Tencent open-sources AI-Infra-Guard for full-stack AI red teaming
TL;DR
- Tencent's Zhuque Lab published AI-Infra-Guard under Apache 2.0, bundling five scanners covering infra, agents, MCP servers, and model jailbreaks in one repo.
- The framework tracks over 1,900 CVEs across 68 supported AI components including Ollama, ComfyUI, vLLM, n8n, and Triton Inference Server.
- The MCP Server and Agent Skills module classifies findings into 14 major risk categories, targeting the fastest-growing agent attack surface.
Tencent's Zhuque Lab has published AI-Infra-Guard on GitHub under Apache 2.0, and the interesting thing is the scope. Rather than one layer of AI security, the repo bundles five: ClawScan for baseline security work, Agent Scan for workflow evaluation, MCP Server and Agent Skills scanning, AI infrastructure vulnerability detection, and jailbreak evaluation. The lab describes itself as focused on real-world offensive and defensive research, with prior vulnerability contributions to vendors like NVIDIA, Google, and Microsoft.
Why this matters if you are not a red teamer: most AI security tooling has specialized in one layer. Network scanners find the exposed Ollama box. Prompt injection benches evaluate the model in isolation. Teams running real agent stacks in production have been left to assemble their own patchwork. According to the project README, the framework tracks more than 1,900 CVEs across 68 supported AI components, and its MCP module classifies findings into 14 risk categories. The list of scanned services (Ollama, ComfyUI, vLLM, Triton Inference Server, n8n) reads like a snapshot of what modern AI teams actually deploy.
The caveats are the boring but important ones. A single scanner tracking 1,900 rules is only as good as the update cadence behind it, and the README does not spell out a governance model for outside contributions. The jailbreak evaluation module is not benchmarked against open evals in the retrieved material, so treat a clean pass as a floor rather than a ceiling. And publishing a playbook this deep makes life easier for defenders and opportunistic attackers alike, the honest tradeoff every open security tool has always made.
The direction is the part worth watching. If a lab inside a company the size of Tencent is willing to package its full-stack AI red team and hand it out under Apache 2.0, the practical baseline for what a serious AI security review looks like just moved. Enterprises running sprawling agent pilots and startups shipping MCP servers both benefit, because they can now point at a common tool when procurement asks how they audit their stack.
Originally reported by repo
Read the original article →Original headline: Tencent Open-Sources Full-Stack AI Red Team Covering Infrastructure Through Model Jailbreaks