Compare the Top AI Security Software that integrates with GitHub as of July 2026

This a list of AI Security software that integrates with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.

What is AI Security Software for GitHub?

AI security software is a technology that uses artificial intelligence (AI) to protect online systems from malicious attacks. AI security software can also ensure that companies are using AI software and generative AI tools safely. It can detect potential threats and blocks them before they cause damage. AI security software provides additional protection beyond traditional methods such as firewalls, antivirus, and intrusion detection systems. AI security software can be used to protect not only corporate networks but also individual computers from cyberattacks. The AI algorithms use machine learning techniques to learn about the changing patterns of malicious behavior in order to identify new threats more quickly and accurately. It also has the ability to adapt its responses over time, making it a powerful tool for combating ever-evolving cyber threats. Many companies now deploy AI security software as part of their comprehensive cybersecurity strategy. Compare and read user reviews of the best AI Security software for GitHub currently available using the table below. This list is updated regularly.

  • 1
    Daylight

    Daylight

    Daylight Security

    Daylight merges lightning-fast agentic AI with elite human expertise to deliver a next-gen managed detection and response service that goes beyond alerts, aiming to “take command” of your cyber-frontier. It promises full coverage of your environment with no blind spots, context-aware protection that continuously learns from your systems and past cases (including Slack chats), near-zero false positives, the industry’s lowest mean time to detection and mean time to response, and deep integration with your IT and security stack so it supports unlimited platforms, unlimited integrations, and delivers actionable, noise-free insights via AI dashboards. With Daylight, you get true end-to-end threat detection and response (no escalation games), 24/7 expert support, custom response workflows, environment-wide visibility, and measurable improvements in analyst utilization and response speed, all built to shift your security operations from reactive to commanding.
    View Software
    Visit Website
  • 2
    ZeroPath

    ZeroPath

    ZeroPath

    ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix vulnerabilities. ZeroPath provides complete security coverage: 1. AI-powered SAST for business logic flaws & broken authentication 2. SCA with reachability analysis 3. Secrets detection and validation 4. Infrastructure as Code 5. Automated patch generation. any more... ZeroPath delivers 2x more real vulnerabilities with 75% fewer false positives. Our research team has been successful in finding vulns like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce. Trusted by 750+ companies and performing 200k+ code scans monthly.
    Starting Price: Free
  • 3
    Backslash Security
    The software development lifecycle has fundamentally changed. Developers across engineering organizations are using AI coding tools — GitHub Copilot, Cursor, Windsurf, Claude Code, Gemini CLI — at scale. The security controls built for traditional development were not designed for this environment. Backslash Security addresses this gap directly. The platform gives security teams visibility into AI coding tool usage, the code being generated, MCP server connections made by AI agents, and the risk introduced before it reaches production. Core capabilities: AI coding tool inventory and policy enforcement MCP server visibility and access control Vibe coding security — risk detection in AI-generated code Continuous monitoring without disrupting engineering workflows Purpose-built for AI-native development — not a legacy scanner repositioned for a new market. For security leaders governing an environment they didn't design, Backslash provides the visibility and control you need.
  • 4
    Akto

    Akto

    Akto

    Akto is an open source API security in CI/CD platform. Key features of Akto include: 1. API Discovery 2. API Security Testing 3. Sensitive Data Exposure 4. API Security Posture Management 5. Authentication and Authorization 6. API Security in DevSecOps Akto helps developers and security teams secure APIs in their CI/CD by continuously discovering and testing APIs for vulnerabilities. Akto's pricing is transparent on website. Free tier is available. You can deploy both self-hosted and in cloud. It takes only few mins to deploy and see results. Akto can integrate with multiple traffic sources - Burpsuite, AWS, postman, GCP, gateways, etc.
  • 5
    Threatrix

    Threatrix

    Threatrix

    Threatrix autonomous platform manages your open source supply chain security and license compliance allowing your team to focus on delivering great software. Enter a new era of open source with Threatrix autonomous open source management. Threatrix autonomous platform effectively eliminates security risks and helps your team quickly manage license compliance in a single, tightly integrated platform. Scans complete in seconds, never holding up your builds. Proof of origin instantly ensures actionable results. Seamlessly processes billions of source files every day, providing unparalleled scalability for even the largest of organizations. Empower your vulnerability detection with unmatched control and risk visibility thanks to the unparalleled capabilities of our TrueMatch technology. A comprehensive vulnerability knowledge base aggregates all known open source vulnerability data and pre-zero-day vulnerability intelligence from the dark web.
    Starting Price: $41 per month
  • 6
    MCP Defender

    MCP Defender

    MCP Defender

    MCP Defender is an open source desktop application that functions as an AI firewall, designed to monitor and protect Model Context Protocol (MCP) communications. It acts as a secure proxy between AI applications and MCP servers, analyzing all communications for potential threats in real-time. It automatically scans and protects all MCP tool calls, providing advanced LLM-powered detection of malicious activity. Users can manage the signatures used during scanning, allowing for customizable security measures. MCP Defender identifies and blocks common AI security threats, including prompt injection, credential theft, arbitrary code execution, and remote command injection. It supports integration with various AI applications such as Cursor, Claude, Visual Studio Code, and Windsurf, with more applications to be supported in the future. It offers intelligent threat detection, alerting users as soon as it identifies any malicious activity being performed by AI apps.
    Starting Price: Free
  • 7
    Plurilock AI Cloud DLP

    Plurilock AI Cloud DLP

    Plurilock Security

    Plurilock AI Cloud DLP is a cloud-native yet endpoint-capable data loss prevention (DLP) solution that also provides passwordless SSO and CASB. It is designed specifically for cloud-centric companies relying on an army of SaaS applications to succeed. With Plurilock AI Cloud DLP, companies without the resources to configure and manage (much less pay for) the "default" incumbent DLP solutions can still gain the benefits of full-featured DLP, but at a level of simplicity and cost-effectiveness that makes DLP accessible to companies that don't specialize in IT. Plurilock AI Cloud DLP is part of the Plurilock AI platform, which grows as companies do, with an expansion path to true continuous, real-time authentication and user/entity behavior analytics (UEBA) for real-time biometric identity threat detection and response (ITDR). Plurilock AI is rated top in the industry in customer satisfaction by Info-Tech, based on the feedback of actual customers.
    Starting Price: $36/user/year
  • 8
    DryRun Security

    DryRun Security

    DryRun Security

    DryRun Security brings AI Native SAST and Agentic Code Security to your code, so application security and dev teams can stop triaging noise and start fixing real risk. Our Contextual Security Analysis (CSA) engine reasons about code intent, exploitability, and impact to deliver high-signal findings that pattern-matching scanners miss. Use the Code Review Agent for PR comments and checks within moments of a push. Enforce guardrails with Natural Language Code Policies, written in plain English and executed by the Custom Policy Agent on every PR. Run DeepScan Agent for an on-demand full-repo assessment in about an hour, and use Code Insights Agent to see trends and risk across repos.
  • 9
    Scanner

    Scanner

    Scanner

    Scanner.dev is a cloud-native security data lake and lightweight security information and event management (SIEM) platform that indexes logs directly in your own Amazon S3 buckets, letting you retain unlimited logs and run full-text searches across petabytes of data in seconds without additional ETL or schema requirements. It builds lightweight indexes that make any log format instantly searchable and supports hyper-fast search and investigation, continuous threat detection with customizable detection rules managed as code via GitHub, and integrated alerting with APIs for automation and integration into existing security workflows. Scanner’s streaming detection engine continuously evaluates rule queries in near real time and can backtest detection logic against historical data, while its API and Model Context Protocol (MCP) enable programmatic access and AI-assisted analysis of security data.
    Starting Price: $30,000 per year
  • 10
    Blink

    Blink

    Blink Ops

    Blink is an ROI force multiplier for security teams and business leaders looking to quickly and easily secure a wide variety of use cases. Get full visibility and coverage of alerts across your organization and security stack. Utilize automated flows to reduce noise and false positives in alerts. Scan for attacks and proactively identify insider threats and vulnerabilities. Create automated workflows that add relevant context, streamline communications, and reduce MTTR. Take action on alerts and improve your cloud security posture with no-code automation and generative AI. Shift-left access requests, streamline approvals flows, and unblock developers while keeping your applications secure. Continuously monitor your application for SOC2, ISO, GDPR, or other compliance checks and enforce controls.
  • 11
    SandboxAQ

    SandboxAQ

    SandboxAQ

    The emergence of large, fault-tolerant quantum computers poses a significant threat to current public-key cryptography, leaving sensitive data and systems vulnerable to attacks. SandboxAQ was selected by the NIST's National Cybersecurity Center of Excellence for its Migration to Post-Quantum Cryptography project, which partners with industry to help the government develop best practices to transition from current public-key cryptography to post-quantum cryptography algorithms. Easily adhere to new cryptographic requirements and switch between them without requiring additional development or maintenance. Application Analyzer detects and records all calls to cryptographic libraries made by an application at run time, identifying vulnerabilities and policy breaches.
  • 12
    Vorlon

    Vorlon

    Vorlon

    Continuous near real-time detection and identification of your data in motion between third-party apps with remediation capabilities. By not continuously monitoring third-party APIs, you inadvertently grant attackers an average of seven months to act before you detect and remediate an issue. Vorlon continuously monitors your third-party applications and detects abnormal behavior in near real-time, processing your data every hour. Understand your risks in the third-party apps your Enterprise uses with clear insights and recommendations. Report progress to your stakeholders and board with confidence. Gain visibility into your third-party apps. Detect, investigate, and respond to abnormal third-party app activity, data breaches, and security incidents in near real-time. Determine whether the third-party apps your Enterprise uses are compliant with regulations. Provide proof of compliance to stakeholders with confidence.
  • 13
    Acuvity

    Acuvity

    Acuvity

    Acuvity is the most comprehensive AI security and governance platform for your employees and applications. DevSecOps implements AI security without code changes and devs can focus on AI Innovation. Pluggable AI security results in completeness of coverage, without old libraries or insufficient coverage. Optimize costs by efficiently using GPUs only for LLM models. Full visibility into all GenAI models, apps, plugins, and services that your teams are using and exploring. Granular observability into all GenAI interactions with comprehensive logging and an audit trail of inputs and outputs. AI usage in enterprises requires a specialized security framework that is able to address new AI risk vectors and comply with emerging AI regulations. Employees can use AI confidently, without risking exposing confidential data. Legal would like to ensure there are no copyright, or regulatory issues while using AI-generated content.
  • 14
    NVIDIA Morpheus
    NVIDIA Morpheus is a GPU-accelerated, end-to-end AI framework that enables developers to create optimized applications for filtering, processing, and classifying large volumes of streaming cybersecurity data. Morpheus incorporates AI to reduce the time and cost associated with identifying, capturing, and acting on threats, bringing a new level of security to the data center, cloud, and edge. Morpheus also extends human analysts’ capabilities with generative AI by automating real-time analysis and responses, producing synthetic data to train AI models that identify risks accurately and run what-if scenarios. Morpheus is available as open-source software on GitHub for developers interested in using the latest pre-release features and who want to build from source. Get unlimited usage on all clouds, access to NVIDIA AI experts, and long-term support for production deployments with a purchase of NVIDIA AI Enterprise.
  • 15
    Opsin

    Opsin

    Opsin

    Opsin is a cutting-edge GenAI security company. Opsin provides a comprehensive security orchestration layer that empowers organizations to build GenAI applications securely with their data. From a security perspective, Opsin includes enterprise-level security tools such as auditing and data lineage in GenAI models to meet security and compliance requirements from the outset. Our platform prevents sensitive data from being exposed or leaving the organization, safeguarding information at every step of the process. From a development perspective, our solution allows for the seamless integration of data from structured, unstructured, and CRM sources. This enables developers to create permission-aware GenAI applications that ensure only authorized users can access their permitted data. With tools like Glean and Microsoft Copilot bringing GenAI and data within easy reach, data security and governance still lag behind.
  • 16
    Exaforce

    Exaforce

    Exaforce

    ​Exaforce is a SOC platform that enhances the productivity and efficacy of security operations center teams by 10x through the integration of AI bots and advanced data exploration. It utilizes a semantic data model to ingest and deeply analyze large-scale logs, configurations, code, and threat feeds, facilitating better reasoning by humans and large language models. By combining this semantic model with behavioral and knowledge models, Exaforce autonomously triages alerts with the skill and consistency of an expert analyst, reducing the time from alert to decision to minutes. Exabots automate tedious workflows such as confirming actions with users and managers, investigating historical tickets, and correlating against change management systems like Jira and ServiceNow, thereby freeing up analyst time and reducing fatigue. Exaforce offers advanced detection and response solutions for critical cloud services.
  • 17
    Codex Security
    Codex Security is an AI-powered application security agent developed by OpenAI to help teams detect and fix vulnerabilities in software systems. The tool analyzes code repositories to understand the structure, architecture, and potential risk areas within a project. Using this context, it identifies complex security issues that traditional scanning tools might overlook. Codex Security prioritizes vulnerabilities based on their real-world impact, helping security teams focus on the most critical threats. The system also validates findings through sandboxed testing environments to reduce false positives and improve accuracy. Once vulnerabilities are confirmed, it proposes patches and remediation steps that align with the system’s existing behavior. By combining AI reasoning with automated validation, Codex Security helps development teams ship more secure code faster.
  • 18
    Mondoo

    Mondoo

    Mondoo

    Mondoo is a unified security and compliance platform designed to drastically reduce business-critical vulnerabilities by combining full-stack asset visibility, risk prioritization, and agentic remediation. It builds a complete inventory of every asset, cloud, on-premises, SaaS, endpoints, network devices, and developer pipelines, and continuously assesses configurations, exposures, and interdependencies. It then applies business context (such as asset criticality, exploitability, and policy deviation) to score and highlight the most urgent risks. Users can choose guided remediation (pre-tested code snippets and playbooks) or autonomous remediation via orchestration pipelines, with tracking, ticket creation, and verification built in. Mondoo supports ingestion of third-party findings, integrates with DevSecOps toolchains (CI/CD, IaC, container registries), and includes 300 + compliance frameworks and benchmark templates.
  • 19
    AWS Security Agent
    AWS Security Agent is a new frontier AI-powered agent that proactively secures your applications throughout the development lifecycle, from design and architecture planning, through code changes, to deployment and penetration testing. It lets security teams define organizational security requirements (for example, approved auth libraries, encryption standards, logging practices, data-access policies) once in the AWS Console; then the agent automatically validates design documents, architectural plans, and code against those standards. Before a single line of code is written, AWS Security Agent can perform a design review, analyzing architectural documents uploaded into the web application (or ingested from storage), and flag potential security risks or non-compliance with custom or Amazon-managed standards, providing remediation guidance.
  • 20
    depthfirst

    depthfirst

    depthfirst

    depthfirst is an AI-native application security platform designed to help organizations detect, prioritize, and fix software vulnerabilities by deeply understanding their code, infrastructure, and business logic as a unified system. depthfirst, built around its core “General Security Intelligence,” analyzes entire repositories and environments to map how systems actually function, enabling it to uncover complex, real-world vulnerabilities that traditional scanners often miss. It evaluates full attack paths, permissions, and data flows to determine whether an issue is truly exploitable, significantly reducing false positives and allowing teams to focus only on meaningful risks. depthfirst operates across multiple layers of the stack, including source code, dependencies, secrets, containers, and running applications, providing continuous security coverage from development through production.
  • 21
    Snapper

    Snapper

    Snapper

    Snapper is an AI agent security platform designed to provide end-to-end governance and protection for organizations deploying AI agents across applications, networks, and systems. It delivers runtime enforcement by evaluating every agent action, including tool calls, API requests, and data access, before execution through a policy-driven rule engine with multiple enforcement layers. It offers unified visibility into AI usage by monitoring network traffic, browser activity, DNS, and processes to detect unauthorized tools and “shadow AI,” while also intercepting outbound LLM requests through SDK wrappers and a network proxy to evaluate, redact, and log sensitive data in real time. Snapper includes advanced threat detection capabilities that identify prompt injection, exploit chains, anomalous behavior, and multi-step attack patterns using behavioral baselines, kill chain tracking, and composite trust scoring.
  • 22
    Straiker

    Straiker

    Straiker

    Straiker is an AI-native security platform built specifically to protect enterprise AI applications and autonomous agents, focusing on the emerging risks of “agentic AI” systems that interact with tools, APIs, and sensitive data. It provides full visibility and control across the entire AI stack by analyzing behavioral signals from models, prompts, tools, identities, and infrastructure, enabling real-time detection and prevention of AI-specific threats such as prompt injection, privilege escalation, data exfiltration, and malicious tool usage. It combines continuous discovery, adversarial testing, and runtime protection through core components like Discover AI, Ascend AI, and Defend AI, which together identify all active agents, simulate attacks to uncover vulnerabilities, and enforce real-time safeguards during execution. Its multi-layered architecture captures deep contextual signals across user interactions, networks, and agent workflows.
  • 23
    General Analysis

    General Analysis

    General Analysis

    General Analysis is an AI security platform that helps security teams adversarially test, monitor, and protect AI agents and systems in production. It is built to help organizations understand AI risk, prevent incidents, and secure real AI deployments across employee copilots, coding agents, customer support agents, healthcare assistants, legal assistants, financial copilots, creative pipelines, and other agentic workflows. It maps AI applications and agents across prompts, retrieval, tools, MCP servers, browser actions, permissions, repositories, cloud accounts, SaaS workflows, and business processes, then generates context-aware attacks that expose system-level risks. Its automated red teaming uses attacker models that adapt to target responses and produce multi-step exploit chains, helping teams uncover vulnerabilities that static prompt sets or endpoint-only tests may miss.
  • Previous
  • You're on page 1
  • Next