An interactive web application providing a comprehensive, visual guide for securing AI agentic applications using OWASP best practices, NIST AI RMF, MITRE ATLAS, and industry taxonomies.
Live Site -- https://agenticsecurity.info/ OWASP Project -- Securing Agentic Applications
- Threat Modeler -- Drag-and-drop canvas for modeling agentic AI systems with automated MAESTRO-layer threat analysis, STRIDE classification, and exportable reports.
- NIST AI RMF Mapping -- Interactive force-directed graph mapping NIST AI Risk Management Framework functions to AISVS security controls.
- AISVS Controls -- Full OWASP AI Security Verification Standard (AISVS) with searchable categories, requirements, and implementation guidance.
- AIVSS Calculator -- AI Vulnerability Severity Score calculator for quantifying risk in AI/ML systems.
- Architecture Explorer -- Visual exploration of common agentic AI architecture patterns (sequential, router, parallel, hierarchical, etc.) with associated threats and mitigations.
- Threat Catalog -- Comprehensive catalog of 15 agentic AI threats with attack vectors, impact analysis, and linked mitigations.
- Security Controls -- 18 security controls and mitigations with implementation details.
- OWASP Agentic Top 10 -- Dedicated page for the OWASP Agentic AI Top 10 risks.
- Cisco AI Security Taxonomy -- Browsable view of the Cisco AI security taxonomy.
- Cross-Framework Taxonomy -- Sankey diagram linking threats across OWASP Agentic, Cisco, and AIVSS frameworks.
- MITRE ATLAS -- Tactics, techniques, and case studies from the MITRE ATLAS framework for adversarial ML.
- Interactive Checklist -- Security checklist and testing navigator for agentic AI systems.
git clone https://github.com/vineethsai/asi.git
cd asi
npm install
npm run devThe app will be available at http://localhost:8080.
| Command | Description |
|---|---|
npm run dev |
Start the Vite development server |
npm run build |
Production build (outputs to docs/) |
npm run preview |
Preview the production build locally |
npm run lint |
Run ESLint |
npm run lint:fix |
Run ESLint with auto-fix |
npm run typecheck |
TypeScript type checking |
npm run format |
Format source files with Prettier |
npm run format:check |
Check formatting without writing |
npm run check:data |
Validate cross-dataset integrity (threats, controls, AISVS, architectures) |
npm run validate |
Run all checks: typecheck, lint, data integrity, and build |
src/
components/
architecture/ Architecture explorer (D3 force graph)
components/ Framework data files (security, architectures, taxonomy)
home/ Homepage sections
interactive/ Security checklist and test navigator
layout/ Header, Footer, Sidebar
threat-modeler/ Drag-and-drop threat modeling canvas
edges/ Custom ReactFlow edge types
engine/ MAESTRO analysis engine and rules
export/ Report export (PNG, JSON)
nodes/ Custom ReactFlow node types
parsers/ Import parsers
ui/ shadcn/ui primitives
visual/ Architecture diagrams
hooks/ Custom React hooks
lib/ Utilities (analytics, helpers)
pages/ Route-level page components
scripts/
check-data-integrity.js Cross-dataset validation
docs/ Production build output (GitHub Pages)
public/ Static assets (favicons, fonts, manifest)
- React + TypeScript -- UI framework
- Vite -- Build tool and dev server
- Tailwind CSS -- Utility-first styling
- shadcn/ui + Radix UI -- Component library
- D3.js -- Data visualizations (force graphs, Sankey diagrams)
- React Flow -- Threat modeler node canvas
- React Router -- Client-side routing
- Geist -- Typography (Geist Sans + Geist Mono)
Contributions are welcome. Please read CONTRIBUTING.md before submitting a pull request.
To report a vulnerability, see SECURITY.md.
This project is licensed under the Apache License 2.0.
- Author: Vineeth Sai -- LinkedIn
- Repository: github.com/vineethsai/asi
- OWASP Project: Securing Agentic Applications