MEDUSA is an AI-first security scanner with 78 analyzers and 9,600+ detection rules. It scans for prompt injection, MCP vulnerabilities, RAG poisoning, agent attacks, and traditional code vulnerabilities across 50+ file types.

How do I install MEDUSA?

Install MEDUSA with pip: pip install medusa-security. Then run 'medusa scan .' in your project directory. Works immediately with no additional tool installation required.

Yes, MEDUSA is free and open-source under the AGPL-3.0 license. The core scanner with 78 analyzers and 9,600+ rules is free forever. Professional and Enterprise tiers add runtime filters and team features.

AI Security Scanner.
9,600+ Detection Rules.

MEDUSA detects prompt injection, MCP vulnerabilities, RAG poisoning, agent attacks, and 221 CVEs across your AI/ML stack. 514 false positive filters for 96.8% FP reduction. Free and open source.

$ pip install medusa-security && medusa scan .

Install Free View on GitHub

9,600+

Detection Patterns

221

CVEs Detected

96.8%

FP Reduction

AI Applications Need Security Too

LLM agents, MCP servers, and RAG pipelines introduce attack surfaces that traditional scanners miss

AI Agents Are Under Attack

Prompt injection, jailbreaking, and tool poisoning can hijack your AI agents. CVE-2025-6514 proved MCP servers are already being exploited. Traditional SAST tools don't detect these attack vectors.

Blind Spots in AI Pipelines

RAG poisoning, dataset injection, and model extraction attacks happen before your code even runs. Your training data, embeddings, and knowledge bases can all be vectors for adversarial content.

New Protocols, New Risks

MCP, UCP, AP2, and ACP are powerful but introduce discovery endpoint attacks, credential smuggling, and cross-tool exploitation. These protocols need security scanning from day one.

Built for the Agentic AI Era

78 analyzers, 9,600+ detection patterns, and 514 FP filters covering the entire AI security landscape

9,600+ AI Security Patterns

Industry-leading coverage for prompt injection, jailbreaking, MCP tool poisoning, RAG security, agent memory attacks, supply chain risks, and traditional SAST. 514 false positive filters ensure 96.8% FP reduction.

Agent Protocol Security

91 dedicated rules for MCP, UCP, AP2, and ACP vulnerabilities. Detect discovery endpoint attacks, credential smuggling, tool poisoning, and cross-agent exploitation.

CVE Detection

221 CVEs via CVEMiner covering LangChain, PyTorch, MCP, LlamaIndex, and more. Version-aware SCA detection — only flags installed vulnerable versions.

Zero Setup Required

Works immediately after pip install. No external tools, no API keys, no configuration needed. Just install and scan. Multi-core parallel processing out of the box.

IDE Integration

Works with Claude Code, Cursor, VS Code, and Gemini CLI. Get AI security feedback right in your development workflow. SARIF output for GitHub Code Scanning.

Beautiful Reports

Export to JSON, HTML, SARIF, or Markdown. Glassmorphism HTML dashboard, machine-readable JSON for CI/CD, and SARIF for GitHub integration.

Detection Coverage

Updated for OWASP Top 10 for LLM Applications 2025 and MITRE ATLAS

800+

Prompt Injection

Direct, indirect, jailbreaks, system prompt leakage, long-context attacks

900+

Agent Security

Excessive agency, memory poisoning, HITL bypass, agentic attacks, delegation abuse

600+

MCP & Protocols

Tool poisoning, confused deputy, UCP, AP2, ACP vulnerabilities, advanced attacks

1,400+

Model Security

Federated learning, RLHF attacks, model poisoning, synthetic data poisoning, finetuning

350+

Supply Chain

Dependency confusion, typosquatting, slopsquatting, malicious packages

300+

RAG Security

Vector injection, document poisoning, tenant isolation, knowledge injection

221

Known CVEs

Version-aware SCA detection across 7 ecosystems: Python, npm, Java, Go, Rust, Ruby, PHP

50+

File Types

Python, JS/TS, Go, Rust, Java, Docker, Terraform, YAML, and more

What's New in v2026.5.0

The biggest rule expansion in MEDUSA's history — 9,600+ patterns, smarter detection, zero duplicates.

9,600+ Detection Rules

More than doubled from v2026.3.0. Added 40+ new rule categories including synthetic data poisoning, federated learning attacks, MoE vulnerabilities, watermarking bypass, provenance attribution, and voice/audio attacks. Zero duplicate rule IDs — clean, deduplicated coverage.

221 CVEs — Version-Aware SCA

Rebuilt the CVE engine from the ground up. Rules now use OSV-standard version ranges (introduced/fixed) so you only get flagged if your installed version is actually vulnerable. Covers Python, npm, Java, Go, Rust, Ruby, and PHP ecosystems.

Repo Poisoning Detection

New medusa scan --git flag scans your entire git history for injected attack payloads. Detects Clinejection, ToxicSkills, and repo-level prompt injection backdoors that target AI coding assistants reading your codebase.

Smart Scanner Selection

CodePatternAnalyzer pre-scans your project before the main scan runs. Detects your languages, frameworks, and AI patterns (LangChain, MCP, RAG, agents) and routes files to only the relevant scanners — 17x faster on large codebases.

Simple, Transparent Pricing

Free forever for open-source scanning. Pro adds an ultra-fast runtime proxy that blocks attacks in real time.

Available Now

Free

Forever free, AGPL-3.0 licensed

78 security analyzers
9,600+ AI detection patterns
221 CVE detections
514 FP filters (96.8% reduction)
CLI interface
JSON / SARIF output
GitHub Actions support
Community support

Install Now

Coming Soon

Professional

$99/dev/mo

Ultra-fast proxy blocks attacks before they reach your LLM

Everything in Free
Runtime proxy server
1,100+ real-time filters
Sub-millisecond latency
REST API & webhooks
Priority support

Join Waitlist

Coming Soon

Enterprise

$499/50 devs/mo

Full AI security platform for teams at scale

Everything in Professional
Custom detection rules
SSO / SAML
Audit logs & compliance
On-premise deployment
Dedicated support

Contact Sales

Coming Soon: Runtime Proxy

MEDUSA scans your code. The proxy protects it in production.

Ultra-Fast Filtering

Built in Zig for maximum performance. The MEDUSA proxy sits between your application and your LLM, filtering 1,100+ attack patterns with sub-millisecond latency overhead.

Real-Time Blocking

Block prompt injection, jailbreaking, and data exfiltration attempts before they reach your model. Every request and response is scanned against production-grade detection rules.

Drop-In Deployment

Point your LLM API calls through the proxy. Works with OpenAI, Anthropic, and any LLM provider. No code changes required. REST API and webhook integrations included.

Get Early Access

Secure Your AI Stack in 30 Seconds

Install MEDUSA and scan your first project right now.