Security testing for agentic AI

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for richardspicer from gravatar.com richardspicer

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

{q-AI}

pre-commit CI CodeQL

Python 3.11+ License: Apache 2.0

Docs

Security testing for agentic AI.

  • Audit MCP servers
  • Intercept agent traffic
  • Test tool poisoning and prompt injection
  • Execute multi-step attack chains
  • Generate IPI payloads
  • Poison coding assistant context files
  • Measure RAG retrieval rank.

Local web UI orchestrates multi-module workflows. All findings stored in a SQLite database.

Research program by Richard Spicer · {q-AI}

Built-in Assistant

An AI assistant helps you discover capabilities, interpret scan results, and plan testing workflows. It uses RAG over qai's documentation and your own reference material, with a trust boundary model that separates trusted docs from untrusted scan output. Works with local models (Ollama) or cloud APIs.

qai config set assist.provider ollama
qai config set assist.model llama3.1
qai assist "how do I scan an MCP server?"

Framework Coverage

All audit findings map to four security taxonomies:

Framework Coverage
OWASP MCP Top 10 All 10 categories
OWASP Agentic Top 10 All 10 categories
MITRE ATLAS Technique-level mapping per finding category
CWE Weakness-level mapping per finding category

Install

pip install q-uestionable-ai

Or from source:

git clone https://github.com/q-uestionable-AI/qai.git
cd qai
uv sync --group dev

Full documentation at docs.q-uestionable.ai

Legal

All tools are intended for authorized security testing only. Only test systems you own, control, or have explicit permission to test. Responsible disclosure for all vulnerabilities discovered.

License

Apache 2.0

AI Disclosure

This project uses a human-led, AI-augmented workflow. See AI-STATEMENT.md

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for richardspicer from gravatar.com richardspicer

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.10.8

0.10.7

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.0

0.9.3

0.9.2

0.9.1

0.9.0

0.8.2

0.8.1

0.8.0

0.7.5

This version

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.1

0.6.0

0.5.3

0.5.2

0.5.1

0.5.0

0.4.1

0.3.3

0.3.2

0.3.1

0.3.0

0.2.0

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

q_uestionable_ai-0.7.4.tar.gz (796.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

q_uestionable_ai-0.7.4-py3-none-any.whl (593.4 kB view details)

Uploaded Python 3

File details

Details for the file q_uestionable_ai-0.7.4.tar.gz.

File metadata

  • Download URL: q_uestionable_ai-0.7.4.tar.gz
  • Upload date:
  • Size: 796.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for q_uestionable_ai-0.7.4.tar.gz
Algorithm Hash digest
SHA256 63524b88cdc9d96d027c65954ff535621ff94c18b6d7bae8d061391c22b77137
MD5 4c48ce270e980dda22052f326b1f91b9
BLAKE2b-256 4b51aafc73b3125fbd017f30ceb8ab6363186e3585526f5883b43206ac24f713

See more details on using hashes here.

Provenance

The following attestation bundles were made for q_uestionable_ai-0.7.4.tar.gz:

Publisher: release.yml on q-uestionable-AI/qai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file q_uestionable_ai-0.7.4-py3-none-any.whl.

File metadata

File hashes

Hashes for q_uestionable_ai-0.7.4-py3-none-any.whl
Algorithm Hash digest
SHA256 15c1dba518e88c826d8641cea95bd2b6bce791908455f1bfe8607b2e38351fae
MD5 18a31c956ad1073fc39b88e63702e0c2
BLAKE2b-256 9c6351be5025a7188dea61a2f21515749198ef0ec5785265465418688e455e5e

See more details on using hashes here.

Provenance

The following attestation bundles were made for q_uestionable_ai-0.7.4-py3-none-any.whl:

Publisher: release.yml on q-uestionable-AI/qai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page