Skip to content

Roadmap

Released

v0.1 — Foundation

  • ✅ Multi-Phase Trust Exploitation methodology (8 phases)
  • ✅ NetworkX-based attack knowledge graph
  • ✅ Attack library with YAML-defined vectors
  • ✅ LangChain and CrewAI adapters
  • ✅ Rich CLI with HTML/Markdown/JSON reports
  • ✅ Tool chain analysis (30+ dangerous patterns)
  • ✅ Skill CVE database (15 seed CVEs)

v0.2 — Intelligence

  • ✅ LLM-powered dynamic attack vector generation
  • ✅ Static analysis engine (10 offline checks, SA001–SA010)
  • ✅ PoC exploit generator (Python, cURL, Markdown)
  • ✅ Policy engine with configurable rules
  • ✅ CI/CD quality gate with SARIF output
  • ✅ Amazon Bedrock adapter
  • ✅ Expanded attack library (137 vectors across 9 files)
  • ✅ OWASP LLM Top 10 mapping for all vectors

v0.3 — Remote Scanning

  • ✅ Remote agent scanning over HTTPS
  • ✅ REST protocol handler (generic HTTP APIs)
  • ✅ OpenAI-compatible protocol handler
  • ✅ MCP (Model Context Protocol) handler
  • ✅ A2A (Agent-to-Agent) protocol handler
  • ✅ Auto-protocol detection
  • ✅ Target YAML configuration with auth, TLS, retry
  • ✅ GitHub Action (taoq-ai/ziran@v0)
  • ✅ 11 dedicated A2A attack vectors
  • ✅ 15 runnable examples

Next: v0.4 — Hardening

  • [ ] Multi-agent coordination testing — Test interactions between cooperating agents in supervisor/router architectures
  • [ ] Streaming support — SSE/WebSocket streaming for long-running agent responses
  • [ ] Coverage for OWASP LLM04, LLM05, LLM10 — Model DoS, supply chain, and unbounded consumption vectors
  • [ ] Remediation engine — Auto-generate fix suggestions and guardrail configurations
  • [ ] Adaptive campaigns — Adjust attack strategy in real-time based on knowledge graph state

Future

  • [ ] Cloud dashboard — Centralized vulnerability management across agents
  • [ ] Community CVE portal — Web-based CVE submission and search
  • [ ] IDE extension — VS Code extension for inline security feedback
  • [ ] Agent benchmarking — Comparative security scoring across agent versions
  • [ ] Compliance reports — SOC 2, ISO 27001, and NIST AI RMF report templates

How to Influence the Roadmap

  • Vote on issues👍 issues that matter to you
  • Open feature requestsFeature request template
  • Contribute code — PRs for roadmap items are very welcome
  • Share feedbackDiscussions