OpenAnt from Knostic is an open source LLM-based vulnerability discovery product that helps defenders proactively find verified security flaws while minimizing both false positives and false negatives. Stage 1 detects. Stage 2 attacks. What survives is real.
We're pretty proud of this product and are in the vulnerability disclosure process for its findings, but do keep in mind that this started as a research project, and some of its features are still in beta. We welcome contributions to make it better.
Considering the explosion of AI-discovered vulnerabilities, we hope OpenAnt will be the tool helping open source maintainers stay ahead of attackers, where they can use it themselves or submit their repo for scanning at no cost.
Then, since Knostic's focus is on protecting agents and coding assistants and not vulnerability research or application security, and we like open source, we decided to release OpenAnt under the Apache 2 license. Besides, you may have heard about Aardvark from OpenAI (now Codex Security) and Claude Code Security from Anthropic, and we have zero intention of competing with them.
For technical details, limitations, and token costs, check out this blog post: https://knostic.ai/blog/openant
To submit your repo for scanning: https://knostic.ai/blog/oss-scan
- Go
- Python
- JavaScript/TypeScript (beta)
- C/C++ (beta)
- PHP (beta)
- Ruby (beta)
Research and ideation: Nahum Korda.
Productization: Alex Raihelgaus, Daniel Geyshis.
With thanks to: Michal Kamensky, Imri Goldberg, Gadi Evron, Daniel Cuthbert. Josh Grossman, and Avi Douglen.
If you like our work, check out what we do at Knostic to defend your agents and coding assistants, prevent them from deleting your hard drive and code, and control associated supply chain risks such as MCP servers, extensions, and skills.
Build the CLI binary (requires Go 1.25+):
cd apps/openant-cli && make buildThis compiles the Go source and outputs the binary to apps/openant-cli/bin/openant.
Symlink it onto your PATH so you can run openant from anywhere:
ln -sf "$(pwd)/apps/openant-cli/bin/openant" /usr/local/bin/openantNote: run this from the repo root so $(pwd) resolves to the correct absolute path.
OpenAnt routes each pipeline phase through a configurable (provider, model) pair. The fastest path is the interactive wizard:
openant setup llmYou name the config (e.g. my-llm), pick a provider per pipeline phase (anthropic, openai, or google), enter an API key once per provider, and the wizard probes each unique provider+model pair with a 1-token request before writing ~/.config/openant/config.json. Run a scan against it with --llm-config:
openant scan /path/to/repo --llm-config my-llmWizard defaults reflect the project's per-phase recommendations (stronger reasoning models for detection / verification / reachability review; lighter models for context, report, and test generation) — override any answer to taste.
| Provider type | API key from | Notes |
|---|---|---|
anthropic |
console.anthropic.com | Reference adapter. NOT included in Claude Pro / Max subscriptions — separate billing. |
openai |
platform.openai.com | NOT included in ChatGPT / Codex subscriptions — separate billing. |
google |
aistudio.google.com | NOT included in Gemini Advanced — separate billing. |
All three support tool calling, so any of them can drive the enhance and verify phases that use the agentic tool-use loop.
If you want today's per-phase Claude defaults and nothing else, skip the wizard:
openant set-api-key sk-ant-...
openant scan /path/to/repoThis uses the built-in openant-default config (compiled into the binary, no config.json needed) — Claude Opus 4.6 for detection phases, Sonnet 4 for the rest.
The wizard writes ~/.config/openant/config.json for you, but you can edit it directly too. Every llm-config must list all seven pipeline phases:
{
"$schema_version": 2,
"default_llm": "my-llm",
"llm_providers": {
"anthropic": {"type": "anthropic", "api_key": "sk-ant-..."},
"openai": {"type": "openai", "api_key": "sk-proj-..."},
"google": {"type": "google", "api_key": "AIza..."}
},
"llm_configs": {
"my-llm": {
"app_context": {"provider": "openai", "model": "gpt-4o-mini"},
"llm_reach": {"provider": "anthropic", "model": "claude-opus-4-6"},
"enhance": {"provider": "openai", "model": "gpt-4o-mini"},
"analyze": {"provider": "anthropic", "model": "claude-opus-4-6"},
"verify": {"provider": "anthropic", "model": "claude-opus-4-6"},
"dynamic_test": {"provider": "google", "model": "gemini-2.0-flash"},
"report": {"provider": "google", "model": "gemini-2.0-flash"}
}
}
}Providers accept a custom base_url for OpenAI-compatible / Anthropic-compatible proxies (OpenRouter, vLLM, Bedrock, internal gateways). The openant-default config (Claude across all phases) is built in and always available regardless of file contents.
OpenAnt's adapter layer is a small Python recipe — one Python file implementing the LLMAdapter Protocol, one factory for the contract-test harness, plus a registry entry — and that alone is enough to run the adapter from a hand-authored config. To also have it offered by the openant setup llm wizard and pass its pre-save probe, add a few Go touch-points in apps/openant-cli/cmd/setup.go (the supported-provider list, a probe case, the per-phase default-model maps) plus a Go probe function. The 12 contract tests run automatically against your adapter once it's wired in. See docs/features/llm-providers/HOW_TO_ADD_AN_ADAPTER.md for the full recipe.
OpenAnt's parsing, enhancement, analysis, and reporting code is Python 3.11+. The Go CLI picks an interpreter in this order:
OPENANT_PYTHONenv var (set this to pin a specific interpreter — e.g.OPENANT_PYTHON=python3.11).- Managed venv at
~/.openant/venv/(auto-created on first use). The CLI usesbin/pythonon Linux/macOS andScripts\python.exeon Windows. python3/pythononPATH.
If none yield Python 3.11+, the command exits with an error pointing at python.org. To rebuild a stale managed venv (e.g. after upgrading Python), delete ~/.openant/venv/ and rerun any openant command.
OpenAnt creates two directories:
~/.config/openant/— CLI configuration (config.json). Stores your API key, active project, and preferences. File permissions are restricted to0600.~/.openant/— Project data. Each initialized project gets a workspace under~/.openant/projects/<org>/<repo>/containingproject.jsonand ascans/directory with per-commit outputs.
Point OpenAnt at a repository. The -l flag (language) is required — use go or python.
# Remote — clones the repo
openant init <repo-url> -l go
# Remote — pin to a specific commit
openant init <repo-url> -l go --commit <sha>
# Local — references the directory in-place
openant init <path-to-repo> -l go --name <org/repo>This creates a project workspace and sets it as the active project. All subsequent commands operate on the active project automatically — no path arguments needed.
Each step picks up the output of the previous one from the project's scan directory:
openant parse
openant enhance
openant analyze
openant verify
openant build-output
openant report -f summaryOr run the full pipeline in one command:
openant scan --verifyThe pipeline operates on one project at a time. Running openant init sets the newly initialized project as the active one, so all subsequent commands target it by default.
If you're working with several projects, you have two options:
# Option 1: switch the active project
openant project switch org/repo
openant parse
# Option 2: target a project directly with -p
openant parse -p org/repoopenant project list # shows all projects, marks active
openant project show # details of active project
openant project switch <org/repo> # switch active projectThings on the list, in no particular order:
- More provider adapters. Ollama (local models), vLLM, Cohere, Mistral, Groq, Amazon Bedrock, Azure OpenAI — each is a small Python adapter recipe (plus a few Go wizard/probe touch-points if you want it offered by
openant setup llm) per the contributor guide. Lower the barrier to local / on-prem inference. - Subscription-based auth. ChatGPT / Codex, Claude Pro / Max, and Gemini Advanced subscriptions don't currently grant API quota — users have to maintain a separate API-tier key per provider. OAuth-based adapters that ride the consumer subscription would close that gap.
- Cross-provider tool-call quirks. All three shipped adapters support tool calling, but the long tail (parallel tool calls, strict-mode schema enforcement, retry semantics on partial JSON) behaves differently per provider. Real-world scans surface these — PRs welcome.
- More languages. The supported-languages list above is current coverage. Rust, Java, C#, and Swift come up frequently.
- Hosted scan service. Knostic offers free scans for OSS projects today via the form linked above; a self-serve API for trusted partners is a future possibility.
PRs welcome on any of these — open an issue first if the scope is non-trivial so we can align before you build.
This project is licensed under Apache 2. See the LICENSE file for details.
This project is intended for defensive and research purposes only. OpenAnt is still in the research phase, use it carefully and at your own risk. Knostic, OpenAnt, and associated developers, researchers, and maintainers assume no responsibility whatsoever for any misuse, damage, or consequences arising from the use of this tool.
Only scan code you own or have explicit permission to test. If you discover a vulnerability in someone else's project through legitimate means, please follow coordinated vulnerability disclosure practices and report it to the maintainers before making it public.