Every security tool in the ARX platform was built on the shoulders of open source. We don't invent the scanner — we ship with the governance layer on top of it.
Our connectors speak to 101 institutional platforms: CrowdStrike, Splunk, Palo Alto, Wiz, Okta, and dozens more. But we've spent the last quarter plugging into another roster entirely — 22 open source security tools that are quietly becoming the baseline for how enterprises actually build.
We're shipping the open-source connector network because the architecture of the modern security program looks like this: a core of institutional platforms, wrapped around by the hardest-working engineers building point solutions that don't exist in the market yet. That open source piece — your internally-built triage agent, the vulnerability correlation pipeline you wrote over a weekend, the AI-powered security orchestrator your team prototyped — that is where the real innovation lives.
The Problem We Solve
Open source tools die in enterprise procurement for one reason: they have no governance layer. No SOC 2 certification. No audit trail. No RBAC. No compliance documentation. The CISO wants compliance-grade visibility. The vendor's internal tool has none. The tool fails security review. The engineer moves on. The open source project loses a customer it never knew it had.
It's not a fault of the open source tool. It's a fault of enterprise infrastructure expectations. But it means the best security innovations — the ones not yet productized by vendors — never make it out of the lab.
What We're Doing About It
We are offering free ARX infrastructure to any organization deploying open source security tooling.
You bring the OSS tool. Any of the 22 we've published connectors for — or any other. ARX wraps it with everything enterprises expect: SOC 2-certified infrastructure, secrets management, immutable audit logging, RBAC, behavioral controls, human approval gates, and auto-generated compliance documentation. Your tool goes from "interesting research project" to "enterprise-deployable security automation" in under 10 minutes.
For free. For as long as you're running the open source version. No credit card, no freemium upsell, no ticking clock. The governance layer should not be the reason a free tool loses to a commercial one.
The Open Source Connectors
We've published connectors for 22 open source tools across five categories:
AI red-team scanners (garak, promptfoo, PyRIT, Purple Llama, ai-scanner). Testing frameworks for LLM safety and adversarial robustness.
Agent posture & runtime (agentic-radar, agentfence). Observability and guardrails for deployed agents.
HTTP pentest (reaper). API security scanning and fuzzing.
Autonomous pentest orchestration (pentest_agent + 8 provider implementations: pentagi, strix, PentestGPT, hexstrike-ai, tachi, shannon, and others). Multi-provider frameworks for continuous pentesting workflows.
Targets, benchmarks, and research (damn-vulnerable-llm-agent, ai-goat, agentdojo, seclab-taskflow-agent). Datasets and reference implementations for security validation.
Browse the full roster at app.arxsec.io/open-source.
How to Claim Free Support
If you're running an open source security tool, or you want to deploy one, we want to talk. Email mershard@arxsec.io and tell us what you're building. We'll spin up a 14-day workspace, ingest your tool, and show you what governance looks like for your specific use case.
No procurement. No legal. No waiting. The conversation is 30 minutes. By day 14, your tool is running in SOC 2 infrastructure with full audit visibility, and your CISO has a compliance package PDF they can hand to any customer audit or regulator.
Open source security is not a limitation waiting to be productized. It is the forward edge of how security actually works. The only thing standing between open source tools and enterprise deployment is governance infrastructure. We're removing that obstacle.
— Mershard J.B. Frierson, Founder · ARX · mershard@arxsec.io · 945-372-8711