Skip to main content

AIandMe CLI - command line interface for AI agent security testing.

Reason this release was yanked:

Library transfered to humanbound

Project description

AIandMe CLI (Beta)

CLI-first security testing for AI agents and chatbots. Adversarial attacks, behavioral QA, posture scoring, and guardrails export — from your terminal to your CI/CD pipeline.

PyPI License

pip install aiandme-cli

Overview

AIandMe runs automated adversarial attacks against your bot's live endpoint, evaluates responses using LLM-as-a-judge, and produces structured findings aligned with the OWASP Top 10 for LLM Applications and the OWASP Agentic AI Threats.

Platform Services

Service Description
CLI Tool Full-featured command line interface. Initialize projects, run tests, check posture, export guardrails.
pytest Plugin Native pytest integration with markers, fixtures, and baseline comparison. Run security tests alongside unit tests.
Adversarial Testing OWASP-aligned attack scenarios: single-turn, multi-turn, adaptive, and agentic.
Behavioral Testing Validate intent boundaries, response quality, and functional correctness.
Posture Scoring Quantified 0–100 security score with breakdown by findings, coverage, and resilience. Track over time.
Guardrails Export Generate protection rules from test findings. Export to OpenAI, Azure AI Content Safety, AWS Bedrock, or AIandMe format.

Why AIandMe?

Manual red-teaming doesn't scale. Static analysis can't catch runtime behavior. Generic pentesting tools don't understand LLM-specific attack vectors like prompt injection, jailbreaks, or tool abuse.

AIandMe is built for this. Point it at your bot's endpoint, define the scope (or let it extract one from your system prompt), and get a structured security report with actionable findings — all mapped to OWASP LLM and Agentic AI categories.

Testing feeds into hardening: export guardrails, track posture across releases, and catch regressions before they reach production. Works with any chatbot or agent, cloud or on-prem.


Quick Start

# 1. Install & authenticate
pip install aiandme-cli
aiandme login

# 2. Initialize a project
aiandme init --name "My Bot" --prompt ./system_prompt.txt

# 3. Run security tests
aiandme test \
  --chat-endpoint https://my-bot.com/chat \
  --chat-header "Authorization: Bearer token"

# 4. Review results
aiandme logs
aiandme posture

Test Categories

Category Mode Description
owasp_single_turn Adversarial Single-prompt attacks: prompt injection, jailbreaks, data exfiltration. Fast coverage of basic vulnerabilities.
owasp_multi_turn Adversarial Conversational attacks that build context over multiple turns. Tests context manipulation and gradual escalation.
owasp_agentic_multi_turn Adversarial Targets tool-using agents. Tests goal hijacking, tool misuse, and privilege escalation.
behavioral QA Intent boundary validation and response quality testing. Ensures agent behaves within defined scope.

Adaptive mode: Both owasp_multi_turn and owasp_agentic_multi_turn support an adaptive flag that enables evolutionary search — the attack strategy adapts based on bot responses instead of following scripted prompts.

Testing Levels

Level Description
unit Standard coverage (~20 min) — default
system Deep testing (~45 min)
acceptance Full coverage (~90 min)

pytest Integration

Run security tests alongside your existing test suite with native pytest markers and fixtures.

# test_security.py
import pytest

@pytest.mark.aiandme
def test_prompt_injection(aiandme):
    """Test prompt injection defenses."""
    result = aiandme.test("llm001")
    assert result.passed, f"Failed: {result.findings}"

@pytest.mark.aiandme
def test_posture_threshold(aiandme_posture):
    """Ensure posture meets minimum."""
    assert aiandme_posture["score"] >= 70

@pytest.mark.aiandme
def test_no_regressions(aiandme, aiandme_baseline):
    """Compare against baseline."""
    result = aiandme.test("llm001")
    if aiandme_baseline:
        regressions = result.compare(aiandme_baseline)
        assert not regressions
# Run with AIandMe enabled
pytest --aiandme tests/

# Filter by category
pytest --aiandme --aiandme-category=adversarial

# Set failure threshold
pytest --aiandme --aiandme-fail-on=high

# Compare to baseline
pytest --aiandme --aiandme-baseline=baseline.json

# Save new baseline
pytest --aiandme --aiandme-save-baseline=baseline.json

CI/CD Integration

Block insecure deployments automatically with exit codes.

Build → Unit Tests → AI Security (aiandme test) → Deploy
# .github/workflows/security.yml
name: AI Security Tests
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install aiandme
      - name: Run Security Tests
        env:
          AIANDME_API_KEY: ${{ secrets.AIANDME_API_KEY }}
        run: |
          aiandme test --wait --fail-on=high

Usage

aiandme [--base-url URL] COMMAND [OPTIONS] [ARGS]

Authentication

Command Description
login Authenticate via browser (OAuth PKCE)
logout Clear stored credentials
whoami Show current authentication status

Organisation Management

Command Description
orgs list List available organisations
orgs current Show current organisation
switch <id> Switch to organisation

Provider Management

Providers are LLM configurations used for running security tests.

Command Description
providers list List configured providers
providers add Add new provider
providers update <id> Update provider config
providers remove <id> Remove provider
providers add options
--name, -n        Provider name: openai, claude, azureopenai, gemini, grok, custom
--api-key, -k     API key
--endpoint, -e    Endpoint URL (required for azureopenai, custom)
--model, -m       Model name (optional)
--default         Set as default provider
--interactive     Interactive configuration mode

Project Management

Command Description
projects list List projects
projects use <id> Select project
projects current Show current project
projects show [id] Show project details
init — create project from various sources
aiandme init --name NAME [OPTIONS]

--prompt PATH       Extract scope from system prompt file
--endpoint URL      Probe live chatbot endpoint
--repo PATH         Scan repository for prompts/tools
--openapi PATH      Parse OpenAPI specification
--description       Project description
--yes, -y           Skip confirmation prompts

Test Execution

test — run security tests on current project
aiandme test [OPTIONS]

Test Category:
  --test-category, -t   Test to run (default: owasp_multi_turn)
                        Values: owasp_single_turn, owasp_multi_turn,
                                owasp_agentic_multi_turn, behavioral

Testing Level:
  --testing-level, -l   Depth of testing (default: unit)
                        unit | system | acceptance

Chat Endpoint (required):
  --chat-endpoint       Chat completion URL of the bot to test
  --chat-header         Header for chat endpoint (repeatable)
  --chat-payload        JSON payload template for chat

Init Endpoint (optional):
  --init-endpoint       Thread initialization URL
  --init-header         Header for init endpoint (repeatable)
  --init-payload        JSON payload for init

Auth Endpoint (optional):
  --auth-endpoint       Auth/token endpoint URL
  --auth-header         Header for auth endpoint (repeatable)
  --auth-payload        JSON payload for auth

Other:
  --provider-id         Provider to use (default: first available)
  --name, -n            Experiment name (auto-generated if omitted)
  --lang                Language (default: english). Accepts codes: en, de, es...
  --adaptive            Enable adaptive mode (evolutionary attack strategy)
  --streaming           Enable streaming mode (requires wss:// endpoint)
  --no-auto-start       Create without starting (manual mode)
  --wait, -w            Wait for completion
  --fail-on SEVERITY    Exit non-zero if findings >= severity
                        Values: critical, high, medium, low, any

Experiment Management

Command Description
experiments list List experiments
experiments show <id> Show experiment details
experiments status <id> Check status
experiments status <id> --watch Watch until completion
experiments wait <id> Wait with progressive backoff (30s → 60s → 120s → 300s)
experiments logs <id> List experiment logs
experiments report <id> Download HTML report

status is also available as a top-level alias — without an ID it shows the most recent experiment:

aiandme status [experiment_id] [--watch]

Results & Export

# View experiment results (table, json, or csv)
aiandme logs [experiment_id] [--format table] [--verdict pass|fail] [--page N] [--size N]

# Security posture score
aiandme posture [--json]

# Export guardrails configuration
aiandme guardrails [--vendor aiandme|openai|azure|bedrock] [--format json|yaml] [-o FILE]

Documentation

aiandme docs

Opens documentation in browser.


Examples

Basic workflow

aiandme login
aiandme switch abc123
aiandme projects use def456
aiandme test --chat-endpoint https://bot.com/chat
aiandme status --watch
aiandme logs

Multi-endpoint bot with auth

aiandme test \
  --auth-endpoint https://bot.com/oauth/token \
  --auth-payload '{"client_id":"x","client_secret":"y"}' \
  --init-endpoint https://bot.com/threads \
  --init-header "Content-Type: application/json" \
  --chat-endpoint https://bot.com/chat \
  --chat-header "Content-Type: application/json" \
  --chat-payload '{"messages":[{"role":"user","content":"$PROMPT"}]}'

Export guardrails

aiandme guardrails --vendor openai --format json -o guardrails.json

Create project from repository

aiandme init \
  --name "Support Bot" \
  --repo ./my-agent \
  --prompt ./prompts/system.txt

Configuration

Environment Variables

Variable Description Default
AIANDME_BASE_URL API base URL https://api.aiandme.io
AIANDME_AUTH0_DOMAIN Auth0 domain (on-prem) aiandme.eu.auth0.com
AIANDME_AUTH0_CLIENT_ID Auth0 client ID (on-prem)

On-Premises

export AIANDME_BASE_URL=https://api.your-domain.com
aiandme login

Files

Path Description
~/.aiandme/ Configuration directory
~/.aiandme/credentials.json Auth tokens (mode 600)

Exit Codes

Code Meaning
0 Success
1 Error or test failure (with --fail-on)

Links

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aiandme_cli-0.1.3.tar.gz (64.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aiandme_cli-0.1.3-py3-none-any.whl (72.0 kB view details)

Uploaded Python 3

File details

Details for the file aiandme_cli-0.1.3.tar.gz.

File metadata

  • Download URL: aiandme_cli-0.1.3.tar.gz
  • Upload date:
  • Size: 64.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.12

File hashes

Hashes for aiandme_cli-0.1.3.tar.gz
Algorithm Hash digest
SHA256 ef0878ed35dfb6da35933df9e901d33bae0fcf8564a49f2c94499f962efa210c
MD5 f2d94a5473e3fddb1d61fd2f34610373
BLAKE2b-256 6485da868e8163e6ace7af27a007d53ee43f1a2d4801dafc9a1aa08248c00cdd

See more details on using hashes here.

File details

Details for the file aiandme_cli-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: aiandme_cli-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 72.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.12

File hashes

Hashes for aiandme_cli-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 7683b52c5af850fd405cc338e9b311f5f56b3fe32b4fcd9f57d2bea0e14ab508
MD5 dda74131d7e0e80ff48e052a3ba58ced
BLAKE2b-256 e7a28d2c6d1d90fa319f3fcfd6e6c128619ba90802f18e38c5940cedea704b4b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page