Show HN: Heron is open-source security auditor that interviews your AI agents
github.comLast week security guy in our company asked me to write doc with information about how they work, which data and systems it touches for all my AI agents. "It's too much work" i thought. So i built Heron. It interviews your agent with 10 main questions and smart follow-ups if feel uncertainty. It also has regulatory flags (SOC2, GDPR, EU AI Act etc). As a result you get a full report with all needed information.
Feel free to try. No SDK, no code changes, MIT licensed. Have 4 modes (server, override, scan, skill). Would love feedback and PRs. I hope you find it helpful.
Repo: https://github.com/theonaai/Heron Can this be run a second time and compared against a previous audit? Curious, are you thinking about this for continuous monitoring,
or more for before/after comparison when agent get updated? Both. In my opinion, an agent has a life cycle and needs observability. It's true. Make sense Thanks for asking. Not yet, but it is in backlog. I will be doing this in the future. Hi, author here. Would love to answer any questions you have.