Pinaka is a security platform focused on monitoring and protecting AI agents and their associated infrastructure. It addresses the challenge of detecting changes and vulnerabilities in AI tools, prompts, and MCP (Multi-Component Platform) servers, aiming to catch security risks that may arise after initial deployment—issues that traditional point-in-time scans might miss. The platform continuously maps the tools, prompts, and servers accessible to AI agents, remembers their state, and alerts users when a component silently becomes dangerous or vulnerable. Each finding is accompanied by proof, allowing users to verify results rather than relying on trust alone.
Designed for teams shipping AI agents and MCP servers, Pinaka provides continuous attack surface mapping for domains, including subdomains, open ports, services, cloud assets, and exposed secrets. It integrates CVE correlation and monitors for drift by running automated scans every six hours. Platform capabilities include over 60 automated scanners, subdomain discovery from more than 14 sources, vulnerability scanning using over 7,000 Nuclei templates, CVE intelligence with EPSS scoring and CISA KEV tracking, and cloud asset discovery across S3, GCS, and Azure. The tool also performs secret scanning with validation and prioritizes risks using AI-powered exposure scoring.
Pinaka is designed to work inside environments such as Claude, Cursor, or any MCP client, allowing users to operate without switching contexts. The recon pipeline is fully automated, and monitoring is continuous. The platform emphasizes transparency and reproducibility, providing deterministic evidence for each finding, including the Pinaka Score and detection rules. Users can review exactly what was tested, what was found, and what was ruled out, all on their own assets, ensuring that source code never leaves their machine.
A free security check is available for domains, requiring no signup and delivering results in under a minute. Pinaka maps agent tools and MCP servers in code, flags risks according to OWASP MCP, LLM, and Agentic Top 10 standards, and has demonstrated real-world impact by discovering and responsibly disclosing vulnerabilities across enterprise targets.
pinaka-scan sits in PulseGate's Security & compliance platforms category. It focuses on detecting security vulnerabilities in project dependencies quickly and efficiently. It is built as an open-source project for developers. pinaka-scan is open source under the MIT license. The product ships for the web and the command line.
pinaka-scan first shipped in 2026. PulseGate's similarity index finds few close equivalents — pinaka-scan occupies a relatively distinct niche. Key capabilities include dependency scanning, vulnerability detection, and OSV.dev integration.
Latest indexed changes and source events
Other apps tracked under the same category.