e open-sourced 209 security tests for multi-agent AI systems (MCP, A2A, L402/x402 protocols)

Most AI security testing focuses on the model: prompt injection, jailbreaking, and output filtering. We’ve been working on something different: testing the agent *system*. The protocols, integrations, and decision paths that determine what agents do in production. The result is a framework with 209 tests covering 4 wire protocols: **MCP (Model Context Protocol)** Tool invocation security: auth, injection, data leakage, tool abuse, scope creep **A2A (Agent-to-Agent)** Inter-agent communication: message integrity, impersonation, privilege escalation **L402 (Lightning)** Bitcoin-based agent payments: payment flow integrity, double-spend, authorization bypass **x402 (USDC/Stablecoin)** Fiat-equivalent agent payments: transaction limits, approval flows, compliance Every test maps to a specific OWASP ASI (Agentic Security Initiatives) Top 10 category. Cross-referenced with NIST AI 800-2 categories for compliance reporting. “` pip install agent-security-harness “` 20+ enterprise platform adapters included (Salesforce, ServiceNow, Workday, etc.). MIT license. Feedback welcome. Especially from anyone running multi-agent systems in production. What attack vectors are we missing? submitted by /u/Careful-Living-1532 [link] [comments]Technical Information Security Content & DiscussionRead More