AI Security Scanner for Compound Attack Chain Detection
Project description
TESSERA
AI Security Scanner for Compound Attack Chain Detection
Version: 1.0.4
Date: April 2026
What
TESSERA detects compound attack chains in AI/Agent systems. It uses two detection approaches:
- CFPE Rules - Rule-based detection of known vulnerability patterns
- GNN Scanner - ML-based detection using Graph Neural Networks (82.9% F1)
Install
pip install tessera-security
From source:
git clone https://github.com/Devaretanmay/TESSERA.git
cd TESSERA
pip install -e .
Quick Start
Scan a topology
tessera scan --config my_agent.yaml
Python API
from tessera.rdt.gnn_scanner import GNNScanner
scanner = GNNScanner("data/best_model_v2.pt")
result = scanner.scan_topology(topology)
print(f"Vulnerable: {result['vulnerable']}")
print(f"Confidence: {result['confidence']:.0%}")
print(f"Severity: {result['severity']}")
Architecture
src/tessera/
├── core/ # Domain logic
│ ├── topology/ # Graph models
│ ├── detection/ # CFPE rules
│ └── findings/ # Finding models
├── rdt/ # ML scanner
│ ├── gnn_scanner.py # GNN-based scanner
│ ├── model.py # RDT model
│ └── recurrent_block.py # Core architecture
├── engine/ # Pipeline
├── infra/ # API & DB
└── interfaces/ # CLI
CFPE Patterns
| ID | Pattern | Severity |
|---|---|---|
| CFPE-0001 | RAG to Tool | HIGH |
| CFPE-0002 | Memory Poisoning | CRITICAL |
| CFPE-0004 | Trust Boundary Bypass | HIGH |
Node Types
user- Human inputllm- Language modelapi- API gatewaytool- External tooldatabase- Databasememory_store- Memoryrag_corpus- Knowledge baseexternal_service- External service
Trust Boundaries
external → user_controlled → partially_trusted → internal → privileged
Results
| Detector | Precision | Recall | F1 |
|---|---|---|---|
| CFPE Rules | 20% | 84% | 32% |
| GNN Scanner | 77% | 90% | 83% |
License
MIT
GitHub
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tessera_security-1.1.0.tar.gz.
File metadata
- Download URL: tessera_security-1.1.0.tar.gz
- Upload date:
- Size: 33.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0dd6e65f5ec5fba9ca80a332e9cac58e86c02be6f2864d803cedd612d8fb3930
|
|
| MD5 |
ccb4e48d9ad07b7f72086857ca057ef9
|
|
| BLAKE2b-256 |
91048a7bf090eafe2f776cb3f7271b183fe9b0983a525170b984fc6caaa7a7a0
|
File details
Details for the file tessera_security-1.1.0-py3-none-any.whl.
File metadata
- Download URL: tessera_security-1.1.0-py3-none-any.whl
- Upload date:
- Size: 38.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb3913e3e0e4f851a11340b10b4847a10939753ca0c7eb877d5ca9dc147931bb
|
|
| MD5 |
a989ddeaf451b0d20a79f26c5166a235
|
|
| BLAKE2b-256 |
ce9c184889bf2611e88792b52faffe3813e2648221bffb243381b89f6f58c97a
|
