Open Source Projects by Orca
At Orca we’re a proud contributor to the open source community, helping developers and security teams make the cloud a safer place for everyone.
Our Key Open Source Projects
AI Goat
AI Goat is the first open source AI security hands-on learning environment based on the OWASP top 10 ML risks and was created to help security professionals and pentesters understand how AI-specific vulnerabilities can be exploited, and how organizations can best defend against these types of attacks.
- An intentionally vulnerable AI environment built in Terraform that includes numerous threats and vulnerabilities for testing and learning purposes.
- Built on AWS, running AI models on Amazon SageMaker. Deploying the environment exposes a user interface for an online shop selling soft toys with different machine learning models embedded in the store features.
- The application includes intentional misconfigurations, vulnerabilities, and security issues so security practitioners and developers can increase their understanding of how attackers can take advantage of these weaknesses.
Orca’s AI Goat is a valuable resource for AI engineers and security teams to learn more about the potentially dangerous misconfigurations and vulnerabilities that can exist when deploying AI models. By using AI Goat, organizations can enhance their understanding of AI risks and the different ways attackers can leverage these weaknesses. This enables them to be much more effective in preventing AI attacks.”
Shain Singh, a top project leader of the OWASP ML Security Top 10
IAM APE
The IAM AWS Policy Evaluator (APE) is an open source, automated tool that’s designed to simplify the process of calculating effective permissions for an AWS entity. While the capabilities of the tool are included in the Orca Platform, we’ve also made the tool available to the developer community to help strengthen cloud security postures.
- Gathers all the IAM policies present in your account, and then calculates the effective permissions that each entity – User, Group, or Role – has.
- Presents you with a single policy for each entity, summarizing all of their actual permissions.
- Available on Orca Security’s official GitHub repo, as well as through PyPI, the official Python Package Index.
KTE
KTE is an open-source Kubernetes Testing Environment for EKS (Amazon Elastic Kubernetes Service), GKE (Google Kubernetes Engine) and AKS (Azure Kubernetes Service).
- Helps you improve Kubernetes security by providing a safe and controlled space to identify and address potential vulnerabilities before they impact production.
- Allows you to simulate various attack scenarios, test security patches, and evaluate the effectiveness of security configurations and policies.
- Users are encouraged to replace the default helm chart with their own, so they can use KTE to test a real, staging environment.
Orca Research Pod
The Orca Research Pod, a group of cloud security researchers that discovers and analyzes cloud risks and vulnerabilities, creates and maintains the Orca open source projects on GitHub, helping developers and security teams make the cloud a safer place for everyone.
Connect with us on
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.