Tencent AI-Infra-Guard — Multi-Layer Agent Red Teaming Framework

AI relevance: AI agents now span infrastructure, protocols, and model layers — but no single detection paradigm fits all of them. AI-Infra-Guard addresses this gap with layer-specific red teaming.

Key Points

  • Tencent Zhuque Lab released AI-Infra-Guard as open source for comprehensive AI agent security assessment
  • Covers 75+ AI components with 1,400+ vulnerability rules across infrastructure, protocol/tool, agent behavior, and model layers
  • Includes dedicated MCP server auditing using LLM-driven agentic analysis — signatures alone cannot catch protocol-level flaws
  • Agent skill supply-chain scanning targets the growing attack surface of skill packages and plugins
  • Jailbreak evaluation harness includes 26+ attack operators tested across 16 datasets
  • Layer-paradigm matching principle: deterministic rules for infrastructure, LLM auditing for protocols, multi-turn red teaming for agent behavior, statistical testing for model alignment
  • First open-source framework to span all layers including agent skill supply-chain auditing

Why It Matters

AI agents are not monolithic — they run on infrastructure (vLLM, Triton), communicate via protocols (MCP, A2A), exhibit emergent behavior, and depend on model alignment. A vulnerability at any layer can compromise the entire system. Traditional security tools apply one detection method uniformly, but infrastructure flaws need signature matching while protocol flaws need semantic analysis. AI-Infra-Guard's layered approach matches the detection paradigm to each attack surface layer, providing more accurate and actionable results.

The framework arrives as agent supply-chain attacks accelerate. Malicious MCP servers, poisoned agent skills, and jailbroken models have all been exploited in 2025-2026. Defenders need tooling that covers the full stack, not just one layer.

What to Do

  • Deploy AI-Infra-Guard to audit your AI agent deployments across all four layers
  • Use infrastructure scanning to identify exposed AI components and misconfigurations
  • Run MCP server audits to catch protocol-level flaws that signatures miss
  • Scan agent skills and plugins for supply-chain risks before deployment
  • Integrate jailbreak testing into your model evaluation pipeline

Sources