Khaos - AI Agent Security Testing Framework

AI agents need rigorous security testing but developers lack tools to catch prompt injection, tool misuse, and data leakage. Khaos is a local-first CLI that tests agents against common vulnerabilities and provides hardening examples. Target users: AI developers and enterprises deploying agents.

Agent security is front-of-mind right now because enterprises are moving from LLM chatbots to autonomous agents with tool access, and the attack surface has expanded dramatically — OWASP published its LLM Top 10 specifically because existing AppSec tooling doesn't cover prompt injection or tool misuse. No clear incumbent owns this space yet; Garak from NVIDIA is the closest open-source analog but focuses on model-level red-teaming rather than agent-layer vulnerabilities. The $1k–5k/mo revenue band is realistic for a CLI-first tool if it stays in the indie/SMB lane, but it's a ceiling — enterprise security buyers expect hosted dashboards, audit logs, and SOC2 compliance before they'll cut a real check, which pushes costs up fast. The biggest risk is that the major agent frameworks (LangChain, AutoGen, CrewAI) build security testing directly into their own tooling, commoditizing the core value before there's a defensible moat.