awesome-agent-security

> A curated list of resources for AI agent identity, authorization, coordination, and security.

As AI agents move from demos to production, securing them becomes critical. This list covers tools, frameworks, papers, standards, and best practices for making AI agents trustworthy.

Contributions welcome! See CONTRIBUTING.md for guidelines.

---

• Identity and Authentication
• Authorization and Policy
• Agent Coordination
• Sandboxed Execution
• Security Monitoring
• Standards and Protocols
• Papers and Research
• Incidents and Case Studies
• Talks and Presentations
• Books and Guides

---

*Tools and platforms for giving AI agents verifiable identities.*

• Authora Identity - Cryptographic agent identities (Ed25519), RBAC, delegation chains (RFC 8693), MCP authorization, policy engines, approval workflows, audit logging. SDKs in TypeScript, Python, Rust, Go.
• Permit.io - Fine-grained authorization with agentic identity support. Intent-based identity, MCP gateway, built on OPA/OPAL.
• Oso - Authorization framework with Polar policy language. Agent Security product with scope/watch/enforce/audit.
• SPIFFE/SPIRE - Secure Production Identity Framework for Everyone. Workload identity standard applicable to agent systems.
• Sigstore - Keyless signing for software artifacts. Applicable to agent action signing.

*Frameworks for controlling what AI agents can do.*

• OPA (Open Policy Agent) - G