Skip to content
Agentic Radar

Agentic Radar

NEW
Category: AI Security
License: Free (Open-Source)
Visit Agentic Radar GitHub (942★)
Suphi Cankurt
Suphi Cankurt
+8 Years in AppSec
Updated April 3, 2026
6 min read
Key Takeaways
  • Analyzes agentic AI workflows across five frameworks — LangGraph, CrewAI, OpenAI Agents, AutoGen, and n8n — generating visual dependency graphs and HTML security reports.
  • Maps vulnerabilities to OWASP Top 10 for LLMs and OWASP Agentic AI Threats, giving security teams standardized risk assessment aligned with industry frameworks.
  • Prompt Hardening feature automatically refines system prompts using LLM assistance to follow security engineering best practices.
  • Built by SPLX AI, the same team behind a commercial agentic AI security platform. Installable via pip with framework-specific extras.

Agentic Radar is an open-source CLI security scanner that analyzes LLM-based agentic workflows for vulnerabilities across five major frameworks: LangGraph, CrewAI, OpenAI Agents SDK, AutoGen, and n8n.

Unlike component-level scanners such as MCP-Scan , Agentic Radar takes a system-level view — parsing entire workflow definitions, generating visual dependency graphs, and mapping risks to OWASP security frameworks.

Built by SPLX AI — a company focused on end-to-end AI security — Agentic Radar was released in March 2025 as one of the first tools purpose-built for scanning agentic AI architectures.

While individual components like MCP servers have their own scanners, Agentic Radar takes a broader view: analyzing the entire workflow to understand how agents connect, what tools they access, and where security gaps exist in the system as a whole.

The tool supports five major agentic frameworks: LangGraph, CrewAI, OpenAI Agents SDK, AutoGen, and n8n.

What is Agentic Radar?

Agentic AI systems are inherently complex — multiple agents coordinate across tools, APIs, and data sources, often with chained decisions where one agent’s output becomes another’s input. Traditional security tools that analyze individual components miss the systemic risks that emerge from these interactions.

Agentic Radar addresses this by parsing the full workflow definition, mapping every agent-to-tool and agent-to-agent connection into a dependency graph, and then analyzing that graph for vulnerabilities. The output is an HTML report that security teams can share and review without needing to understand the underlying framework code.

Agentic Radar CLI scan output showing 4 agents, 9 tools, and 2 MCP servers discovered in a LangGraph workflow, with HIGH severity findings for tool poisoning and excessive permissions mapped to OWASP LLM categories
Workflow Visualization
Parses agentic framework code and generates visual dependency graphs showing all agents, tools, MCP servers, and their connections. Makes complex multi-agent architectures understandable at a glance for security review.
Vulnerability Mapping
Maps identified security risks to the OWASP Top 10 for Large Language Models and OWASP Agentic AI Threats and Mitigations. Provides standardized risk categories that align with established security frameworks rather than ad-hoc findings.
Prompt Hardening
Automatically analyzes system prompts across your agentic workflow and refines them using LLM assistance to follow security engineering best practices. Catches overly permissive instructions, missing guardrails, and prompt injection vulnerabilities.

What are Agentic Radar’s key features?

FeatureDetails
Supported FrameworksLangGraph, CrewAI, OpenAI Agents SDK, AutoGen, n8n
Dependency GraphsVisual agent-tool-MCP connection mapping
OWASP MappingLLM Top 10 + Agentic AI Threats and Mitigations
MCP Server DetectionIdentifies all MCP servers used by agents
Tool IdentificationLists external and custom tools per agent
Prompt HardeningLLM-assisted system prompt security refinement (OpenAI Agents, CrewAI, AutoGen)
Runtime TestingSimulated adversarial inputs — prompt injection, PII leakage, harmful content (OpenAI Agents only)
Custom TestsYAML-based test definitions with custom inputs and success conditions
Report FormatShareable HTML reports (sample report )
CI/CDGitHub Actions workflow for automated scanning on code changes
Installationpip install agentic-radar with optional framework extras
RequirementsPython 3.10-3.12 for CrewAI extras
LicenseApache 2.0

Framework feature matrix

Feature coverage varies by framework:

FrameworkScanMCP DetectionPrompt HardeningRuntime Testing
OpenAI AgentsYesYesYesYes
CrewAIYesYesYesNo
AutoGenYesYesYesNo
LangGraphYesYesNoNo
n8nYesYesNoNo

Dependency graph analysis

The core of Agentic Radar is its ability to parse framework-specific code (LangGraph state graphs, CrewAI crew definitions, n8n workflow JSON, etc.) and produce a unified dependency graph. This graph shows which agents can communicate with each other, what tools each agent has access to, which MCP servers are connected, and how data flows through the system.

For security teams, this graph answers critical questions: Can a compromised tool in Agent A affect Agent B? Does any single agent have excessive tool access? Are there unsanctioned MCP servers connected to the workflow?

Prompt hardening

Beyond scanning for existing vulnerabilities, Agentic Radar can proactively improve your agent security. The prompt hardening feature analyzes system prompts across your workflow and uses LLM assistance to refine them — adding input validation instructions, tightening scope boundaries, and removing patterns that make prompts susceptible to injection attacks. Currently supported for OpenAI Agents, CrewAI, and AutoGen frameworks.

Runtime testing

For deeper security validation, Agentic Radar can execute simulated adversarial inputs against your agents to test their resilience. This includes prompt injection attempts, PII leakage probes, harmful content generation, and misinformation injection. Tests can be customized via YAML configuration files with specific inputs and expected outcomes.

SBOM analysis

Beyond workflow-level scanning, Agentic Radar includes software bill of materials (SBOM) analysis that identifies known CVEs in the dependencies used by your agentic system. This connects traditional supply chain security with AI-specific vulnerability detection, giving teams a unified view of both infrastructure and agentic risks in a single report.

How do I get started with Agentic Radar?

1
Install Agentic Radar — Run pip install agentic-radar for the base package. Add framework-specific extras as needed: pip install "agentic-radar[crewai]" or pip install "agentic-radar[openai-agents]".
2
Scan your workflow — Point Agentic Radar at your agent code directory. The scanner automatically detects the framework, parses agent definitions, and generates a dependency graph of all agents, tools, and MCP servers.
3
Review the HTML report — Open the generated report to see the visual dependency graph, identified tools and MCP servers, and vulnerability findings mapped to OWASP categories. Share the report with your security team for review.
4
Run prompt hardening — Use the prompt hardening feature to automatically analyze and improve system prompts across your workflow. Review the suggested changes before applying them to your codebase.
5
Configure runtime tests — For deeper validation, set up YAML-based adversarial tests targeting specific threat categories (prompt injection, PII leakage, harmful content). Run them against your agents to verify resilience under attack conditions.

When to use Agentic Radar

Best for development and security teams building multi-agent AI systems. Agentic Radar fills the gap between individual component scanners and manual security reviews of agent code.

If you are building multi-agent systems on any of the supported frameworks, running Agentic Radar during development and CI/CD gives you visibility into how the system connects and where risks hide.

The tool adds the most value during the design and review phase of agentic architectures — before deployment, when the dependency graph can reveal excessive permissions, unsanctioned tool access, or missing guardrails that are harder to fix once the system is in production.

For teams adopting multiple frameworks or migrating between them, the multi-framework support means a single tool covers the entire portfolio. The HTML report format also makes it easy to share findings with non-technical stakeholders who need to understand AI system risks without reading code.

Best for
Development and security teams building multi-agent AI systems on LangGraph, CrewAI, OpenAI Agents, AutoGen, or n8n who need workflow-level vulnerability visibility, OWASP-aligned risk mapping, and proactive prompt hardening during development.

What are alternatives to Agentic Radar?

Agentic Radar’s wedge is workflow-level scanning across multiple agentic frameworks. Tools that overlap on neighboring concerns:

  • MCP-Scan — Component-scope scanner focused specifically on Model Context Protocol servers. A fit when MCP is the only attack surface you care about and you do not need framework-wide workflow analysis.
  • invariant-labs/mcp-scan — Python alternative for MCP server scanning aligned with the Invariant security policies. A fit when you want a research-leaning Python library instead of a CLI tool.
  • Cisco DefenseClaw — Enterprise governance superset that adds runtime policy enforcement, audit, and centralized control beyond static scanning. A fit when the requirement is full agentic-AI governance rather than developer-time scanning.
  • Lakera Guard — Runtime API for prompt injection detection and content filtering on live agent traffic. A fit when you need to block attacks in production as a complement to Agentic Radar’s pre-deployment scan.
  • Prompt Security — Runtime LLM firewall covering prompt injection, data leakage, and jailbreak detection across multiple LLM providers. A fit when the priority is runtime traffic inspection across heterogeneous model deployments.

For the wider AI security landscape, see the AI security tools guide.

Visit Agentic Radar View source on GitHub (942★)

Frequently Asked Questions

What is Agentic Radar?
Agentic Radar is an open-source CLI security scanner by SPLX AI that analyzes LLM-based agentic workflows for vulnerabilities. It supports LangGraph, CrewAI, OpenAI Agents, AutoGen, and n8n — generating visual dependency graphs, identifying tools and MCP servers, and mapping findings to OWASP security frameworks.
Is Agentic Radar free?
Yes, Agentic Radar is free and open-source under the Apache 2.0 license. Some advanced features like prompt hardening and runtime testing require an API key. SPLX AI also offers a commercial platform with additional capabilities for enterprise use.
What frameworks does Agentic Radar support?
Agentic Radar supports five major agentic frameworks: OpenAI Agents SDK, CrewAI, LangGraph, AutoGen, and n8n. Support depth varies by framework — OpenAI Agents and CrewAI have the broadest feature coverage including prompt hardening and runtime testing.
How I review tools Suggest an edit

Other AI Security Tools

7AI
7AI

AI SOC Agents with Dynamic Reasoning

Alter
Alter

Zero-Trust Access Control for AI Agents (YC S25)

Arize AI
Arize AI

OpenTelemetry-based AI observability with open-source Phoenix

Augustus
Augustus

Production-grade LLM vulnerability scanner with 210+ adversarial probes

Cerbos
Cerbos

Policy-Based Authorization for AI Agents and MCP Servers

Cisco DefenseClaw
Cisco DefenseClaw

Enterprise Security Governance for Agentic AI

See all AI Security tools

Complement with SAST

Pair AI security with static analysis for broader coverage.

Veracode
Veracode

Binary Analysis AppSec Platform

Corgea
Corgea

AI-native SAST with automatic vulnerability detection and code fix generation

See all SAST tools

Learn More

Vibe Coding Security AI-Generated Code Security LLM Red Teaming: Tools, Attacks & Methodology (2026) Prompt Injection Attacks What is AI Security?

Explore all AI Security guides and tools