AI-first security scanner with 9,600+ detection rules for AI/ML, LLM agents, and MCP servers.
medusa is easy to set up with strong trust signals. Check agent compatibility and use-case fit before adding it to your workflow.
gh repo view Pantheon-Security/medusa --webOpen the official repository or website.
Check the README for package manager, auth, and platform requirements.
Try it in a small test task inside your agent workflow.
Medusa is a security scanner that finds vulnerabilities in code, especially for AI and machine learning projects. It can scan any GitHub repository for issues like leaked secrets, poisoned AI configurations, and known CVEs. You can use it right after installing with pip, no extra tools needed.
Medusa is an AI-first security scanner developed by Pantheon Security. It features over 9,600 detection patterns covering AI/ML applications, LLM agents, MCP servers, RAG pipelines, and traditional code. Key capabilities include: scanning any GitHub repo for AI supply chain attacks (repo poisoning, prompt injection, MCP tool poisoning) using `medusa scan --git <URL>`; finding leaked API keys in Claude/Cursor/Copilot/shell history with `medusa secrets scan` and interactive redaction; detecting 200+ CVEs (Log4Shell, Spring4Shell, XZ Utils, LangChain RCE, React2Shell); parallel multi-core processing (10-40x faster); beautiful CLI with progress bars; IDE integration (Claude Code, Cursor, VS Code, Gemini CLI); smart caching for fast rescans; configurable via .medusa.yml; cross-platform (Windows, macOS, Linux); multiple report formats (JSON, HTML, Markdown, SARIF). The tool is designed for zero setup—works immediately after `pip install medusa-security`. It is licensed under AGPL-3.0 and has received 594 stars on GitHub.
Strong trust signals; still review the README and permissions before production use.
Last commit was about 10 days ago.
594 GitHub stars indicate community interest.
4 open issues signal maintenance load.
AGPL-3.0 license detected.
Scan any GitHub repository for AI supply chain attacks and vulnerabilities
Detect leaked API keys and secrets in developer chat histories and shell logs
Identify CVEs in AI/ML frameworks like LangChain and MCP servers
Integrate into CI/CD pipelines for automated security scanning
Audit AI editor configurations for poisoning or malicious settings
594
Stars
108
Forks
4
Issues
AGPL-3.0
License
A terminal dashboard to monitor AI coding agents like Claude Code and Codex CLI in real-time.
A bridge between Streamable HTTP and stdio MCP transports, enabling flexible MCP server connectivity.
A full-stack AI Red Teaming platform for securing AI ecosystems with comprehensive scanning and evaluation.
0 security/trust notes recorded.
Setup difficulty is 1/5.