Securing the AI Agent: A Unified Framework for Multi-Layer Agent Red Teaming

Hugging Face Daily Papers Papers

Summary

AI-Infra-Guard is an open-source framework for multi-layer red teaming of AI agents, covering infrastructure, protocol, behavior, and model layers with diverse detection paradigms.

The fast growth of open-source AI infrastructure, from model serving engines and agent platforms to the Model Context Protocol (MCP) ecosystem and the language models themselves, has outpaced the security tooling available to defend it. We present AI-Infra-Guard, an open-source framework that organizes AI red teaming around a single observation: the attack surface of an AI agent is stratified across layers (infrastructure, protocol/tool, agent behavior, and model), and no single detection paradigm fits all of them. The framework therefore matches a paradigm to each layer, from deterministic rule matching over 75+ AI components and 1{,}400+ vulnerability rules, through LLM-driven agentic auditing of MCP servers and agent-skill packages and multi-turn black-box agent red teaming, to a jailbreak harness with 26+ attack operators over sixteen datasets. To our knowledge it is the only open-source framework to span all of these, including supply-chain auditing of the agent skills that increasingly extend AI agents. We release AI-Infra-Guard as open source so that layer-paradigm matching can serve as a practical foundation for agent security and a shared base for the community to build on.
Original Article
View Cached Full Text

Cached at: 07/06/26, 06:35 AM

Paper page - Securing the AI Agent: A Unified Framework for Multi-Layer Agent Red Teaming

Source: https://huggingface.co/papers/2606.31227

Abstract

AI-Infra-Guard is an open-source framework that addresses AI infrastructure security through layered detection paradigms spanning infrastructure, protocol, agent behavior, and model layers.

The fast growth of open-source AI infrastructure, from model serving engines and agent platforms to theModel Context Protocol(MCP) ecosystem and the language models themselves, has outpaced the security tooling available to defend it. We present AI-Infra-Guard, an open-source framework that organizesAI red teamingaround a single observation: the attack surface of an AI agent is stratified across layers (infrastructure, protocol/tool, agent behavior, and model), and no single detection paradigm fits all of them. The framework therefore matches a paradigm to each layer, from deterministic rule matching over 75+ AI components and 1{,}400+ vulnerability rules, throughLLM-driven agentic auditingof MCP servers and agent-skill packages and multi-turnblack-box agent red teaming, to ajailbreak harnesswith 26+ attack operators over sixteen datasets. To our knowledge it is the only open-source framework to span all of these, includingsupply-chain auditingof the agent skills that increasingly extend AI agents. We release AI-Infra-Guard as open source so thatlayer-paradigm matchingcan serve as a practical foundation for agent security and a shared base for the community to build on.

View arXiv pageView PDFAdd to collection

Get this paper in your agent:

hf papers read 2606\.31227

Don’t have the latest CLI?curl \-LsSf https://hf\.co/cli/install\.sh \| bash

Models citing this paper0

No model linking this paper

Cite arxiv.org/abs/2606.31227 in a model README.md to link it from this page.

Datasets citing this paper0

No dataset linking this paper

Cite arxiv.org/abs/2606.31227 in a dataset README.md to link it from this page.

Spaces citing this paper0

No Space linking this paper

Cite arxiv.org/abs/2606.31227 in a Space README.md to link it from this page.

Collections including this paper0

No Collection including this paper

Add this paper to acollectionto link it from this page.

Similar Articles

Securing the future of AI agents

Google DeepMind Blog

DeepMind introduces an AI Control Roadmap, a defense-in-depth framework for securing internal AI agents against potential misalignment, treating them as insider threats and implementing layered detection, prevention, and response measures.

Security on the path to AGI

OpenAI Blog

OpenAI outlines comprehensive security measures on the path to AGI, including AI-powered cyber defense, continuous adversarial red teaming with SpecterOps, and security frameworks for emerging AI agents like Operator. The company emphasizes proactive threat detection, industry collaboration, and security integration into infrastructure and models.

AI agent management tools by governance layer not by feature list

Reddit r/AI_Agents

An analysis highlighting that most enterprise AI agent security investments focus on model layer guardrails and observability, leaving critical gaps at the access and protocol layers. Citing a 2026 report, 75% of enterprise AI agents remain unsecured due to near-zero coverage in these layers.

Advancing red teaming with people and AI

OpenAI Blog

OpenAI publishes a white paper detailing their approach to external red teaming for AI models, outlining methods for selecting diverse red team members, determining model access levels, providing testing infrastructure, and synthesizing feedback to improve AI safety and policy coverage.