MEDUSA is an AI-first security scanner with 76 analyzers and 3,200+ detection rules. It scans for prompt injection, MCP vulnerabilities, RAG poisoning, agent attacks, and traditional code vulnerabilities across 46+ file types.

How do I install MEDUSA?

Install MEDUSA with pip: pip install medusa-security. Then run 'medusa scan .' in your project directory. Works immediately with no additional tool installation required.

Yes, MEDUSA is free and open-source under the AGPL-3.0 license. The core scanner with 76 analyzers and 3,200+ rules is free forever. Professional and Enterprise tiers add runtime filters and team features.

AI Security Scanner.
3,200+ Detection Rules.

MEDUSA detects prompt injection, MCP vulnerabilities, RAG poisoning, agent attacks, and 133 CVEs across your AI/ML stack. 508 false positive filters for 96.8% FP reduction. Free and open source.

$ pip install medusa-security && medusa scan .

Install Free View on GitHub

3,200+

Detection Patterns

133

CVEs Detected

96.8%

FP Reduction

AI Applications Need Security Too

LLM agents, MCP servers, and RAG pipelines introduce attack surfaces that traditional scanners miss

AI Agents Are Under Attack

Prompt injection, jailbreaking, and tool poisoning can hijack your AI agents. CVE-2025-6514 proved MCP servers are already being exploited. Traditional SAST tools don't detect these attack vectors.

Blind Spots in AI Pipelines

RAG poisoning, dataset injection, and model extraction attacks happen before your code even runs. Your training data, embeddings, and knowledge bases can all be vectors for adversarial content.

New Protocols, New Risks

MCP, UCP, AP2, and ACP are powerful but introduce discovery endpoint attacks, credential smuggling, and cross-tool exploitation. These protocols need security scanning from day one.

Built for the Agentic AI Era

76 analyzers, 3,200+ detection patterns, and 508 FP filters covering the entire AI security landscape

3,200+ AI Security Patterns

Industry-leading coverage for prompt injection, jailbreaking, MCP tool poisoning, RAG security, agent memory attacks, supply chain risks, and traditional SAST. 508 false positive filters ensure 96.8% FP reduction.

Agent Protocol Security

91 dedicated rules for MCP, UCP, AP2, and ACP vulnerabilities. Detect discovery endpoint attacks, credential smuggling, tool poisoning, and cross-agent exploitation.

CVE Detection

133 CVEs via CVEMiner covering LangChain, PyTorch, MCP, LlamaIndex, and more. Includes React2Shell (CVE-2025-55182) and mcp-remote RCE (CVE-2025-6514).

Zero Setup Required

Works immediately after pip install. No external tools, no API keys, no configuration needed. Just install and scan. Multi-core parallel processing out of the box.

IDE Integration

Works with Claude Code, Cursor, VS Code, and Gemini CLI. Get AI security feedback right in your development workflow. SARIF output for GitHub Code Scanning.

Beautiful Reports

Export to JSON, HTML, SARIF, or Markdown. Glassmorphism HTML dashboard, machine-readable JSON for CI/CD, and SARIF for GitHub integration.

Detection Coverage

Updated for OWASP Top 10 for LLM Applications 2025 and MITRE ATLAS

800+

Prompt Injection

Direct, indirect, jailbreaks, role manipulation, obfuscation

500+

Agent Security

Excessive agency, memory poisoning, HITL bypass, delegation abuse

400+

MCP & Protocols

Tool poisoning, confused deputy, UCP, AP2, ACP vulnerabilities

400+

Model Security

Insecure loading, checkpoint exposure, adversarial attacks

350+

Supply Chain

Dependency confusion, typosquatting, slopsquatting, malicious packages

300+

RAG Security

Vector injection, document poisoning, tenant isolation

133

Known CVEs

LangChain, PyTorch, MCP, React2Shell, XZ Utils, Log4Shell

46+

File Types

Python, JS/TS, Go, Rust, Java, Docker, Terraform, YAML, and more

Simple, Transparent Pricing

Free forever for open-source scanning. Pro adds an ultra-fast runtime proxy that blocks attacks in real time.

Available Now

Free

Forever free, AGPL-3.0 licensed

76 security analyzers
3,200+ AI detection patterns
133 CVE detections
508 FP filters (96.8% reduction)
CLI interface
JSON / SARIF output
GitHub Actions support
Community support

Install Now

Coming Soon

Professional

$99/dev/mo

Ultra-fast proxy blocks attacks before they reach your LLM

Everything in Free
Runtime proxy server
1,100+ real-time filters
Sub-millisecond latency
REST API & webhooks
Priority support

Join Waitlist

Coming Soon

Enterprise

$499/50 devs/mo

Full AI security platform for teams at scale

Everything in Professional
Custom detection rules
SSO / SAML
Audit logs & compliance
On-premise deployment
Dedicated support

Contact Sales

Coming Soon: Runtime Proxy

MEDUSA scans your code. The proxy protects it in production.

Ultra-Fast Filtering

Built in Zig for maximum performance. The MEDUSA proxy sits between your application and your LLM, filtering 1,100+ attack patterns with sub-millisecond latency overhead.

Real-Time Blocking

Block prompt injection, jailbreaking, and data exfiltration attempts before they reach your model. Every request and response is scanned against production-grade detection rules.

Drop-In Deployment

Point your LLM API calls through the proxy. Works with OpenAI, Anthropic, and any LLM provider. No code changes required. REST API and webhook integrations included.

Get Early Access

Secure Your AI Stack in 30 Seconds

Install MEDUSA and scan your first project right now.