Cybersecify

Security agent for AI developers

Scan MCP servers. Check packages before installing. Audit dependencies. Verify repos. Runtime GO/CAUTION/BLOCK decisions. Query agent threats. 9 tools, zero dependencies, one install.

Install Community Edition Cybersecify Pro View on GitHub
9
Security Tools
10
OWASP Checks
0
Dependencies
Cursor + Claude
Works In
Get Started

One line install

Add to your Cursor or Claude Desktop config and start scanning.

JSON { "mcpServers": { "security": { "command": "npx", "args": ["cybersecify"] } } }

Then ask your AI:

Capabilities

11 security tools

MCP server scanning, supply chain checks, and runtime decisions -- all from natural language.

MCP Security

scan_server

Full OWASP MCP Top 10 scan of any MCP server endpoint. Tests authentication, input validation, rate limiting, and more.

Scan this MCP server

assess_risk

Risk-rate all exposed tools on a server. Flags dangerous capabilities like file system access, code execution, and network calls.

How risky is this server?

check_call

Runtime GO/CAUTION/BLOCK decision for any MCP tool call. Evaluates the tool, arguments, and context before execution.

Should I make this call?

check_args

Injection pattern detection across tool arguments. Catches prompt injection, SQL injection, command injection, and XSS patterns.

Are these arguments safe?
Supply Chain

safe_to_install

Pre-install safety check for any npm or PyPI package. Checks age, maintainers, known vulnerabilities, and typosquatting signals.

Is litellm safe to install?

audit_dependencies

Bulk dependency audit from package.json or requirements.txt. Checks every dependency against vulnerability databases in parallel.

Audit my package.json

check_cves

CVE database lookup for any package. Returns known vulnerabilities with severity ratings and fix versions.

Any CVEs for mcp-bridge?

check_repo

GitHub repo trust scoring. Checks stars, forks, contributors, license, recent activity, and open security advisories.

Is this repo safe?
Threat Intelligence

check_agent

Query the Agent Threat Database for known incidents. Checks AI agents, MCP servers, and packages against real-world data exfiltration, credential theft, and supply chain attacks.

Any known threats for mcp-remote?
Compliance

compliance_scan

Scan any MCP server against EU AI Act, OWASP Agentic AI Top 10, and OWASP MCP Top 10 in one command. Unified compliance report with remediation.

Is my MCP server EU compliant?
Try It

See it in action

Test against our deliberately vulnerable MCP server.

Scan dvmcp.co.uk -- our deliberately vulnerable MCP server

Or install cybersecify and ask your AI to scan any server.

Why This Matters

Supply chain attacks are real.

These are not hypothetical threats. Compromised packages, credential stealers, and typosquats are hitting AI developers every week. Cybersecify catches them before you install.

litellm CVE-2026-33634
TeamPCP compromised LiteLLM on PyPI (Mar 2026). Malicious versions contained a multi-stage credential stealer targeting SSH keys, cloud tokens, Kubernetes secrets, and .env files plus a persistent systemd backdoor.
3.4M downloads/day · Used by Stripe, Netflix, Google · CVSS 9.4
Detected: safe_to_install returns DANGER (17 known CVEs)
Datadog Security Labs →
npm worm (Shai-Hulud) CRITICAL
Self-replicating npm worm that steals tokens, then publishes trojanised versions of every package the victim maintains. SANDWORM_MODE phase injected MCP servers into AI coding tools (Claude Code, Cursor, VS Code) to manipulate agents into exfiltrating credentials.
796+ packages compromised · 132M monthly downloads affected · CISA advisory issued
Detected: check_cves flags compromised packages from vulnerability databases
Socket.dev →
ultralytics HIGH
Attackers exploited GitHub Actions script injection to push malicious versions of the popular YOLO AI library. Compromised builds deployed XMRig crypto miners on every install. Google Colab users were banned for "abusive activity".
30K+ GitHub stars · 60M+ total PyPI downloads · Malicious for 12 hours
Detected: safe_to_install flags crypto miner CVE (PYSEC-2024-154)
PyPI Official Blog →
deepseeek / deepseekai CRITICAL
Typosquatted DeepSeek packages on PyPI (Jan 2025). Infostealer payload exfiltrated API keys, database credentials, and infrastructure access tokens. The malware itself was AI-generated.
200+ downloads before removal · Targeted ML engineers
Detected: safe_to_install flags new package age, low downloads, name similarity
Dark Reading →
Hugging Face models HIGH
Malicious ML models uploaded in PyTorch format but compressed with 7z to bypass Hugging Face's Picklescan security scanner. Exploited Python's Pickle deserialization to execute arbitrary code when models were loaded.
Bypassed primary security scanning · Prompted safetensors migration
Out of scope: model files, not packages — requires runtime sandboxing
ReversingLabs →
Slopsquatting EMERGING
Attackers register package names that LLMs hallucinate. When an AI assistant recommends a non-existent package, attackers have already created it with malware. 20-35% of hallucinated names were weaponised.
Affects every AI coding assistant · Growing attack vector
Detected: safe_to_install flags zero-history packages with suspicious metadata
Aikido.dev →

73% rise in malicious open-source packages year over year. — ReversingLabs 2026 Report

Credentials

Standards-backed

Built by contributors to the standards that define MCP security.

OWASP

MCP Security Cheat Sheet

Section 7: Message Integrity & Replay Protection. Merged into the official OWASP cheat sheet series.

cheatsheetseries.owasp.org →
IETF

6 Internet-Drafts

Six Internet-Drafts submitted to the IETF covering MCP security, agent identity, audit trails, and ATTP -- the Agent Trust Transport Protocol.

datatracker.ietf.org →

Need runtime protection for production MCP deployments? See MCPSaaS.

CYBERSECIFY PRO

Enterprise MCP Security Platform

All tools. Plus OWASP Top 10 scan rules, automation, dashboards, reporting, and team features.

Community Edition FREE

For individual developers and researchers

  • 9 security tools
  • OWASP MCP Top 10 scan
  • Supply chain checks
  • Threat intelligence
  • CLI and MCP interface
  • Terminal output
  • BSL 1.1 License
Install Free
COMING SOON

Pro Edition

For teams and enterprise security

  • Everything in Community, plus:
  • OWASP Top 10 Active Scan Rules (6 checks)
  • OWASP Top 10 Passive Scan Rules (4 checks)
  • CIS MCP Benchmark (22 controls)
  • EU AI Act compliance scan
  • DAST mode with SARIF output
  • CI/CD integration (GitHub Actions, GitLab)
  • REST API access
  • Scheduled and recurring scans
  • Multi-target scanning
  • PDF, JSON, JUnit report export
  • SIEM integration (Splunk, Sentinel)
  • Historical trend tracking
  • Team scoreboard and progress
  • Priority support with SLA
Request Early Access

Important

Cybersecify checks known vulnerabilities from multiple sources. It does NOT perform source code analysis, zero-day detection, or runtime malware scanning.

CyberSecAI Ltd accepts no liability for any damage, loss, or security incident arising from reliance on scan results. Always perform independent security review before deploying to production.

Vulnerability data is sourced from third-party databases and may be incomplete or delayed. A clean scan does not guarantee the absence of security issues.

Cybersecify is provided as-is without warranty of any kind, express or implied.

Cybersecify is licensed under the Business Source License 1.1. Free for non-commercial use. Commercial use requires a separate license from CyberSecAI Ltd. View License

Cybersecify is a product of CyberSecAI Ltd. It is not affiliated with, endorsed by, or associated with OWASP, IETF, Anthropic, or the Model Context Protocol project.