MEDUSA: AI-First Security Scanner for LLM Apps, Agents, and Supply Chains
MEDUSA is a zero-setup AI security scanner with 9,600+ detection patterns. Scan code, repos, and AI pipelines for CVEs, prompt injection, and supply chain attacks. Works offline. Exports to SARIF, JSON, HTML.
What is MEDUSA?
MEDUSA is a command-line security scanner built specifically for AI-powered applications. It detects vulnerabilities in LLM integrations, agent frameworks, RAG pipelines, MCP servers, and traditional codebases—using over 9,600 purpose-built detection patterns.
No external dependencies. No complex configuration. Install via pip, run a command, get actionable results.
How it works
- Install:
pip install medusa-scanner - Scan a local project:
medusa scan ./my-ai-app - Or scan a remote repo:
medusa scan --git https://github.com/user/repo - Review findings in-terminal or export to JSON, HTML, Markdown, or SARIF
MEDUSA analyzes code structure, dependency trees, configuration files, and prompt templates. It flags known CVEs (Log4Shell, Spring4Shell, XZ Utils, LangChain RCE, MCP-Remote RCE), detects repo poisoning attempts, identifies insecure AI editor configs, and spots prompt injection vectors—without requiring you to install nmap, semgrep, or any other external tool.
Core capabilities Or Features
- AI/ML-specific detection: Patterns for LangChain, LlamaIndex, Haystack, AutoGen, CrewAI, and custom agent loops
- Supply chain defense: Identifies weaponized editor configs (.cursorrules, .cline, .mcp.json, .env) across 28+ file types
- CVE coverage: 200+ high-impact vulnerabilities, including recent LLM framework RCEs and infrastructure exploits
- Git repo scanning: Remote repository analysis for CI/CD integration or third-party audit workflows
- Parallel execution: Multi-core processing delivers 10–40x speed gains over single-threaded scanners
- Smart caching: Skips unchanged files on rescans, cutting repeat analysis time dramatically
- IDE-aware: Recognizes context files from Claude Code, Cursor, VS Code, and Gemini CLI setups
- Report flexibility: Export findings in SARIF (for GitHub Advanced Security), JSON (for automation), or human-readable HTML/Markdown
- Hardened output: Credentials stripped from logs, code snippets truncated, XSS-escaped reports, symlink traversal blocked
Recent hardening (v2026.5.2)
This update focuses on scanner integrity and report safety:
- Auth tokens in git URLs no longer appear in console or log output
- HTML reports sanitize dynamic content to prevent stored XSS
- Symlinks are skipped during traversal to block path traversal attempts
- Code snippets in reports capped at 200 characters to avoid leaking secrets
- Extensionless AI context files (.cursorrules, .env) now fully parsed
- Cache logic corrected to return actual prior findings on rescans
- Invalid regex in custom rules triggers a warning instead of crashing
Why teams adopt MEDUSA
- Zero friction: Works immediately after pip install. No Docker, no system packages, no API keys.
- AI-native coverage: Most SAST tools miss LLM-specific risks. MEDUSA's ruleset is built for agent loops, tool-calling patterns, and prompt handling logic.
- Supply chain visibility: Catches poisoned repo configs before they reach production—critical for teams using AI-assisted development.
- Compliance ready: SARIF export integrates with GitHub Code Scanning, GitLab SAST, and enterprise GRC pipelines.
- Cross-platform: Runs natively on Windows, macOS, and Linux. No WSL or container overhead required.
Quick start
# Install
pip install medusa-scanner
# Scan local code
medusa scan ./project
# Scan remote repo
medusa scan --git https://github.com/org/repo
# Export to SARIF for CI
medusa scan ./app --format sarif --output results.sarif
# Use project config
medusa scan ./app --config .medusa.yml
Bottom line: If you're building with LLMs, agents, or AI tooling, generic SAST tools won't catch the risks unique to your stack. MEDUSA fills that gap—fast, local, and purpose-built. No cloud calls. No bloat. Just scan, fix, ship.
Pantheon-Security
