AI Security for Agentic Development

Security built
for how you
build with AI

Scan MCP servers, agent skills, secrets, and infrastructure. Generate compliance-grade threat models. Ship confidently — directly from Claude Code, Cursor, or VS Code.

Works with Claude Code Cursor Windsurf VS Code Goose

Start for free → Read the docs

// MCP security scan

.cursor/mcp.json

$ arcwall_scan_mcp
Scanning MCP configs...
✓ Trust boundaries identified: 3
✓ External servers detected: 4

🔴 CRITICAL — Prompt Injection
  fetch_data tool description overrides
  agent behavior · OWASP LLM01

🟠 HIGH — Unrestricted Filesystem
  filesystem server grants access to /
  CWE-732 · NIST AC-6

✓ Scan complete
✓ Security lead notified
✓ SOC2 CC8.1 · NIST SI-10 mapped

$

⬡ MCP Security Scanner

⬡ STRIDE Threat Modeling

⬡ Secrets Detection

⬡ IaC Security

⬡ API Security Scanner

⬡ LLM Prompt Testing

⬡ SOC 2 Compliance Mapping

⬡ NIST SP 800-53

⬡ ITSG-33 Mapping

⬡ Security Lead Workflow

⬡ PDF Evidence Export

⬡ GitHub Actions CI/CD

⬡ Agent Instruction Security

⬡ Pre-Commit Security Check

⬡ MCP Security Scanner

⬡ STRIDE Threat Modeling

⬡ Secrets Detection

⬡ IaC Security

⬡ API Security Scanner

⬡ LLM Prompt Testing

⬡ SOC 2 Compliance Mapping

⬡ NIST SP 800-53

⬡ ITSG-33 Mapping

⬡ Security Lead Workflow

⬡ PDF Evidence Export

⬡ GitHub Actions CI/CD

⬡ Agent Instruction Security

⬡ Pre-Commit Security Check

What we do

Security for the
agentic era

The tools developers use changed. The security layer hadn't caught up — until now.

01 / AI Security

Scan every layer of your AI stack

MCP servers, agent skills, plugins, AI-generated code, secrets, and LLM prompts — scanned against OWASP LLM Top 10 and MITRE ATLAS automatically.

02 / Compliance

Evidence your auditors will accept

Every finding mapped to SOC 2, ISO 27001, NIST SP 800-53, and ITSG-33. Security lead approval workflow and one-click PDF export built in from day one.

03 / Developer Native

Where developers actually work

Lives inside Claude Code, Cursor, Windsurf, and VS Code. Scans run in your AI coding sessions. Results sync to your security team without context switching.

What Arcwall scans

Nine scanners.
One platform.

From MCP configs to Terraform files — every layer of your AI development stack covered automatically.

🔌

MCP Configs

Prompt injection, excessive permissions, unverified server origins

OWASP LLMMITRE ATLAS

🤖

Agent Skills

CLAUDE.md, .cursorrules — injection vulnerabilities, dangerous capabilities

OWASP LLM01LLM08

💬

LLM Prompts

System prompts — injection risks, missing guardrails, jailbreak vectors

OWASP LLM01CWE

🔑

Secrets & Credentials

API keys, passwords, private keys, connection strings before they leak

CWE-798ASVS V2

🧠

AI-Generated Code

Security anti-patterns in AI-generated code — missing validation, insecure defaults

CWEOWASP ASVS

☁️

Infrastructure as Code

Terraform, Docker, Kubernetes, CloudFormation misconfigurations

CISNIST CM-6

🔗

API Security

OpenAPI and Swagger specs — broken auth, excessive data exposure

OWASP API

🧩

Plugin Manifests

ai-plugin.json, openapi.yaml — missing auth, insecure design

OWASP LLM07

📥

SARIF Import

Semgrep, Trivy, GitHub GHAS, Checkov, CodeQL — unified in one dashboard

SARIF 2.1

Learn more about the MCP server →

Architecture Review

Threat model your AI
system in 60 seconds.

Upload your architecture diagram or answer 8 questions. Arcwall generates a complete STRIDE threat model — attack vectors, trust boundaries, mitigations, and compliance control mapping. No security expertise required.

→ Full STRIDE threat model

→ MITRE ATLAS and OWASP LLM mapped

→ SOC 2, NIST, ISO 27001 evidence

→ PDF export for auditors

Run a free threat model →

STRIDE Threat Model

Critical

Prompt Injection via Tool Description

MCP Server · payments-api · T — Tampering

High

Excessive Filesystem Permissions

MCP Server · filesystem · E — Elevation of Privilege

Medium

Missing Input Validation

Agent · claude-code · S — Spoofing

12 findings · 4 frameworks mapped · PDF ready

For Security Teams

Your developers are building
with AI agents every day.

Do you know what MCP servers they have installed? What secrets they might be exposing? What their AI architecture looks like?

Visibility

See every AI asset

Arcwall discovers MCP servers, agent configs, secrets, and AI dependencies across your entire GitHub organization automatically.

Oversight

Approve and govern

Security lead approval workflow for every finding. Full audit trail. Know what your team ships before it reaches production.

Evidence

Board-ready reports

Generate a quarterly security posture report in 30 seconds. Compliance evidence for SOC 2 and NIST exported automatically.

Start team trial →

Where we are going

Built for where AI security
is going.

Arcwall is building the AI Security Posture Management platform for organizations building with agentic AI. From developer-native scanning today to full AI-SPM — continuous posture monitoring, behavioral detection, adversarial simulation, and AI agent identity.

Every feature we ship today is a step toward a platform where a CISO can prove to their board that their AI development stack is secure — automatically.

How it works

Fits your workflow.
Not the other way around.

No new tools to learn. No dashboards to check manually. Security becomes part of how you already build.

Install once

Add the VS Code extension or drop the MCP server into your Claude Code, Cursor, or Windsurf config. Five minutes. Done.

Scan automatically

Arcwall scans your code, MCP configs, secrets, and infrastructure as you build. Findings surface in your conversation — no manual triggers.

Ship with evidence

Every finding mapped to SOC 2, NIST, and ITSG-33. Security lead reviews findings. PDF exported for auditors. No manual compliance work.

Start securing your
AI development stack

50 free scans per month. No credit card required.
Works with Claude Code, Cursor, Windsurf, and VS Code.

Free forever · No credit card · Cancel anytime

Security builtfor how youbuild with AI

Security for theagentic era