FORGE: Open Source AI Security Testing Framework for LLM Systems

FORGE (Framework for Orchestrated Reasoning & Generation of Engines) is an open source autonomous AI security testing framework for LLM systems that runs 24/7 and covers OWASP LLM Top 10 vulnerabilities.
Key Features
- Builds its own tools mid-run — generates custom Python modules on the spot when encountering unknown vulnerabilities
- Self-replicates into a swarm — creates subprocess copies that share a live hive mind
- Learns from every session — uses SQLite to store patterns, AI scores findings, and genetic algorithms evolve its own prompts
- AI pentesting AI — 7 modules covering OWASP LLM Top 10 vulnerabilities
- Honeypot — fake vulnerable AI endpoint that catches attackers and classifies whether they're human or AI agent
- 24/7 monitor — watches AI in production, alerts on latency spikes, attack bursts, and injection attempts via Slack/Discord webhook
- Stress tester — OWASP LLM04 DoS resilience testing with live TPS dashboard and A-F grade
- Works on any model — Claude, Llama, Mistral, DeepSeek, GPT-4, Groq, anything — one environment variable to switch
OWASP LLM Top 10 Coverage
- LLM01 Prompt Injection → prompt_injector + jailbreak_fuzzer (125 payloads)
- LLM02 Insecure Output → rag_leaker
- LLM04 Model DoS → overloader (8 stress modes)
- LLM06 Sensitive Disclosure → system_prompt_probe + rag_leaker
- LLM07 Insecure Plugin → agent_hijacker
- LLM08 Excessive Agency → agent_hijacker
- LLM10 Model Theft → model_fingerprinter
Setup and Usage
Installation commands:
git clone https://github.com/umangkartikey/forge
cd forge
pip install anthropic rich
export ANTHROPIC_API_KEY=your_keyRun with local Ollama for free:
FORGE_BACKEND=ollama FORGE_MODEL=llama3.1 python forge.pyThe tool addresses common LLM security gaps: most AI apps deployed today have never been red teamed, system prompts are fully extractable, jailbreaks work, RAG pipelines leak, and indirect prompt injection via tool outputs is almost universally unprotected. FORGE automates finding these vulnerabilities the same way a human red teamer would, but faster and running 24/7.
📖 Read the full source: r/LocalLLaMA
👀 See Also

OneCLI: Open-Source Credential Vault for AI Agents
OneCLI is an open-source gateway written in Rust that sits between AI agents and external services, injecting real credentials at request time while agents only see placeholder keys. It provides AES-256-GCM encrypted storage, runs in a single Docker container with embedded PGlite, and works with any agent framework that can set an HTTPS_PROXY.

Smart Bash Permission Hook for Claude Code Prevents Compound Command Bypass
A Python PreToolUse hook addresses a security gap in Claude Code's permission system where compound bash commands could bypass allow/deny patterns. The script decomposes commands into sub-commands and checks each individually against existing permission rules.

McpVanguard: Open-source security proxy for MCP-based AI agents
McpVanguard is a 3-layer security proxy and firewall that sits between AI agents and MCP tools, adding protection against prompt injection, path traversal, and other attacks with about 16ms latency.

Student contributes two security patches to OpenClaw production system
A student developer fixed a 'fail-open' vulnerability in OpenClaw's gateway logic (PR #29198) and a tabnabbing vulnerability in chat images (PR #18685), with both patches landing in production releases v2026.3.1 and v2026.2.24 respectively.