Agent Audit: A Security Analysis System for LLM Agent Applications

TL;DR

Agent Audit is a security analysis tool for LLM agent applications that detects vulnerabilities in code and deployment artifacts, improving security inspection efficiency and integration with development workflows.

Contribution

It introduces a comprehensive, agent-aware security analysis system that combines dataflow analysis, credential detection, and privilege checks, with open-source accessibility.

Findings

Detects 40 out of 42 vulnerabilities in benchmark tests

Maintains sub-second scan times for rapid analysis

Substantially improves recall over common SAST tools

Abstract

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted inputs to dangerous operations, exposed credentials in deployment artifacts, and over-privileged Model Context Protocol (MCP) configurations. We present Agent Audit, a security analysis system for LLM agent applications. Agent Audit analyzes Python agent code and deployment artifacts through an agent-aware pipeline that combines dataflow analysis, credential detection, structured configuration parsing, and privilege-risk checks. The system reports findings in terminal, JSON, and SARIF formats, enabling direct integration with local development workflows and CI/CD pipelines. On a benchmark of 22 samples with 42 annotated vulnerabilities, Agent Audit detects 40 vulnerabilities with 6 false positives, substantially improving recall over common SAST baselines while maintaining sub-second scan times. Agent Audit is open source and installable via pip, making security auditing accessible for agent systems. In the live demonstration, attendees scan vulnerable agent repositories and observe how Agent Audit identifies security risks in tool functions, prompts, and more. Findings are linked to source locations and configuration paths, and can be exported into VS Code and GitHub Code Scanning for interactive inspection.