Back to articles
Large Language Models

Diplomat-agent static scanner reveals 76% of tool calls in 16 open-source AI agent repos lack security guards

Hacker News · April 29, 2026

Diplomat-agent static scanner reveals 76% of tool calls in 16 open-source AI agent repos lack security guards

AI Summary

  • A Python tool called diplomat-agent scans codebases for unguarded AI agent tool calls—functions that write to databases, send emails, charge cards, or delete data. A scan of 16 open-source agent repositories found 76% of tool calls had zero checks (input validation, rate limiting, auth checks, confirmation steps, idempotency keys, or retry bounds).
  • The scanner runs in ~2 seconds on a 1,000-file repo using only Python's standard library AST module. It detects 40+ patterns across 8 categories (database writes/deletes, HTTP writes, payments, email/messaging, agent invocations, destructive commands, and publish/upload operations) and outputs results in Terminal, JSON, SARIF 2.1.0, CSAF 2.0, or Markdown formats.
  • The tool integrates into CI pipelines (to block unguarded PRs), IDEs (Copilot Chat, Claude Code, Cursor), pre-commit hooks, and GitHub Code Scanning. It also generates a toolcalls.yaml behavioral SBOM that documents what an agent can do, comparable to a requirements.txt file.
Read Original Article

Related Articles

DSCP Smart Fulfillment reports increased demand for hybrid e-commerce fulfillment as Amazon FBA fees rise by an average of $0.08 per unit in 2026.
Large Language Models

DSCP Smart Fulfillment reports increased demand for hybrid e-commerce fulfillment as Amazon FBA fees rise by an average of $0.08 per unit in 2026.

Yahoo Finance AI·Apr 29, 2026
OpenAI faces seven lawsuits over failure to report ChatGPT user linked to Canadian school shooting to law enforcement
Large Language Models

OpenAI faces seven lawsuits over failure to report ChatGPT user linked to Canadian school shooting to law enforcement

Ars Technica AI·Apr 29, 2026
ChatGPT's user growth is slowing as uninstalls surge, with downloads up only 14 percent year over year compared to Claude's 11x increase
Large Language Models

ChatGPT's user growth is slowing as uninstalls surge, with downloads up only 14 percent year over year compared to Claude's 11x increase

The Verge AI·Apr 29, 2026
IBM releases Granite 4.1 LLM family trained on ~15T tokens with five-phase pre-training pipeline and long-context extension to 512K tokens
Large Language Models

IBM releases Granite 4.1 LLM family trained on ~15T tokens with five-phase pre-training pipeline and long-context extension to 512K tokens

Hugging Face Blog·Apr 29, 2026
Large Language Models

Nvidia releases Nemotron 3 Nano Omni, a 30-billion-parameter open multimodal model trained on data from competing AI labs including Qwen, OpenAI, and DeepSeek.

THE DECODER·Apr 29, 2026

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free