Security Scanner for Prompts
Deterministic prompt linter flags injection, exfiltration, obfuscation before LLM runs—treats prompts as executable code.
Big BrainZero to OneSolve My Problem
cunningfatalist
102mo ago
Security●●Solid
PromptSonar – Static analysis for LLM prompt security
Static scanner catches prompt injections in code before runtime, unlike runtime guards.
Solve My ProblemShip It
meghal86
102mo ago
Security●Mid
RedSOC – 100% prompt injection success on AI SoC assistants
Research framework with published paper, not a production red-teaming tool.
Bold BetNiche Gem
krishna3145
201mo ago
Security●●Solid
When your agent LLM judge become your enemy
Warning labels on retrieved documents actually make attacks five times more successful.
Big Brain
DmitriyBuchilin
107d ago