Image

Introducing: Agent-Native Application Security

Open-source tools and AI skills that find vulnerabilities, prove they are real, and fix them.

Get started
ImageImage
ghost-scan-secrets
ghost-scan-deps
ghost-scan-code
ghost-validate
# ghost-scan-secrets
scanning 1,337 files...


src/config/api.ts:15
  OpenAI API Key
  sk-proj-0JdlOY****hDvSYA
  entropy: 5.2 | threshold: 5.1


src/lib/db.ts:8
  PostgreSQL Connection String
  postgres://admin:****@prod.db


secrets found: 2
scan duration: 0.8s

Getting Started

Ghost Security Agent

Ghost Security Agent is an agent-native application security plugin for Claude Code. It gives your AI coding agent the tools and skills to find vulnerabilities, prove they're real, and fix them, all inside your existing development workflow.

Poltergeist

Secret scanner with dual-engine pattern matching and entropy analysis.

Wraith

Dependency scanner powered by the OSV database with 500K+ known CVEs.

Reaper

MITM HTTPS proxy for live vulnerability validation.

Exorcist

AI-powered code analysis covering 89 vulnerability types.

These four tools are composed by an AI skills layer that orchestrates them into a complete security pipeline, from discovery to proof to fix. Get started with the installation and usage guide.

How Ghost Security Agent works

Ghost Security Agent is built on a simple idea: real tools produce real data, and AI adds judgment on top.

Each tool is a standalone binary that does one job well. Poltergeist scans for secrets. Wraith scans dependencies. Reaper captures live traffic. These deterministic tools that produce structured, reliable output.

The AI layer comes in through AI skills, orchestration prompts that compose these tools with reasoning. A skill runs Poltergeist, reads the results, examines the surrounding code, and tells you whether each match is a real leaked credential or a benign artifact that can be ignored.

This two-layer architecture means:

  • Ground truth comes from tools. Pattern matches, CVE lookups, and traffic captures are deterministic and auditable.
  • Judgment comes from AI. Exploitability analysis, context assessment, and prioritization use the same reasoning a security engineer would.
  • You get findings, not alerts. Every result includes context about why it matters and what to do about it.

Ghost Security Agent follows a three-stage loop: find, validate, fix. Multiple scanners run in parallel, AI analyzes each candidate for exploitability, and findings include remediation guidance your agent can apply directly. Read more about how the scan lifecycle works.

Open source and composable

Ghost Security Agent and its underlying tools are fully open source. Everything is available for inspection and contribution.

The tools can also be used standalone. You can use Poltergeist for secret scanning without touching the rest of the Ghost Security Agent. The skills compose them into a pipeline, but the pipeline is optional. Use as much or as little as your workflow needs.

  • Tools are Go binaries distributed via GitHub releases
  • Skills are prompt files that any compatible AI agent can execute
  • Rules and criteria are YAML files you can extend, customize, or replace
  • Everything runs locally. Results are cached to speed up subsequent runs
Next
Installation and usage