AI-Infra-Guard spans four security layers with 1,400+ vulnerability rules
Open-source red-teaming framework matches detection paradigms to infrastructure, protocol, behavior, and model layers across AI agent stacks.
Researchers have released AI-Infra-Guard, an open-source framework that audits AI agent stacks by treating each architectural layer as a distinct attack surface. The framework addresses a gap the authors identify: open-source AI infrastructure—model servers, agent platforms, the Model Context Protocol ecosystem, and language models themselves—has grown faster than the security tooling available to defend it.
AI-Infra-Guard divides agent security into four layers and assigns a detection paradigm to each. At the infrastructure layer, deterministic rule matching runs over 75+ AI components and 1,400+ vulnerability rules. The protocol and tool layer uses LLM-driven agentic auditing to inspect Model Context Protocol servers and agent-skill packages—supply-chain auditing that the authors say no other open-source framework currently covers. The agent behavior layer deploys multi-turn black-box red teaming, while the model layer runs a jailbreak harness with 26+ attack operators across sixteen datasets.
Matching method to layer
The core insight is that no single detection method works across all four layers. Infrastructure vulnerabilities respond to static rules; agent behaviors require dynamic multi-turn probing; model-level jailbreaks need adversarial prompt operators. By matching paradigm to layer, the framework aims to catch threats that single-method tools miss—especially in the agent-skill supply chain, where third-party packages extend agent capabilities and introduce new risk vectors.
The framework is available on Hugging Face under an open-source license. The authors position it as a practical foundation for agent security and a shared base for the community to extend.



