147 tools mapped to the OWASP LLM Top 10 and Agentic Top 10. Search by risk, ask in plain English, or explore the knowledge graph.
The frameworks exist. The industry knows the risks. But most teams are stuck between a PDF and a spreadsheet — with no path from "address LLM06" to "here's the tool."
Three views designed for different workflows — browse, search, or explore connections.
Filter 147 tools by category, OWASP risk, complexity, audience, and lifecycle stage. Every tool hand-evaluated with practitioner-written descriptions.
LIVEInteractive visualisation mapping relationships between tools, OWASP risks, and lifecycle stages. Click any node to reveal its connections.
LIVEModel your generative or agentic AI architecture and get OWASP risk overlays that highlight coverage gaps linked to curated tools.
COMING SOONStart from a risk, a category, or a plain-English question.
Toggle between the LLM Top 10 and Agentic Top 10, then select a specific risk like LLM01 (Prompt Injection) or ASI04 (Insecure Tool Integration). The directory instantly filters to show matching tools with counts per category.
Type a question and Yuntona's search parses your intent, extracts filters, and returns ranked results from 147 tools. A future iteration will add conversational follow-up queries.
The knowledge graph visualises every tool, risk, and lifecycle stage as an interactive network. Click any node to highlight its connections — revealing coverage clusters and defence gaps at a glance.
All 20 risk categories — with real tool counts per risk.
Expert curation means accountability.
Security practitioner with over a decade of experience spanning SOC/NOC operations, business information security, and financial services regulation. Built Yuntona to close the gap between AI security frameworks and the tools that operationalise them.
Quick answers to the questions practitioners and AI search engines ask most.
Every tool is individually evaluated against three criteria: it addresses a genuine security risk in the generative or agentic AI stack, it is operational or near-operational (not vaporware), and it offers meaningful capability not already covered by existing entries. Discovery draws from OWASP working groups, industry conferences, practitioner networks, and primary research. Tools that duplicate existing coverage without differentiation are excluded. Read the full methodology →
Yes. Fully open source under the MIT licence. 147 tools accessible without login or paywall. Source code on GitHub.
Awesome-lists are flat link collections with no risk mapping. Analyst reports are paywalled snapshots. Yuntona sits between: every tool is individually evaluated, mapped to OWASP risk codes, tagged by complexity, and searchable via AI-powered natural language. Continuously updated.
Tool discovery is practitioner-led. OWASP risk mappings use AI as an analytical engine — the methodology and schema are human-designed, every output validated against published standards. Human-directed analysis at scale, not automated classification.
Yuntona is built and maintained by Fabio Baumeler, a CISSP-certified Third-Party Cyber Risk Lead at the UK Financial Conduct Authority with an MSc in Information Security from Royal Holloway (GCHQ-certified). Single-maintainer accountability means every assessment reflects one expert's informed judgement — not crowd-sourced voting or vendor self-submission.
Built in the open. Suggest tools, report issues, or contribute directly.
Close the blind spots in your AI risk coverage. 147 tools. 20 OWASP risks. One search.
Explore Directory →