Tessera

Tessera is an open-source tool built to help test the security of artificial intelligence systems. It offers a way to check AI models and applications against common security risks, following guidelines from OWASP, a well-known security organization. Tessera provides 42 automated tests that look at different areas like model security, application security, infrastructure security, data rules, and the security of AI agents.

Benefits

Tessera helps organizations make sure their AI systems are secure and meet important rules. It is the first framework to fully cover the OWASP Agentic AI Top 10, which are key security challenges for AI agents. The tool uses a method of attacking, measuring, and defending to find security weaknesses. It can identify issues and score them as PASS, WARN, FAIL, or ERROR. Tessera works with many different AI models and providers, making it flexible for various setups.

Use Cases

This framework can be used to meet regulatory requirements, such as those from the EU AI Act, NIST AI RMF, SOC 2, and ISO 27001. It helps ensure compliance by mapping its tests to specific legal and industry standards. Tessera can be set up easily using a command-line tool, Docker Compose, or Kubernetes. It can also be integrated into development workflows like GitHub Actions. The tool includes a web interface for managing security tests and viewing results.

Vibes

Tessera is recognized for its broad range of security tests, covering more OWASP standards than some alternatives. Its focus on Agentic AI security, support for both language models and computer vision models, and its open-source nature are seen as key advantages.

Additional Information

Tessera is an open-source project released under the Apache 2.0 license. Its architecture is designed to be modular, with separate parts for its web interface, API, and scanning engine. This allows for flexibility and scalability in how it is used and deployed.