AgentNull is a red team-oriented catalog and proof-of-concept toolkit for exploiting security vulnerabilities in AI systems, including autonomous agents, RAG pipelines, and vector databases.
AgentNull: AI System Security Threat Catalog + Proof-of-Concepts. Collection of PoCs for using Agents, MCP, and RAG in bad ways.
This tool is designed for security researchers and red teamers to study, demonstrate, and understand attack vectors targeting AI-driven systems such as multi-agent frameworks and retrieval-augmented generation pipelines. It provides practical proof-of-concept exploits to help organizations identify and mitigate AI-specific security threats in controlled, authorized environments.
This repository is strictly for educational and internal security research purposes; deploying any techniques or code in production or against unauthorized systems is prohibited. Using local LLMs via Ollama is recommended to avoid API costs and improve demonstration fidelity. Users should carefully edit model names and endpoints in PoC scripts as needed.
Install Ollama for local LLM usage: curl -fsSL https://ollama.ai/install.sh | sh (Linux/macOS)
Alternatively, download Ollama from https://ollama.ai/download
Pull lightweight or capable local models with Ollama, e.g., ollama pull gemma3
Navigate to specific PoC directories under pocs/<attack_name>/
Follow individual PoC README instructions to replicate attack scenariosollama pull gemma3
Pull a lightweight local LLM model recommended for testing PoCs
ollama pull deepseek-r1
Pull a more capable local LLM model for advanced testing
cd pocs/AdvancedToolPoisoning && python3 advanced_tool_poisoning_agent.py local
Run the Advanced Tool Poisoning PoC using a local LLM
cd pocs/ContextPackingAttacks && python3 context_packing_agent.py
Run the Context Packing Attacks PoC in simulation mode