Aigent.ly
Free & Open Source

Your AI coding tool writes fast. It also writes vulnerabilities.

Aigent.ly is a free, open-source MCP server that injects live CVE-backed guardrails into Cursor, Claude Code, Windsurf, and Copilot — so your AI enforces this week's security rules, not last year's training data.

Try the ComposerBrowse the threat feed
see it in action

click to play · real 2026 cves · before / after plan comparison

LIVE:CVE FEED UPDATED DAILY FROM NVD · GHSA · CISA KEV · OSVALERT:PROMPT INJECTION & TOOL ABUSE IN AI AGENTSFREE:OPEN-SOURCE MCP SERVER — WORKS IN CURSOR · CLAUDE CODE · WINDSURFLIVE:100+ CVE-LINKED THREATS TRACKED ACROSS 6 STACKS
LIVE:CVE FEED UPDATED DAILY FROM NVD · GHSA · CISA KEV · OSVALERT:PROMPT INJECTION & TOOL ABUSE IN AI AGENTSFREE:OPEN-SOURCE MCP SERVER — WORKS IN CURSOR · CLAUDE CODE · WINDSURFLIVE:100+ CVE-LINKED THREATS TRACKED ACROSS 6 STACKS
MVP

Pick your stack

Six launch stacks with certified rules and verified CVE linkage — browse posture and rules for each.

View all stacks and coming soon

Who this is for

Four real stories

If one of these sounds like your team, you are the audience for a rules-first security layer on top of AI IDEs.

The solo founder

Building fast, sleeping worried.

Shipping a SaaS with an AI IDE. No dedicated security hire. Needs production-grade defaults without becoming a part-time AppSec team.

The junior dev

The model looks right.

Ships features quickly with agent assistance. Wants guardrails that catch the subtle foot-guns that static vibes miss.

The senior engineer

Standardizing AI-assisted PRs.

Onboarding a team onto Cursor or Copilot. Needs one ruleset baseline so AI-generated diffs meet the same bar as hand-written code.

The technical PM

Audit season after AI acceleration.

Product shipped fast with agent help. Now facing pen test or SOC 2. Needs to map exposure and close gaps with evidence, not vibes.

Ready to try it? Browse rules or pick a stack.

The job to be done

Under one minute

Five steps from stack to live guardrails — each links where it helps.

  1. 01
    Add the MCP server to your IDE

    One npx line in your IDE's MCP config. Cursor, Claude Code, Windsurf, Copilot, and Cline all supported. No API key required.

  2. 02
    Try the Rule Composer

    Pick your stack and IDE — the Composer generates a ready-to-paste guardrail file in under a minute. Copy it into your project.

  3. 03
    Browse the threat feed

    100+ CVEs tracked across 6 launch stacks, updated daily from NVD, GHSA, CISA KEV, and OSV. Each CVE links to its advisory.

  4. 04
    Contribute a stack

    Open-source pipeline. Add a stack to the registry, submit CVE pattern improvements, or propose new rules — the catalog is community-driven.

Free MCP Server

Inject live security rules into any AI IDE.

One config line. No API key. No database. The MCP server reads the open-source catalog — updated daily from four public CVE sources — and delivers the right guardrails automatically as you code.

Get your guardrail fileView on GitHub
mcp.json
{
  "mcpServers": {
    "aigently": {
      "command": "npx",
      "args": ["-y", "@aigently/mcp-server"],
      "env": { "AIGENTLY_TARGET_IDE": "cursor" }
    }
  }
}

Change AIGENTLY_TARGET_IDE to: Cursor · Claude Code · Windsurf · Copilot · Cline

Zero-latency — reads local JSON, no network call at runtime

Daily CVE updates committed automatically by the pipeline

Community-grown — open stack registry, open rule pipeline

No telemetry, no API key, no account required

136Verified threats (launch stacks)

Distinct CVE-level rows linked to MVP launch stacks in Postgres.

6Launch stacks covered

Next.js, Express, FastAPI, NestJS, Nuxt, React SPA — fully guardrailed.

5Threat intelligence sources

NVD, GHSA, CISA KEV, OSV, and npm Audit — all public, no login required.

$0Free & Apache-2.0

MCP server, catalog data, and pipeline are fully open source.

LIVE THREAT INTELLIGENCE

Top critical threats — this week

Real CVEs from NVD, GHSA, and OSV — verified and linked to your stack.

View all 519 threats →
high
CVE-2026-44494May 2026

axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

React SPA
high
CVE-2026-45109May 2026

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

Next.js
high
CVE-2026-44579May 2026

Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components

Next.js
high
CVE-2026-44575May 2026

Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js
high
CVE-2026-44574May 2026

Next.js has a Middleware / Proxy bypass through dynamic route parameter injection

Next.js
high
CVE-2026-23870May 2026

Facebook React has a Denial of Service Vulnerability in React Server Components

Next.js
high
CVE-2026-42264May 2026

Axios has prototype pollution read-side gadgets in HTTP adapter that allow credential injection and request hijacking

React SPA
high
CVE-2026-23869Apr 2026

React Server Components have a Denial of Service Vulnerability

Next.js
high
CVE-2026-33131Mar 2026

h3 has a middleware bypass with one gadget

Nuxt
high
CVE-2026-33128Mar 2026

h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields

Nuxt
Get guardrails for your stack →
Why it matters

Three differences vs. raw AI IDEs

01

Free MCP server

One config line in your IDE. The MCP server auto-detects your stack and injects the right CVE rules into every generation — zero ongoing setup.

Explore
02

Live CVE threat feed

LLM training is frozen in time. Aigent.ly pulls daily from NVD, GHSA, CISA KEV, and OSV — so your guardrails reflect what's actively exploited right now.

Explore
03

Community-powered catalog

Open-source data, open-source pipeline. Contributors add stacks, sharpen CVE patterns, and propose new guardrail rules — the catalog grows with the community.

Explore
Composer (post-MVP)

Build your agent's guardrails in seconds.

Today: pick a stack and install the certified rule from the directory. Composer returns later for layered exports across IDEs.

Pick your stack
Preview: stack + IDE + layers