Built a small OSS tool for AI agent security and would appreciate technical critique: https://github.com/arpitha-dhanapathi/pluto-aguard It’s an OWASP-aligned launch gate for AI agents. Current scope: static scan, OWASP MCP/LLM control mapping, adversarial policy simulation, what-if risk simulation, baseline drift detection, launch evidence packets, and GitHub Action support. It does not do runtime enforcement yet. I’m deciding whether the next step should be live agent attack testing or an MCP/tool-call proxy. Specific feedback I’m looking for: Are the OWASP mappings reasonable? Are the attack scenarios realistic? What agent failure modes are missing? Would this be useful in CI, or is runtime enforcement the only version that matters? Thank you! submitted by /u/Weekly-Diamond9059 [link] [comments]