mantis: A Modular Toolkit of Security Review Skills for AI Coding Agents
This repository hosts Mantis, a modular and stack-agnostic toolkit developed by Google, designed for AI coding agents to autonomously find, reproduce, and patch vulnerabilities. It provides a sequential set of skills (e.g., `/mantis-plan`, `/mantis-researcher`, `/mantis-reproduce`, `/mantis-patch`) that can be adapted to various domains like hardware, infrastructure as code, or ML pipelines. The toolkit emphasizes a structured pipeline including repository history analysis, architecture summarization, threat modeling, multi-threaded security scanning, deduplication, review, critic validation, crash reproduction in sandboxes, exploit chaining, patching, risk calibration, reflection, and report generation. It comes with strong safety warnings, recommending use only in isolated environments and requiring manual verification of all findings. The project is not an official Google product and is intended for demonstration and adaptation, with future plans for skill self-improvement and integration into AI-driven "dark factory" development pipelines.
Comments
Post a Comment