AI pentester for PRs — finds exploitable bugs and hands your coding agent the fix.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-apxlabs-ai-niro": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A PR adds a saved-search feature to your app. Niro reports 4 cross-tenant data leaks in under 6 minutes for $2.84 in model spend. Your coding agent writes a regression test for each, patches the code, and re-runs Niro to verify the fix. The PR goes green.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP server for Atomic Red Team
MCP Security Weekly
Get CVE alerts and security updates for io.github.apxlabs-ai/niro and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Security that keeps up with your developers.
Niro Community Edition pentests your running application and opens review-ready fix PRs with security regression tests, so security fixes land as normal pull requests.
Today, a pentest starts with a handoff: prepare a runtime, define scope, gather credentials and fixtures, wait for findings, triage them, reproduce them, write tests, and make the fix. By the time it becomes merged code, weeks or months can pass and several people have touched the work.
Meanwhile, the codebase has already moved on. AI coding tools make that gap wider: teams are shipping more code than security can review.
AI has made code faster to ship and harder to trust.
| Signal | What it means |
|---|---|
| 85% say AI has shifted the bottleneck from writing code to reviewing and validating it [1] | Speed is no longer the hard part. Trust is. |
| 90% of security leaders report concern about AI-generated software risk [2] | AI-written code is now a security governance problem, not just a developer productivity story. |
Niro collapses app setup, pentesting, and fixing into one repo-native loop. Instead of handoffs across several people, Niro brings up the app, tests it, and opens PRs that fix security issues with security regression tests. Work that can take weeks or months and touch several people can start landing in hours.
scope.yaml, so the pentest engine can only reach approved targets.niro.yaml to control time, cost, and
concurrency.niro.yaml.Need governance, audit, compliance controls, or enterprise deployment support? Talk to APX Labs about Niro Enterprise.
Pentest an application from your machine:
git clone https://github.com/<your-org>/<your-repo>.git
cd <your-repo>
curl -fsSL https://raw.githubusercontent.com/apxlabs-ai/niro/main/install.sh | sh
niro init
claude "Pentest this application and create PRs."
See Run Niro for Windows installation, prerequisites, CI, and other coding-agent examples.
Niro runs locally or in CI, and can target a whole app, a focused scope, or a pull request.