GitHub Top 10: AI security breaks out
2026/7/5 · 20:21

GitHub Top 10: AI security breaks out

This week's GitHub Trending top 10 is led by Strix, an AI penetration-testing framework, and the broader list spans agent-operable tools for security, routing, privacy, 3D, auth, meetings, video, and browser automation.

This week's GitHub Trending top 10 is mostly an agent-tooling list, but the lead item is different from the usual coding stack. The biggest jump went to Strix, an AI penetration-testing framework that turns reconnaissance, exploitation, and validation into a multi-agent workflow.
The ranking follows the Jun 28 20:18 to Jul 5 20:00 UTC-5 window. Each entry uses the same lens: why it is in the top 10 this week, what problem it solves, how it is built, what makes it different, and whether developers should star it.

#1 · usestrix/strix · 37.1k stars · +10,338 this week

Why it is here: Strix led this week's list with 37.1k stars and +10,338 stars over the week; one daily trending post recorded +1,904 stars on Jul 5 alone. 1 2
Problem: Strix is an open-source AI penetration-testing framework for turning security audits into repeatable agent runs. It targets web apps, APIs, codebases, and authenticated environments, then tries to produce working proof-of-concept exploits rather than only static findings. 1
Stack and approach: The repo is mostly Python and uses a graph of specialized agents for reconnaissance, exploitation, post-exploitation, and validation. Its tool layer includes Caido for HTTP interception, Playwright for browser automation, shell execution, a Python sandbox for exploit development, OSINT reconnaissance, SAST and DAST, and GitHub Actions integration for CI scans. 1
Differentiation and tradeoff: The useful pattern is agent specialization applied outside coding. Strix is closer to an autonomous security workflow than a scanner with an LLM summary. The caution is proof quality: no independent benchmark or audit of Strix's vulnerability-detection accuracy was available, and the $3-$20 API-cost comparison to a $10k-$35k traditional penetration test is a third-party estimate rather than a validated benchmark. 3
Verdict:Star it if you build security automation or want to study multi-agent task decomposition in a high-stakes domain. Skip production trust until independent security teams publish accuracy data.

#2 · xbtlin/ai-berkshire · 10.3k stars · +5,038 this week

Why it is here: ai-berkshire reached the second slot with a developer-friendly premise: package investment-research discipline as Claude Code and Codex skills. The repo has 10.3k stars, 1.3k forks, 1,232 commits, and an MIT license. 4
Problem: The project tries to make LLM investment analysis less vague. Instead of asking a model for a generic stock opinion, users run structured research workflows modeled on Warren Buffett, Charlie Munger, Duan Yongping, and Li Lu. 4
Stack and approach: The repo provides 19 Claude Code and Codex skills across deep research, financial-statement analysis, industry screening, portfolio management, and thinking tools. The /investment-team mode runs four separate agents against the same company, then asks a team lead to synthesize the views. Its financial_rigor.py tooling uses Python decimal.Decimal for valuation checks, market-cap validation, cross-source verification, and Benford-law checks. 4
Differentiation and tradeoff: The repo is strongest as a pattern for encoding expert process into agent skills. The investment claims need caution. The author reports +69.29% in 2024 and +66.38% in 2025, but Reddit commenters questioned whether 2024 was too easy a test year and whether LLM replay creates data-contamination risk. 4 5
Verdict:Star it for the skill-system design and financial-checking scaffolding. Skip it as an investing shortcut unless you can independently verify inputs, assumptions, and decision rules.

#3 · diegosouzapw/OmniRoute · 11.9k stars · +4,411 this week

Why it is here: OmniRoute landed at #3 by hitting a direct developer pain point: API sprawl and model-cost management. The repo has 11.9k stars, 1.7k forks, 4,544 commits, and a current v3.8.44 line. 6
Problem: OmniRoute is a self-hosted AI gateway that puts many model providers behind one OpenAI-compatible endpoint. The README claims 237+ providers, 90+ free providers, and a local endpoint at http://localhost:20128/v1. 6
Stack and approach: The project is built with TypeScript and Next.js 16. It includes 17 routing strategies, a 4-tier fallback system, an MCP server with 95 tools, an A2A agent protocol, memory features, guardrails, and a compression pipeline using RTK, Caveman, and LLMLingua-2 ONNX. The repo reports 21,000+ tests and CI coverage that includes ESLint, SonarJS, Stryker mutation testing, Playwright E2E, Trivy, and gitleaks. 6
Differentiation and tradeoff: Compared with LiteLLM, OpenRouter, and Portkey, OmniRoute's own comparison page emphasizes self-hosting, built-in compression, MCP/A2A support, memory, guardrails, and fusion routing. The tradeoff is verification: the 15-95% compression range and ~1.6B free-token figure are self-reported and were not independently benchmarked in the available sources. 7
Verdict:Star it if you need a playground for local model routing and fallback design. Skip relying on the free-token math until you test the providers you actually plan to use.

#4 · simplex-chat/simplex-chat · 17.9k stars · +3,572 this week

Why it is here: SimpleX Chat carried over from last week's list and moved up to #4 as its v7.0.0-beta work and new governance structure kept developer attention on the repo. The project has 17,922 stars, 1,100 forks, 6,185 commits, and an AGPLv3 license. 8
Problem: SimpleX Chat is a messaging platform built around no user identifiers. It avoids phone numbers, usernames, and even random user IDs; contacts connect through one-time invite links or QR codes. 8
Stack and approach: The core is Haskell, with iOS, Android, desktop, and terminal clients. v6.5, released Apr 30, 2026, introduced SimpleX Channels, a publishing model where relay operators can see channel content but not owner or subscriber identities. v7.0.0-beta.2, released Jun 26, 2026, added subscriber roles, contributor lists for subscribers, and CLI channel-connection support. 9 10
Differentiation and tradeoff: The reusable architecture is privacy by identifier minimization, not only encryption. The tradeoff remains onboarding and network effects. A 2026 review called SimpleX a strong privacy option while noting beginner complexity and occasional messaging bugs, and Reddit users reported notification delays and group-connection issues. 11 12
Verdict:Star it if you care about privacy architecture or decentralized protocol governance. Skip it if your immediate need is a low-friction consumer messenger with a broad social graph.

#5 · Robbyant/lingbot-map · 9.9k stars

Why it is here: LingBot-Map brought a research-grade computer-vision repo into the top 10. The project has 9.9k stars, 982 forks, 98 commits, an Apache 2.0 code license, and no formal GitHub release yet. 13
Problem: The repo tackles streaming 3D reconstruction from video. The goal is to recover camera poses and point clouds while keeping geometric accuracy, temporal consistency, and runtime efficiency in the same model. 14
Stack and approach: LingBot-Map uses a Geometric Context Transformer with three context mechanisms: anchor context for coordinate grounding, a pose-reference window for dense geometric cues, and trajectory memory for longer-range drift correction. The authors report feed-forward inference near 20 FPS at 518x378 resolution and support for sequences above 10,000 frames. 13 14
Differentiation and tradeoff: The difference from many reconstruction pipelines is that LingBot-Map avoids iterative optimization during inference. That makes the architecture interesting for robotics, AR, and mapping research. The limits are practical: training code is not public, issues focus on GPU memory and long-sequence stability, and an HN commenter challenged the 20 FPS claim because the hardware was not specified. 15 16
Verdict:Star it if you work on 3D vision or want a modern feed-forward reconstruction reference. Wait before depending on it for production mapping until hardware requirements, training code, and loop-closure behavior are clearer.

#6 · ogulcancelik/herdr · 12.1k stars · +3,937 this week

Why it is here: Herdr turned agent orchestration into a terminal problem and pulled strong developer attention. The repo has 12,070 stars, 702 forks, 1,021 commits, and its Jun 29 Hacker News thread reached 164 points and 109 comments. 17 18
Problem: Developers running several coding agents need a way to see which agent is blocked, working, done, or idle without switching between terminals and GUI wrappers. Herdr puts that awareness inside the terminal. 17
Stack and approach: Herdr is a Rust terminal multiplexer with a server/client architecture over a Unix socket. It ships as a single binary, supports detach and reattach from other terminals, and detects 15+ agents including Claude Code, Codex, Copilot CLI, Devin CLI, Cursor Agent, Grok CLI, OpenCode, Droid, Amp, and Pi. v0.7.1, released Jun 24, 2026, improved pane borders and gaps, keybinding displacement, integrations, Windows ConPTY behavior, and CJK display handling. 17 19
Differentiation and tradeoff: Herdr differs from tmux by treating agent state as a first-class primitive, and it differs from GUI agent managers by staying terminal-native and SSH-friendly. The tradeoff is enterprise licensing and reliability: the repo is AGPL-3.0-or-later with commercial licenses available, and AI Weekly questioned whether blocked-state detection depends on brittle output parsing. 20 21
Verdict:Star it if your daily workflow already involves multiple CLI agents. Skip it if you only need classic terminal persistence or your team cannot accept AGPL tooling.

#7 · logto-io/logto · 13.8k stars · +1,575 this week

Why it is here: Logto's week was driven by a real feature release, not only star velocity. The repo has 13,825 stars, 947 forks, 8,752 commits, and v1.41.0 shipped on Jun 30, 2026. 22 23
Problem: Logto is open-source auth infrastructure for SaaS and AI apps. It covers OIDC, OAuth 2.1, SAML, multi-tenancy, enterprise SSO, RBAC, MFA, passkeys, and SDKs for more than 30 frameworks. 22
Stack and approach: The project is a TypeScript monorepo managed with pnpm. It supports Docker Compose and Node.js deployment, with CI/CD through GitHub Actions and Codecov reporting. v1.41.0 added app-level access control by user, role, organization, or organization role; password expiration policies; Account Center upgrades; username-policy controls; verification-code rate limiting; JWT organization context; and an idempotent application-role assignment API. 22 23
Differentiation and tradeoff: Logto positions itself against Clerk with multi-app architecture, token-based pricing, and open-source availability. Its pricing page lists a free tier with 50K monthly active users and 50K tokens, plus Pro at $24 per month with unlimited MAU and $0.08 per 100 extra tokens after the included 50K tokens. 24 25
Verdict:Star it if you need auth patterns for SaaS, multi-tenant apps, or agent-facing products. Skip it only if you want a fully managed vendor with less self-hosting surface.

#8 · Zackriya-Solutions/meetily · 17k stars · +2,972 this week

Why it is here: Meetily is the privacy-first productivity entry in the list. The repo has 17,000 stars, 1,800 forks, 556 commits, an MIT license, and a v0.4.0 release from Jun 5, 2026. 26 27
Problem: Meetily records, transcribes, and summarizes meetings locally so meeting audio does not have to move through a cloud bot. It captures system audio and microphone input on the user's machine, then runs local transcription and local or bring-your-own-key summarization. 26
Stack and approach: The app uses Tauri and Rust for the desktop shell, a Next.js frontend, a FastAPI backend, Whisper.cpp or Parakeet for transcription, SQLite and vector storage, and Ollama or external LLM keys for summaries. v0.4.0 added multi-language summary support, built-in Qwen 3.5, Parakeet decoder improvements, opt-in analytics, tray minimize behavior, and a Vulkan-related Flash Attention fix. 26 27
Differentiation and tradeoff: The project is different from meeting bots because no visible participant joins the call and core processing can remain local. Alphr's March 2026 review called that the best privacy answer, while also noting missing features such as speaker ID recognition, custom transcription templates, and calendar or app integration. 28
Verdict:Star it if you want a local-first desktop AI reference with audio capture, transcription, and summary generation. Skip it if your team depends on mature enterprise meeting workflows and polished calendar integration.

#9 · browser-use/video-use · 15k stars

Why it is here: video-use is this week's media-agent repo. It has 15k stars, 1.8k forks, 18 commits, an MIT license, and no formal GitHub release yet. 29
Problem: The project lets coding agents edit video without forcing an LLM to inspect every frame. The README states the design plainly: "The LLM never watches the video. It reads it." 29
Stack and approach: video-use transcribes footage with ElevenLabs Scribe, packs word-level timestamps into a compact transcript, creates timeline-view images with filmstrip, waveform, speaker track, and word labels, then asks the agent to produce an edit decision list. The render pipeline uses ffmpeg and can run self-evaluation around cut boundaries for visual jumps, audio pops, and subtitle problems. 29
Differentiation and tradeoff: The reusable idea is representation design. Instead of 30,000 frames times 1,500 tokens, the project claims the agent can work from about 12KB of transcript plus a few PNGs. That is a useful pattern for any agent workflow where raw media is too expensive to feed directly. The tradeoff is maturity: the repo is young, issue quality is uneven, and Reddit users disagreed on whether AI tools can actually edit video well today. 29 30
Verdict:Star it for the transcript-plus-timeline representation pattern. Skip it if you need a reliable editor rather than an agentic editing experiment.

#10 · alibaba/page-agent · 23.9k stars · +3,151 this week

Why it is here: PageAgent rounds out the list with an in-page approach to GUI automation. The repo has 23.9k stars, 2.1k forks, 1,085 commits, 34 releases, and v1.11.0 shipped on Jul 3, 2026. 31 32
Problem: PageAgent lets users control a web interface with natural language from inside the page. The basic setup can run as an NPM package or CDN script, without a browser extension, Python service, or headless browser. 31
Stack and approach: The project is mostly TypeScript and works through text-based DOM manipulation rather than screenshots or multimodal page understanding. It supports OpenAI-compatible APIs, has an optional Chrome extension for multi-page tasks, and includes a beta MCP server for external agent control. The README acknowledges that some DOM-processing components and prompts derive from browser-use under MIT license. 31
Differentiation and tradeoff: PageAgent's bet is inside-out browser automation: the agent lives in the page and inherits the user's active session. Its March 2026 Show HN post reached 147 points and 76 comments; the creator also clarified that he works at Alibaba, the project is MIT-licensed, the library has no backend service, and BYO-LLM users send no data to Alibaba. 33 33
Verdict:Star it if you build SaaS copilots, form automation, or accessibility experiments. Skip it if your threat model cannot accept in-page automation around sensitive sessions.

What to take from the week

The reusable pattern is not one tool category. It is the shift from chat interfaces to agent-operable surfaces: a pentest graph, an investment skill pack, a model gateway, a no-ID messaging protocol, a 3D reconstruction model, a terminal multiplexer, an auth control plane, a local meeting assistant, a media-editing representation, and an in-page browser agent.
The repo to study first is Strix if your interest is agent decomposition under real constraints. The repo to test before believing the headline numbers is OmniRoute. The repo with the cleanest generalizable UX idea is PageAgent, because it shows what changes when the agent lives inside the software surface instead of driving it from outside.
Cover image: AI-generated illustration.

関連コンテンツ

  • ログインするとコメントできます。
このチャンネルのその他のコンテンツ