README.md

The pre-flight check for AI agents.

Static analysis that catches the bugs only agent code can have — token bombing, prompt injection, missing oversight, compliance gaps — before they ship.

_{Every scan is a shareable report — view this one live}

Why Inkog

Most security tools find SQL injection. Inkog finds the things that only break in agent code:

• Token bombing — loops where the LLM controls termination, draining your API budget
• Recursive tool calling — one user request fans out into 10,000 LLM invocations
• Prompt injection sinks — RAG output flowing into a system prompt no one reviewed
• Missing oversight — destructive tools (refunds, deletes, money) firing without human approval
• Cross-tenant leakage — global state shared between agent invocations
• MCP tool poisoning — malicious tool descriptions hijacking your agent

Findings map directly to EU AI Act Article 14 / 15, NIST AI RMF, ISO 42001, and OWASP LLM Top 10 — at the article level, not just bucket labels.

Try it on a public repo → · no signup, results in 60 seconds.

State of AI Agent Security 2026

We scanned 500+ open-source AI agents. 85% had at least one vulnerability.

Other findings from the data:

• 63% of findings were CRITICAL or HIGH severity
• 25% failed EU AI Act Article 14 (human oversight)
• 11,705 total findings across LangChain · CrewAI · AutoGen · pydantic-ai · LangGraph · MCP servers · OpenAI Agents · n8n · Flowise · DSPy

The largest security analysis of the AI agent ecosystem — original data from automated static analysis, not surveys.

Read the full report →

Quick start

# No install
npx -y @inkog-io/cli scan .

# Or install permanently
brew tap inkog-io/inkog && brew install inkog
go install github.com/inkog-io/inkog/cmd/inkog@latest

# Get a free API key at app.inkog.io
export INKOG_API_KEY=sk_live_...
inkog .

GitHub Actions

- uses: inkog-io/inkog@v1
  with:
    api-key: ${{ secrets.INKOG_API_KEY }}
    sarif-upload: true   # findings show in the GitHub Security tab

Workflow example · GitLab / Azure / Jenkins templates

How Inkog compares

The closest direct alternative to Inkog is SplxAI Agentic Radar — also OSS, also static analysis of agent code. Honest side-by-side:

Different problem, complementary tools — use Inkog with one of these, not instead of:

• Dev-environment scanning — Snyk Agent Scan, AgentShield audit installed MCP servers and editor configs on your laptop (different scan target — your laptop, not your repo)
• Runtime adversarial probing — Lakera, Straiker, Crucible, MS Red Teaming Agent, NVIDIA Garak test deployed agents at the API boundary
• Quality / hallucination evaluation — Giskard, Patronus AI test answer correctness and safety, not code-level security

Detailed comparison →

Frameworks

Code-first: LangChain · LangGraph · CrewAI · AutoGen · AG2 · OpenAI Agents · Semantic Kernel · Azure AI Foundry · LlamaIndex · Haystack · DSPy · Phidata · Smolagents · PydanticAI · Google ADK

No-code: n8n · Flowise · Langflow · Dify · Microsoft Copilot Studio · Salesforce Agentforce

Use from your editor

npx -y @inkog-io/mcp

Adds Inkog as an MCP server in Claude Code, Cursor, ChatGPT — 7 tools including MCP server auditing, Skill package scanning, multi-agent topology analysis. MCP integration →

More features

inkog -deep .
inkog -deep -output html . > report.html

inkog skill-scan .
inkog mcp-scan github
inkog skill-scan --deep --repo https://github.com/org/repo

inkog red --target https://your-agent.example.com

inkog . --policy low-noise        # only proven vulnerabilities
inkog . --policy balanced         # default — vulnerabilities + risk patterns
inkog . --policy comprehensive    # everything including hardening tips
inkog . --policy governance       # Article 14 controls, authorization, audit trails
inkog . --policy eu-ai-act        # EU AI Act compliance report

Community

• 💬 Discord — questions, feedback, feature requests
• 📚 Documentation
• 🐛 Issues
• 🤝 Contributing · Changelog

License

Apache 2.0 — see LICENSE.