pip install red-specter-idris
You know your human users. You don't know your AI agents. Non-human identities now outnumber human users 82 to 1 in enterprise environments. Shadow agents are deployed, forgotten, over-privileged, and unaccountable. You cannot defend what you cannot enumerate. IDRIS enumerates everything.
Developers deploy Slack bots, automation agents, LLM-powered tools, and MCP server integrations without central visibility. By the time security knows an agent exists, it has already been running for months with production access.
Every agent accumulates permissions over time. Database read. S3 write. GitHub token. OAuth delegation chain. Nobody traces what each agent can actually access. Over-privilege is universal. Escalation paths are unmapped.
Agents outlive the people who built them. The original developer left six months ago. The agent still runs. Nobody owns it. Nobody knows what it does. When it's compromised, nobody receives the alert.
EU AI Act, NIST AI RMF, and OWASP Agentic Top 10 require you to inventory and govern AI agents. 84% of organisations doubt they could pass an audit. IDRIS builds the evidence base the audit requires.
Agent A delegates to Agent B which calls Tool C which has access to Service D. The blast radius of a single compromised credential spans the entire chain. Nobody has mapped it. IDRIS maps it automatically.
Traditional asset management doesn't know what an AI agent looks like. It can't fingerprint LLM API traffic, parse MCP configs, or identify agentic patterns in cloud function deployments. IDRIS does all three.
Each module targets a distinct layer of the agent identity and governance problem. Together they produce a complete picture no single tool can deliver.
Continuously scans cloud, SaaS, and on-premises environments to discover every deployed agent — sanctioned or shadow. 10 discovery sources, LLM endpoint fingerprinting, API call pattern analysis.
Traces what each agent can access. Databases, APIs, code repos, production systems. Identifies over-privilege, orphaned credentials, and privilege escalation paths across 8 escalation rules.
Determines who created each agent, who owns it now, and whether they're still with the organisation. Maps ownership gaps — agents running with no accountable human are flagged critical.
Visualises the full relationship map. Agent-to-agent trust, delegation chains, permission maps, hidden transitive trust chains. Blast radius analysis — if this agent is compromised, what else is at risk.
Produces compliance-ready reports mapped to EU AI Act, NIST AI RMF, CSA AI Safety Initiative, OWASP Agentic Top 10, and UK AISI. Full gap analysis with remediation recommendations.
The unique capability no competitor can replicate. Feeds discovered agents directly into NEMESIS for adversarial validation. IDRIS finds it, NEMESIS proves it's exploitable. The loop closes.
IDRIS reaches every corner of your environment. Cloud platforms, SaaS integrations, CI/CD pipelines, container registries, git repositories, and raw network traffic — all scanned for agentic presence.
Discovery → Validation → Defence.
Nothing assumed known. Nothing assumed safe. Nothing assumed defended.
Every finding is mapped to the regulatory frameworks your auditors and legal teams will ask about. IDRIS doesn't just find gaps — it builds the audit evidence you need to close them.
IDRIS is the discovery and governance layer of NIGHTFALL. It feeds discovered agents directly into NEMESIS for adversarial validation and into AI Shield for runtime defence.
Every discovery module, every graph algorithm, every compliance checker — written from scratch in pure Python. No subprocess calls. No third-party scanners wrapped in a UI. Actual engineering from the ground up.
Red Specter IDRIS is intended for authorised security testing and governance activities only. Unauthorised scanning of environments you do not own or have explicit permission to assess may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.