Breach? Get Help Now
Log in
Get a Demo
ZAK — The Agent Framework Built for Cybersecurity | Zeron
Open source · Apache 2.0 · Star on GitHub

The agent framework
built for cybersecurity

Define agents in YAML. Run them with six guardrails. Govern them across tenants. Python, Node.js, and Go.

See It in Action GitHub
Use Cases

Real workflows. Real automation.

ZAK agents handle the repetitive, high-volume security work so your team can focus on what matters.

CVE Triage

Ingest CVE feeds, prioritize by business context and asset criticality, auto-create remediation tickets.

Ingest CVEs Correlate Assets Score & Rank Create Tickets

Risk Quantification

Pull asset inventory, calculate FAIR-based risk scores, generate executive-ready reports automatically.

Asset Inventory FAIR Model Risk Scores Report

AppSec Scanning

Trigger SAST and SCA scans, deduplicate findings across tools, route actionable results to code owners.

Trigger Scans Deduplicate Enrich Context Route to Owners

Compliance Audit

Map controls to evidence sources, identify gaps against frameworks, produce audit-ready documentation.

Map Controls Collect Evidence Gap Analysis Audit Report
How It Works

Four steps to your first agent.

Define, implement, validate, and run — see each step come to life.

1

Define

YAML schema
2

Implement

Python agent
3

Validate

Schema & guardrails
4

Run

In tenant context
ZAK — Agent Definition
NEW AGENT
SCHEMA
PREVIEW
Agent Name
risk_quant
Domain
risk_quantification
LLM Provider
anthropic / claude-sonnet-4-6
Tenant
acme
Tools
fetch_assets calc_risk gen_report
Guardrails
max_tokens: 4096 require_approval sandbox 
# Generated US-ADSL
name:      risk_quant
version:   "1.0"
domain:    risk_quantification
tenant:    acme

llm:
  provider: anthropic
  model:    claude-sonnet-4-6

tools:
  - fetch_assets
  - calc_risk
  - gen_report

guardrails:
  max_tokens:       4096
  require_approval: true
  sandbox:          true
from zin_adk import BaseAgent, zak_tool

class RiskAgent(BaseAgent):

    @zak_tool("Fetch asset inventory")
    def fetch_assets(self, tenant):
        return self.sif.query(
            "assets", tenant=tenant
        )

    @zak_tool("Calculate FAIR risk")
    def calc_risk(self, asset_id):
        return self.risk_engine.fair(
            asset_id
        )

    @zak_tool("Generate report")
    def gen_report(self, scores):
        return self.reporter.pdf(
            scores
        )
fetch_assets
Query SIF graph for asset inventory by tenant namespace
Sandboxed Audit Logged
calc_risk
Run FAIR model against an asset to produce quantified risk score
Sandboxed Audit Logged
gen_report
Generate executive-ready PDF from calculated risk scores
Sandboxed Approval Required
Validation Progress6 / 6 passed
US-ADSL Schema

All required fields present and correctly typed

LLM Provider

anthropic/claude-sonnet-4-6 configured and reachable

Tools Registered

3 tools found: fetch_assets, calc_risk, gen_report

Token Limit

max_tokens guardrail set to 4096

Approval Gate

require_approval enabled — human-in-the-loop active

Sandbox Mode

Tool execution sandboxed — no direct system access

✓ All 6 checks passed — agent ready to deploy
342
Assets Scanned
7.4
Avg Risk Score
8.2s
Duration
0
Violations
Live Agent Log
00:00.0[risk_quant]Agent loaded — v1.0 · tenant: acme
00:00.1[policy]6 guardrails active · sandbox: on
00:01.2[fetch_assets]Querying SIF graph → 342 assets returned
00:03.8[calc_risk]QBER/FAIR model computed for 342 assets
00:07.1[gen_report]Executive report generated → report.pdf
00:08.2[risk_quant]✓ Completed — 3 tool calls · 0 violations
📄
report.pdfExecutive risk report · 12 pages · 248 KB
📋
audit.logComplete audit trail · 47 entries · 18 KB
Why ZAK

Built for security. Not bolted on.

Generic agent frameworks weren't designed for cybersecurity. ZAK was.

Capability ZAK LangChain CrewAI AutoGen
Declarative agent schema (YAML)
Security-domain guardrails (sandbox, approval gates) DIY basic Docker
Multi-tenant namespace isolation
Built-in audit logging (every tool call) via LangSmith external external
Security Intelligence Graph (SIF)
Policy engine enforced on every tool call
Pre-built cybersecurity domain agents

Before & after ZAK

Watch each pain point transform into its solution.

click to flip
Without ZAK
Hours triaging CVEs manually each morning
click to flip
With ZAK
vuln_triage agent auto-ingests CVE feeds, correlates with your SIF asset graph, and creates prioritized Jira tickets
click to flip
Without ZAK
Risk tracked in spreadsheets, outdated by noon
click to flip
With ZAK
risk_quant agent runs FAIR models via @zak_tool decorator, outputs executive PDF reports on demand
click to flip
Without ZAK
Copy-paste between 12 different security tools
click to flip
With ZAK
Define agent workflows in US-ADSL YAML — one schema orchestrates tools, LLMs, and guardrails
click to flip
Without ZAK
Compliance evidence gathered weeks before audit
click to flip
With ZAK
AuditLogger records every tool call, LLM decision, and policy check — audit trail is always current
click to flip
Without ZAK
No guardrails on LLM tool access
click to flip
With ZAK
PolicyEngine enforces 6 runtime guardrails — token limits, sandbox, approval gates — on every @zak_tool call
click to flip
Without ZAK
Siloed context — every tool starts from scratch
click to flip
With ZAK
SIF Graph persists assets, vulns, risks, and vendors — agents read and write shared context across sessions
Get Started

One install. Three languages.

pip install zin-adk
0Languages
supported
0Runtime
guardrails
0Enterprise
agents
FAQ

Common questions

ZAK is an open-source Agent Development Kit purpose-built for cybersecurity. Unlike generic frameworks like LangChain or CrewAI, ZAK includes a PolicyEngine that enforces 6 guardrails on every @zak_tool call, a Security Intelligence Fabric (SIF) graph for persistent security context, multi-tenant namespace isolation, and pre-built agents for risk quantification, vulnerability triage, and application security.
ZAK's PolicyEngine enforces: max token limits, sandbox mode for isolated tool execution, require_approval gates for human-in-the-loop review, allowed tool whitelists, tenant namespace isolation, and complete audit logging on every tool call. These are defined in your agent's YAML schema and enforced at runtime — they cannot be bypassed.
Install via pip install zin-adk (Python), npm install zin-adk (Node.js), or Go. Then scaffold your first agent with zak init --name "My Agent" --domain my_domain, validate with zak validate, and run with zak run agents/my-agent.yaml --tenant my_org.
The Security Intelligence Fabric (SIF) is a persistent knowledge graph that stores and correlates security entities — assets, vulnerabilities, risks, vendors, and compliance controls. Agents read from and write to the SIF, enabling shared context across sessions. This means a vuln_triage agent's findings are automatically available to the risk_quant agent without manual data passing.
ZAK is free and open-source under the Apache 2.0 license. The open-source edition includes 4 built-in agents (risk_quant, vuln_triage, appsec, generic), the full PolicyEngine, SIF Graph, and multi-tenant isolation. ZAK Enterprise adds 19+ specialized agents, a real-time operational dashboard, RBAC, executive reporting, and SSO integration.
ZAK's LLM Router supports OpenAI, Anthropic, Google, and Ollama (for local/self-hosted models). You specify the provider and model in your agent's YAML definition, and ZAK handles routing, token management, and ReAct reasoning automatically.

Ready to automate your
security workflows?

One install. Three languages. Infinite possibilities.
Open source. Apache 2.0. Forever.

Get Started Star on GitHub
Hello there!
Access the full technical paper detailing graph-based AI reasoning for cyber risk decisions.
Download the Whitepaper
Building Cybersecurity Agents
1st April 2026 | Bangalore, India
Build real-world cybersecurity agents with Zeron ADK, from concept to execution in a day.