LogoAIAny
Icon for item

DeepAudit

DeepAudit is an open-source, multi-agent AI-driven code security auditing platform that combines LLMs, RAG knowledge augmentation, and automated sandbox PoC verification to find and validate vulnerabilities. It supports local Ollama deployments, report generation, and one-click startup via Docker.

Visit Website
Visit Website

Introduction

DeepAudit — Multi-Agent AI Code Security Auditor

DeepAudit is an open-source platform that simulates a collaborative security audit team using multiple autonomous agents (Orchestrator, Recon, Analysis, Verification). It combines language models (LLMs), retrieval-augmented generation (RAG), AST/code analysis, and an isolated Docker sandbox to both find potential vulnerabilities and automatically validate them with generated PoC scripts.

Key Capabilities
  • Multi-Agent Workflow: orchestrates agents for planning, reconnaissance, deep analysis, and PoC verification, enabling automated end-to-end audits.
  • RAG-enhanced Analysis: uses a knowledge retrieval layer to augment model reasoning, reducing false positives and providing CWE/CVE context.
  • Automated Sandbox PoC: generates and executes PoC scripts in a Docker sandbox to confirm exploitability and filter out invalid findings.
  • Flexible LLM Support: integrates with cloud LLMs (OpenAI, Claude, Gemini) and local deployments (Ollama, Llama3, DeepSeek), allowing sensitive code to remain on-premises.
  • Developer-friendly UI: React + TypeScript frontend with dashboards, real-time audit logs, project management, and one-click PDF/Markdown/JSON report export.
Architecture Overview
  • Backend: FastAPI (Python) microservices hosting the Multi-Agent engine, RAG services, sandbox orchestration, and persistence.
  • Frontend: React + TypeScript UI for task creation, audit monitoring, and report generation.
  • Sandbox: Docker-based isolated environment used by the Verification agent to run generated PoCs safely.
  • Storage/Vector DB: supports knowledge bases for RAG and project state storage (examples include ChromaDB or similar).
Deployment & Usage
  • Quick start: provides a single-line Docker Compose command to deploy production images.
  • Local/Custom Deployment: repository can be cloned and run locally; supports environment configuration for selecting LLM providers or Ollama for fully local inference.
  • Developer Mode: instructions for running backend (uvicorn) and frontend (pnpm) for development and debugging.
Supported Vulnerability Types

Includes detection/validation for SQL injection, XSS, command injection, path traversal, SSRF, XXE, insecure deserialization, hardcoded secrets, weak crypto, auth/authorization bypasses, IDOR, etc.

Use Cases
  • Automated codebase security scanning with evidence-backed PoC validation.
  • Security teams wanting to integrate an AI-first auditor into CI/CD or developer workflows.
  • Educational/research use for understanding how multi-agent LLM systems can be applied to security analysis.
Security, Limits & License
  • Intended for authorized/security research and educational use only; explicitly warns against unauthorized testing of third-party systems.
  • Licensed under AGPL-3.0.
Why it matters

DeepAudit reduces manual effort by combining semantic code understanding (via LLMs and RAG) with automated exploit validation, aiming to lower false positives and provide actionable, reproducible audit results for developers and security teams.

Back

Information

  • Websitegithub.com
  • Authorslintsinghua
  • Published date2025/09/19

Categories

Tags

More Items

Icon for item

MemU

2025
NevaMind-AI

MemU is an agentic memory infrastructure for LLMs and AI agents. It ingests multimodal inputs (conversations, documents, images, audio, video), extracts structured memory, and organizes it into a three-layer hierarchical file system (Resource → Item → Category). MemU supports both embedding-based (RAG) and LLM-based retrieval, offers cloud APIs and a self-hosted Python library (requires Python 3.13+), and targets use cases like personal assistants, agent memory, knowledge management, and agent self-improvement.

LLMRAGai-agentai-librarygithub+1
Icon for item

ChatDev (DevAll)

2023
OpenBMB

ChatDev (DevAll) is a zero-code, LLM-powered multi-agent orchestration platform. It lets users design, configure and run custom multi-agent workflows (agents, tools, nodes) for complex scenarios such as software development, data visualization, 3D generation and deep research without writing code. Key features include a visual workflow canvas, a Web console, a Python SDK, ready-made workflow templates, and integrations of multi-agent techniques from associated preprints.

ai-agentLLMai-workflowai-toolsgithub+1
Icon for item

Superpowers

2025
obra (Jesse)

Superpowers is a skills library and end-to-end development workflow for coding agents. Built as a plugin/library for agent platforms (notably Claude Code), it provides composable skills that guide an agent through Socratic design refinement, plan generation, test-driven implementation, subagent-driven execution, and structured code review. The system emphasizes TDD, simplicity (YAGNI, DRY), and automated skill-triggering so a coding agent can run with minimal extra instructions.

claudepluginai-codingai-agentgithub+2