Cybersecurity AI (CAI): Open-source framework for AI security

Cybersecurity AI (CAI) is an open-source framework that helps security teams build and run AI-driven tools for offensive and defensive tasks. It’s designed for anyone working in security, including researchers, ethical hackers, IT staff, and organizations that want to use AI to find vulnerabilities, test defenses, and improve their security.

Building and testing AI-driven security tools

CAI provides the core pieces needed to create custom AI agents that can handle tasks like mitigation, vulnerability scanning, exploitation, and security assessments.

CAI comes with built-in tools for reconnaissance, exploitation, and privilege escalation. The framework has been proven in real-world use, including HackTheBox CTFs, bug bounty programs, and other security projects. Its modular, agent-based design allows users to create specialized agents for different tasks. It also includes guardrails to prevent prompt injection and unsafe command execution.

Open source and download

The developers chose to open source CAI for two main reasons:

• Advanced cybersecurity AI tools shouldn’t be limited to big companies or governments. By making CAI open source, they give researchers, ethical hackers, and organizations access to the same capabilities, helping to balance the field.
• There’s a lack of clarity around what current AI systems can really do in security. Many vendors downplay these capabilities, which creates risks. Building CAI in the open shows its strengths and limits, so others can make informed decisions.

CAI is lightweight, easy to use, and built around agents so it can scale and adapt to different tasks. It comes with built-in tools but also lets users add their own. Logging and tracing are built in through Phoenix, and it supports over 300 AI models, including options from OpenAI, Anthropic, DeepSeek, and Ollama.

Cybersecurity AI is available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!