AI Security

LLM security: prompt injection, jailbreak detection, guardrails, and adversarial evaluation.

All Breaking Security Features

Important Recent

← Releases

Config change

Guardrails v0.22.0 Breaking risk 12d

Auth

Usage reporting, LangChain optional, IORails enhancements

Open

Upgrade now

msaad00/agent-bom v0.87.0 Breaking risk 17d

Dependencies

Cryptography core dependency

Open

No immediate action

ArmorerLabs/Armorer-Guard v0.2.4 Breaking risk 19d

MIT license change

Open

Config change

msaad00/agent-bom v0.83.4 Breaking risk 1mo

Auth

Auth for remote HTTP

Open

v0.82.1 (1mo) Next 16 export fix

v0.81.1 (1mo) Tenant-scoped gateway routing

No immediate action

Acacian/aegis v0.9.2 Breaking risk 1mo

PR comment posting + README restructuring

Open

Review required

msaad00/agent-bom v0.75.14 Breaking risk 2mo

Auth Dependencies

Railway bearer token required

Open

AI-Infra-Guard by Tencent Zhuque Lab v4.1 Breaking risk 2mo

Breaking changes

License migration from MIT to Apache 2.0; NOTICE file added with attribution requirements

Security fixes

Completed CodeQL path‑injection remediation (Round 2), closing all related security alerts
Fixed path injection risk in `readAgentConfigContent` with input validation and boundary checks

Notable features

Added port 18789 to default AI infrastructure scan ports
Added AIG vulnerability rules (2026‑03‑20 batch)
Added 281 new CVE/GHSA entries for OpenClaw components

No immediate action

msaad00/agent-bom v0.74.0 Breaking risk 2mo

CLI refactor + PCI DSS compliance

Open

v0.71.1 (2mo) ToolHive removal + OS scan

Review required

jnMetaCode/shellward v0.5.0 Breaking risk 2mo

Auth RCE / SSRF

Platform‑agnostic core & DLP model

Open

No immediate action

msaad00/agent-bom v0.70.7 Breaking risk 2mo

AI scanning + DeepSeek + outputs

Open

v0.70.6 (2mo) Severity default mapping

Guardrails v0.21.0 Breaking risk 2mo

Breaking changes

Removed stream_usage from streaming metadata capture

Notable features

IORails Input/Output rail engine with parallel execution
check_async method for standalone rail validation
OpenAI-compatible server with v1/models endpoint

AI-Infra-Guard by Tencent Zhuque Lab v4.0 Breaking risk 2mo

⚠ Upgrade required

Removed `idSuffix` field from provider configurations; adjust existing configs accordingly
Dockerfile and docker.sh updated to support Agent-Scan framework and optimize shallow clone with Docker Compose v2 usage

Notable features

EdgeOne ClawScan: dedicated, AI-powered security portal for OpenClaw with on-demand health checks and comprehensive scans
Agent-Scan Framework: multi-agent architecture with specialized sub-agents covering OWASP ASI compliance, SSRF detection, config scanning, vulnerability detection, data leakage, and tool abuse

No immediate action

msaad00/agent-bom v0.65.0 Breaking risk 2mo

Native OCI layer parser

Open

v0.64.0 (2mo) Zero‑trust auth model

v0.60.1 (2mo) _meta.tools removal

Guardrails v0.20.0 Breaking risk 4mo

Breaking changes

Removed streaming field from configuration

Notable features

Nemotron reasoning-capable content safety models
GLiNER for open-source PII detection
Multilingual refusal messages in content safety rails

AI-Infra-Guard by Tencent Zhuque Lab v3.6.0 Breaking risk 4mo

Notable features

Added SYS_ADMIN capability for Chrome sandbox and database indexes
Updated AI tool protocol scan report with model & scan duration

v3.5-preview (6mo) MCP-Scan framework + attack methods

Guardrails v0.19.0 Breaking risk 6mo

Notable features

LangChain 1.x compatibility
Content blocks API support for reasoning traces and tool calls

v0.18.0 (6mo) Reasoning trace handling

v0.15.0 (9mo) OpenTelemetry API adoption

v0.14.0 (11mo) Reasoning trace handling