(R)AI Open Library

The open-source
tools RAI trusts.
And why.

Not a directory. Not a list. A vetted layer — every repo here has been reviewed by (R)AI against the full L-classification threat taxonomy. Curated for developers building in a world where the interaction layer matters.

Vetted repo

L0–L5

Threat coverage

Open

Submit yours

Vetted Library · May 2026

1 repo · growing

Pipelock

RAI Verified

AI agent firewall — intercepts, inspects, and gates agent actions before execution. Built by Joshua Waldrep / PipeLab as a runtime enforcement layer for agentic pipelines. Covers prompt injection at the agent boundary and credential scope leakage before outbound calls.

L0 · Prompt Injection

L2 · Credential / Exfil

ActionGate-relevant

Joshua Waldrep · PipeLab

Why (R)AI trusts it: Pipelock operates at the pre-execution gate — the same architectural position ActionGate enforces. Runtime interception rather than static analysis. The credential scope isolation pattern maps directly to (R)AI's L2 detection layer.

GitHub →

Your repo here

Submit an open-source AI security project for (R)AI review. We run it against the full L-classification taxonomy.

Submit for review →

⬡

L-classification

Every repo is mapped to (R)AI's threat taxonomy: L0 through L5, VCCE, ActionGate-relevant. Not vibes — layer-specific evidence.

◈

Runtime, not static

We prioritise tools that operate at the interaction layer — runtime interception, not pre-deploy scanning. Same architectural position as (R)AI.

✦

Open by default

MIT or Apache-2.0. Auditable. No black-box vetted repos — if we can't read it, we can't trust it, and neither can you.

◻

Maintained

Active commits in the last 90 days. Threat surfaces move fast. A repo that hasn't been touched since the threat class emerged isn't protection — it's theatre.

Submit for review

Built something
the interaction
layer needs?

(R)AI reviews open-source AI security tools against the full L-classification taxonomy. If it covers a real threat surface at the interaction layer, it belongs here.

What we don't list: output filters, content moderation wrappers, or anything that runs after the user has already been harmed.

Open source (MIT / Apache-2.0 or compatible)
Addresses at least one L-classification threat class
Runtime enforcement preferred over static analysis
Active maintenance (commits in last 90 days)
Documentation sufficient for (R)AI threat-layer mapping

Submit your repo →

go@withrai.xyz · subject: RAI Open Library Submission

The open-sourcetools RAI trusts.And why.

The open-source
tools RAI trusts.
And why.