MCPcopy Index your code
hub / github.com/aliasrobotics/cai

github.com/aliasrobotics/cai @0.5.9 sqlite

repository ↗ · DeepWiki ↗ · release 0.5.9 ↗
3,092 symbols 15,304 edges 350 files 1,642 documented · 53%
README

Cybersecurity AI (CAI)

<a align="center" href="" target="https://github.com/aliasrobotics/CAI">
  <img
    width="100%"
    src="https://github.com/aliasrobotics/cai/raw/main/media/cai.png"
  >
</a>

aliasrobotics%2Fcai | Trendshift European Open Source - Most Starred Top 3 European Open Source - Most Forked Top 3

version downloads Linux OS X Windows Android Discord arXiv arXiv arXiv arXiv arXiv arXiv arXiv arXiv

CAI - Community and Professional Editions

Professional Edition with unlimited alias1 tokens | 📊 View Benchmarks | 🚀 Learn More

CAI Community Edition Demo CAI PRO Professional Edition Demo

Cybersecurity AI (CAI) is a lightweight, open-source framework that empowers security professionals to build and deploy AI-powered offensive and defensive automation. CAI is the de facto framework for AI Security, already used by thousands of individual users and hundreds of organizations. Whether you're a security researcher, ethical hacker, IT professional, or organization looking to enhance your security posture, CAI provides the building blocks to create specialized AI agents that can assist with mitigation, vulnerability discovery, exploitation, and security assessment.

Key Features: - 🤖 300+ AI Models: Support for OpenAI, Anthropic, DeepSeek, Ollama, and more - 🔧 Built-in Security Tools: Ready-to-use tools for reconnaissance, exploitation, and privilege escalation
- 🏆 Battle-tested: Proven in HackTheBox CTFs, bug bounties, and real-world security case studies - 🎯 Agent-based Architecture: Modular framework design to build specialized agents for different security tasks - 🛡️ Guardrails Protection: Built-in defenses against prompt injection and dangerous command execution - 📚 Research-oriented: Research foundation to democratize cybersecurity AI for the community

[!NOTE] Read the technical report: CAI: An Open, Bug Bounty-Ready Cybersecurity AI

For further readings, refer to our impact and CAI citation sections.

Robotics - CAI and alias1 on: Unitree G1 Humanoid Robot OT - CAI and alias1 on: Dragos OT CTF 2025
CAI uncovers vulnerabilities and privacy violations in Unitree G1 humanoid robots including unauthorized telemetry transmission to China-related servers, exposed RSA keys with world-writable permissions, and potential surveillance capabilities violating GDPR and international privacy laws. CAI powered by alias1, demonstrates exceptional performance in operational technology cybersecurity by achieving a Top-10 ranking in the Dragos OT CTF 2025. The AI agent reached Rank 1 during competition hours 7-8, completed 32 of 34 challenges, and maintained a 37% velocity advantage over top human teams.
IT (Bug Bounty) - CAI on: HackerOne Platform OT - CAI and alias0 on: Ecoforest Heat Pumps
HackerOne's top engineers leverage CAI to explore next-gen agentic AI architectures and build their own security products. CAI's Retester agent directly inspired HackerOne's AI-powered Deduplication Agent, now deployed in production to handle millions of vulnerability reports at scale. CAI discovers critical vulnerability in Ecoforest heat pumps allowing unauthorized remote access and potential catastrophic failures. AI-powered security testing reveals exposed credentials and DES encryption weaknesses affecting all of their deployed units across Europe.
Robotics - CAI and alias0 on: Mobile Industrial Robots (MiR) IT (Web) - CAI and alias0 on: Mercado Libre's e-commerce
CAI-powered security testing of MiR (Mobile Industrial Robot) platform through automated ROS message injection attacks. This study demonstrates how AI-driven vulnerability discovery can expose unauthorized access to robot control systems and alarm triggers. CAI-powered API vulnerability discovery at Mercado Libre through automated enumeration attacks. This study demonstrates how AI-driven security testing can expose user data exposure risks in e-commerce platforms at scale.
OT - CAI and alias0 on: MQTT broker IT (Web) - CAI and alias0 on: PortSwigger Web Security Academy
CAI-powered testing exposed critical flaws in an MQTT broker within a Dockerized OT network. Without authentication, CAI subscribed to temperature and humidity topics and injected false values, corrupting data shown in Grafana dashboards. CAI-powered race condition exploitation in file upload vulnerability. This study demonstrates how AI-driven security testing can identify and exploit timing windows in web applications, successfully uploading and executing web shells through automated parallel requests.

[!WARNING] :warning: CAI is in active development, so don't expect it to work flawlessly. Instead, contribute by raising an issue or sending a PR.

Access to this library and the use of information, materials (or portions thereof), is not intended, and is prohibited, where such access or use violates applicable laws or regulations. By no means the authors encourage or promote the unauthorized tampering with running systems. This can cause serious human harm and material damages.

By no means the authors of CAI encourage or promote the unauthorized tampering with compute systems. Please don't use the source code in here for cybercrime. Pentest for good instead. By downloading, using, or modifying this source code, you agree to the terms of the LICENSE and the limitations outlined in the DISCLAIMER file.

:bookmark: Table of Contents

  • [Cybersec

Core symbols most depended-on inside this repo

get
called by 1294
tests/voice/fake_models.py
append
called by 743
src/cai/agents/meta/local_python_executor.py
run
called by 110
examples/research_bot/manager.py
handle
called by 108
src/cai/repl/commands/base.py
add_subcommand
called by 94
src/cai/repl/commands/base.py
run
called by 92
tests/voice/fake_models.py
run
called by 87
src/cai/sdk/agents/run.py
run_streamed
called by 75
src/cai/sdk/agents/run.py

Shape

Method 1,527
Function 1,077
Class 345
Route 143

Languages

Python100%

Modules by API surface

tests/commands/test_command_history.py73 symbols
src/cai/util.py66 symbols
tests/commands/test_command_base.py63 symbols
src/cai/agents/meta/local_python_executor.py55 symbols
tests/commands/test_command_agent.py52 symbols
tests/commands/test_command_load.py51 symbols
tests/commands/test_command_model.py50 symbols
src/cai/sdk/agents/models/openai_chatcompletions.py50 symbols
src/cai/sdk/agents/tracing/span_data.py47 symbols
tests/commands/test_command_flush.py46 symbols
src/cai/sdk/agents/tracing/spans.py45 symbols
tests/commands/test_command_parallel.py43 symbols

Dependencies from manifests, versioned

dotenv0.9.9 · 1×
openai1.75.0 · 1×
openinference-instrumentation-openai0.1.22 · 1×
prompt_toolkit3.0.39 · 1×
rich13.9.4 · 1×
wasabi1.1.3 · 1×

Datastores touched

litellmDatabase · 1 repos

For agents

$ claude mcp add cai \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact