π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts
@jaschadub
About π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts
AgentNull: AI System Security Threat Catalog + Proof-of-Concepts. Collection of PoCs for using Agents, MCP, and RAG in bad ways.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"AgentNull": {
"command": "python3",
"args": [
"advanced_tool_poisoning_agent.py",
"local"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts?
It is a red team-oriented catalog of attack vectors targeting AI systems, including autonomous agents (MCP, LangGraph, AutoGPT), RAG pipelines, vector databases, and embedding-based retrieval systems. Each attack vector comes with an individual proof-of-concept (PoC), a human-readable catalog entry, and a structured JSON version for SOC/SIEM ingestion. It is intended for educational and internal security research only.
How to use π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts?
Navigate into each pocs/<attack_name>/ folder and follow its README to replicate the attack scenario. For enhanced PoC demonstrations without API costs, use Ollama with local models (e.g., ollama pull gemma3), then run PoCs with python3 advanced_tool_poisoning_agent.py local or simulation mode.
Key features of π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts
- Catalog contains attack vectors for AI agents, RAG, vector databases, and embeddings.
- Each attack vector includes its own README, code, and sample input/output.
- Structured JSON catalog available for SOC/SIEM ingestion.
- Novel starred (β) attack concepts developed primarily within the AgentNull project.
- Supports local LLM testing via Ollama for cost-free demonstrations.
Use cases of π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts
- Red teaming autonomous agent architectures (MCP, LangGraph, AutoGPT).
- Assessing RAG pipeline and vector database security postures.
- Testing embedding-based retrieval systems against poisoning and skew attacks.
- Replicating known and novel attack patterns for security research and training.
FAQ from π§ AgentNull: AI System Security Threat Catalog + Proof-of-Concepts
What distinguishes the starred (β) attack vectors from others?
The starred vectors are novel concepts primarily developed within the AgentNull project, extending beyond existing documented attack patterns. Non-starred vectors link to known research or published vulnerabilities.
What dependencies are required to run the PoCs?
PoCs can run in simulation mode with no external dependencies, or with a local LLM via Ollama. Ollama requires at least ~4 GB RAM per model and runs on Linux/macOS via curl -fsSL https://ollama.ai/install.sh | sh.
Where do the attack vectors apply?
The catalog covers MCP & Agent Systems, Memory & Context Systems, RAG & Vector Systems, Code & File Systems, Resource & Performance attacks, multi-agent attacks, prompt injection advances, and more.
Is it safe to use this in production?
No. The repository is for educational and internal security research only. Do not deploy any techniques or code in production or against systems you do not own or have explicit authorization to test.
What transport or authentication does the catalog assume?
The catalog does not mandate a specific transport or authentication scheme; each PoCβs README describes the target system configuration used in the demonstration.
More Developer Tools MCP servers
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
nuxt-mcp / vite-plugin-mcp
antfuMCP server helping models to understand your Vite/Nuxt app better.
Huoshan Test
volcengineGrafana MCP server
grafanaMCP server for Grafana
Comments