MASSAT - Security Audit for AI Agent Systems
Open-source security audit framework covering all 10 OWASP Agentic AI threat categories (ASI01-ASI10). Scan multi-agent systems for prompt injection, data exfiltration, broken access control, and 7 more categories. Returns risk scores (0-100) with remediation priorities. Free tier: 10 audits/day. Proven on a 94-agent production fleet. Complements Microsoft Agent Governance Toolkit.
Content
MASSAT - Multi-Agent System Security Audit Toolkit
The open-source security audit framework for AI agent systems. Covers all 10 OWASP Agent Security Index (ASI) categories. Used in production to audit a 94-agent fleet.
Get a Free Audit in 30 Seconds
curl -X POST https://craigmbrown.com/api/audit \
-H "Content-Type: application/json" \
-d '{"repo": "https://github.com/your-org/your-agent-repo"}'
Returns JSON with risk score, findings by severity, and link to full HTML report.
What MASSAT Checks
| Category | OWASP ID | What It Catches |
|---|---|---|
| Unbounded Agency | ASI01 | Agents with no permission boundaries or tool restrictions |
| Unsafe Tool Use | ASI02 | Direct shell access, unvalidated file operations, SQL injection |
| Insecure Communication | ASI03 | Unencrypted inter-agent messaging, missing TLS |
| Memory Poisoning | ASI04 | RAG injection vectors, unvalidated memory writes |
| Inadequate Sandboxing | ASI05 | Code execution without isolation, container escapes |
| Excessive Permissions | ASI06 | Over-scoped API keys, admin privileges on read-only agents |
| Identity Spoofing | ASI07 | No agent authentication, missing delegation proofs |
| Weak Oversight | ASI08 | No human-in-the-loop for critical actions |
| Supply Chain | ASI09 | Unpinned dependencies, unverified model sources |
| Denial of Service | ASI10 | No rate limiting, unbounded resource consumption |
API Reference
POST /audit - Run Security Audit
# Audit a GitHub repo (free, 10/day)
curl -X POST https://craigmbrown.com/api/audit \
-H "Content-Type: application/json" \
-d '{"repo": "https://github.com/user/agent-repo"}'
# Audit with payment (unlimited, full scope)
curl -X POST https://craigmbrown.com/api/audit \
-H "Content-Type: application/json" \
-H "X-402-Payment: <ecash-token>" \
-d '{"repo": "https://github.com/user/agent-repo"}'
Response:
{
"audit_id": "audit-20260405-004858-f31d9003",
"risk_score": 4.3,
"risk_level": "medium",
"critical": 0,
"high": 0,
"medium": 6,
"low": 4,
"report_url": "https://craigmbrown.com/audits/audit-20260405-004858-f31d9003.html",
"get_passport": "https://craigmbrown.com/api/onboard?audit_id=audit-20260405-004858-f31d9003",
"subscribe": "https://craigmbrown.com/api/subscribe"
}
POST /subscribe - Get Security Updates
curl -X POST https://craigmbrown.com/api/subscribe \
-H "Content-Type: application/json" \
-d '{"email": "you@company.com", "name": "Your Name", "company": "Acme AI"}'
GET /audit/{id} - Retrieve Full Report
curl https://craigmbrown.com/api/audit/audit-20260405-004858-f31d9003
GET /health - Service Status
curl https://craigmbrown.com/api/audit/health
Blog Posts
- Security Auditing a 94-Agent Fleet: Before & After MASSAT - How we went from 4.3 to 4.0 risk score across 30 hardened agents
- 93% of AI Agents Have Zero Security - Why agent identity and audit infrastructure matters now
- OWASP ASI01-10 for AI Agent Builders - Practical guide to each threat category with code examples
Real Audit Examples
See examples/ for sanitized production audit reports from 5 different fleet types:
- SFA Fleet (19 Single File Agents) - Score: 4.3
- Orchestrator Fleet (13 coordination agents) - Score: 4.3
- Communication Fleet (6 WhatsApp/notification agents) - Score: 4.3
- Marketplace Fleet (25 BlindOracle DeFi agents) - Score: 4.3
- MCP Server (Context Oracle tool server) - Score: 4.5
Connection to BlindOracle
MASSAT is the security layer for the BlindOracle agent marketplace:
- Every marketplace agent must pass a MASSAT audit before activation
- Audit results are embedded in ERC-8004 agent passports
- Continuous auditing available for marketplace operators ($99/mo)
- Delegation proofs (15 kinds) are verified against MASSAT findings
Agent Onboarding Flow:
1. curl /api/audit -> Get security score
2. curl /api/onboard -> Get ERC-8004 passport (includes audit results)
3. curl /api/subscribe -> Join mailing list for security updates
4. Marketplace active -> Agent listed on BlindOracle with verified badge
Repository Structure
massat-framework/
README.md # This file
LICENSE # MIT
api/
openapi.yaml # OpenAPI spec for the audit API
blog/
security-auditing-94-agent-fleet.md
93-percent-zero-security.md
owasp-asi-guide.md
examples/
audit-reports/ # Sanitized production audit JSON
curl/ # Ready-to-run curl examples
docs/
getting-started.md # Quick start guide
api-reference.md # Full API docs
threat-model.md # OWASP ASI01-10 detailed threat model
assets/
massat-badge.svg # Badge for GitHub READMEs
Links
- Live API: craigmbrown.com/api/audit
- BlindOracle Marketplace: craigmbrown.com/blindoracle
- Agent Passports: blindoracle-docs
- Whitepaper: Security Auditing a 94-Agent Fleet
License
MIT - See LICENSE for details.
Built by Craig Brown | Powered by BlindOracle
Server Config
{
"mcpServers": {
"massat": {
"command": "python",
"args": [
"-m",
"massat.server"
],
"env": {
"MASSAT_API_URL": "https://craigmbrown.com/api/v1/massat"
}
}
}
}Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题;
Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"
DeepChatYour AI Partner on Desktop
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.
Amap Maps高德地图官方 MCP Server
Playwright McpPlaywright MCP server
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.
WindsurfThe new purpose-built IDE to harness magic
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
Tavily Mcp
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
RedisA Model Context Protocol server that provides access to Redis databases. This server enables LLMs to interact with Redis key-value stores through a set of standardized tools.
ChatWiseThe second fastest AI chatbot™
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
CursorThe AI Code Editor
Y GuiA web-based graphical interface for AI chat interactions with support for multiple AI models and MCP (Model Context Protocol) servers.
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Serper MCP ServerA Serper MCP Server
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code