Building with LangChain, OpenAI, LlamaIndex, or any other AI framework? Plug AI Sec Watch into your workflow so problems come to you — no need to check yet another dashboard.
Everything below is free and needs no account, except webhooks (which need an API key).
One config line lets your coding agent query AI Sec Watch while you work.
Drop the URL for your stack into Feedly or your favorite reader. No coding.
Paste one line of Markdown into your repo. Now everyone sees the risk level at a glance.
Add AI Sec Watch as an MCP server in Claude Code, Cursor, or Claude Desktop, and your coding agent can look things up for you inside the editor. Ask: "any critical prompt-injection issues in LangChain this month?" — no tab switching.
// Add to your mcp.json / .claude.json / Cursor config
{
"mcpServers": {
"aisecwatch": {
"type": "http",
"url": "https://aisecwatch.com/api/mcp"
}
}
}
// Then ask your agent:
// "Scan my stack — langchain and llama-index — for critical issues"
// "What's the latest daily AI security digest?"The simplest way to keep an eye on AI security: drop a URL into your RSS reader (Feedly, NetNewsWire, Slack's RSS app). Follow everything, or only the vendor / package your project uses.
Drop a live badge into your project README to show how many open issues touch your main dependency. Updates automatically every 5 minutes. Three variants: by vendor, by package, or by specific CVE.
  
Send a list of your packages and vendors, get back every matching open issue plus a severity count. One call, no chained filters. Perfect for a pre-deploy sanity check or a weekly GitHub Action.
# Check your AI dependency stack
curl -X POST "https://aisecwatch.com/api/v1/scan" \
-H "Content-Type: application/json" \
-d '{
"packages": ["langchain", "llama-index"],
"vendors": ["OpenAI", "Anthropic"],
"severityMin": "high"
}'
# Response includes matching issues + a severity histogram:
# { "meta": { "bySeverity": { "critical": 3, "high": 42, ... } } }When you need more control: query issues, sources, and stats with filters and pagination. JSON in, JSON out. No auth required for reads. CORS open — works from a browser too.
# Fetch recent critical AI security issues curl "https://aisecwatch.com/api/v1/issues?severity=critical&limit=10" \ -H "Accept: application/json" # Filter by package or vendor curl "https://aisecwatch.com/api/v1/issues?package=langchain" curl "https://aisecwatch.com/api/v1/issues?vendor=OpenAI"
Need the data for analysis in Excel, pandas, R, or a notebook? Download the full dataset in CSV, JSON, or JSONL. Includes 44 structured fields per issue. Licensed CC-BY-4.0 for research use.
# Export issues as CSV curl "https://aisecwatch.com/api/issues/export?format=csv" \ -o aisecwatch-export.csv
Want a push notification the instant a critical issue lands? Register a webhook URL and we'll POST new issues to it as they arrive. Requires a public server to receive the POST and an API key to register. Each payload is signed so you can verify it came from us.
# Register a webhook (requires WEBHOOK_API_KEY)
curl -X POST "https://aisecwatch.com/api/v1/webhooks" \
-H "Authorization: Bearer YOUR_WEBHOOK_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-server.com/webhook",
"filters": { "severity": "critical", "llmSpecific": true }
}'
# We POST new issues to your URL with a signed header:
# X-Webhook-Signature: sha256=a1b2c3d4e5...Want alerts in your team's Slack channel? Use the webhook above, then bridge it to a Slack Incoming Webhook with a small Cloudflare Worker (or any serverless function). Template below — customize the formatting to taste.
// Cloudflare Worker: AI Sec Watch -> Slack bridge
export default {
async fetch(request) {
const payload = await request.json();
const { issue } = payload;
const severity = issue.severity.toUpperCase();
const emoji =
severity === "CRITICAL" ? ":rotating_light:" :
severity === "HIGH" ? ":warning:" : ":information_source:";
await fetch(SLACK_WEBHOOK_URL, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
blocks: [
{
type: "section",
text: {
type: "mrkdwn",
text: `${emoji} *${severity}*: <${issue.url}|${issue.title}>`,
},
},
],
}),
});
return new Response("OK", { status: 200 });
},
};Same pattern as Slack, but for Discord channels. A small serverless function forwards our webhook payload to a Discord Incoming Webhook with color-coded embeds.
// Cloudflare Worker: AI Sec Watch -> Discord bridge
export default {
async fetch(request) {
const payload = await request.json();
const { issue } = payload;
const colors = {
critical: 0xff0000, high: 0xff8c00, medium: 0xffd700,
low: 0x00bfff, info: 0x808080,
};
await fetch(DISCORD_WEBHOOK_URL, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
embeds: [{
title: issue.title,
url: issue.url,
color: colors[issue.severity] || 0x808080,
fields: [
{ name: "Severity", value: issue.severity, inline: true },
{ name: "Type", value: issue.issueType, inline: true },
],
}],
}),
});
return new Response("OK", { status: 200 });
},
};If your organization runs a threat intelligence platform (MISP, OpenCTI, ThreatConnect), we expose issues as a STIX 2.1 bundle — the standard format those tools ingest. If you don't know what STIX is, you don't need this one.
# Fetch a STIX 2.1 bundle of the last 7 days of issues curl "https://aisecwatch.com/api/v1/issues/stix?days=7" \ -H "Accept: application/json"
Pick one thing. Subscribe to the RSS feed for your main AI dependency — that alone puts you ahead of most teams. The rest can wait until you actually need it.