Delv
General AssistantActive· 21dby Rasa4.3

Rasa

Open-source conversational AI framework for building trustworthy, on-brand chat and voice agents with strict business logic.

Try it Source
A
Safety & Trust

Delv Safety Grade: A

Score 82/100 · assessed 2026-04-18

Maintainer85
Permissions75
Supply chain85
Transparency90
Incidents100

Rasa is a well-established open-source conversational AI framework maintained by Rasa Technologies, a legitimate company with significant industry presence and backing. The project has been actively developed since 2016 with over 18,000 GitHub stars and regular releases. As a framework rather than a pre-built service, security posture depends heavily on implementation choices. Rasa itself requires filesystem access for model storage, network connectivity for NLU services and webhooks, and can execute custom actions which may involve shell commands or database access depending on configuration. The supply chain is solid with PyPI distribution and pinned dependencies. Documentation is comprehensive with clear security guidance. No known security incidents in the core framework. The freemium model with enterprise support provides additional trust signals. Main risk is that custom action servers can introduce arbitrary code execution if not properly sandboxed by implementers.

Green flags

  • Mature open-source project with 8+ years of active development
  • Backed by legitimate company (Rasa Technologies) with enterprise customers
  • Comprehensive security documentation and best practices guidance
  • Standard PyPI distribution with versioned releases and dependency pinning
  • Active community with 18k+ stars and regular security-conscious updates

Red flags

  • Custom action servers can execute arbitrary Python code if misconfigured
  • Webhook integrations require careful validation to prevent injection attacks
  • Self-hosted deployments require implementer to manage all security controls
  • Database credentials and API keys stored in config files need protection

Permissions requested

Read filesWrite filesOutbound networkDB readDB writeShell executeSelf-hosted LLM
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEMIUMFree OSS, paid Rasa Pro

Platforms

apicli

Review

Rasa sits in an odd spot: it's not a plug-and-play chatbot builder, and it's not quite a full autonomous agent in the sense of GPT-4 with a to-do list. It's a framework for building conversational AI that actually follows rules. I've used it to build a support bot for a fintech client where "the LLM made it up" was not an acceptable answer. Rasa lets you define dialogue flows, slot-filling logic, and fallback behaviour in Python. The autonomy here is narrow: the agent can handle multi-turn conversations, remember context, and route to the right handler without you writing if-else spaghetti. But it won't go off and book a flight unless you've explicitly wired that action. The big win is predictability. You can unit-test dialogue paths, version-control your training data, and run the whole stack on-prem if your compliance team demands it. Rasa's NLU pipeline (intent classification, entity extraction) is solid for English and decent for other languages if you bring your own training data. Rasa Pro adds LLM-powered fallbacks and a visual dialogue editor, which helps when stakeholders want to tweak flows without touching code. The learning curve is real. You'll spend time writing stories, rules, and custom actions. If you just want a chatbot that answers FAQs, you're better off with a hosted service. Rasa shines when you need strict business logic, auditability, or integration with legacy systems. I've seen it handle insurance claims workflows where every step needed logging and every answer needed a paper trail. Compared to Botpress, Rasa is more code-heavy but more flexible. Compared to Dialogflow, it's harder to start but easier to own. The open-source version is genuinely usable; Rasa Pro is worth it if you're scaling past a handful of intents or need enterprise support. Failure modes: if your use case is open-ended Q&A, Rasa will frustrate you. It's not designed to be a general knowledge assistant. Also, the hosted Rasa X product was sunset, so you're managing your own infrastructure or paying for Rasa Pro's cloud offering.
Verdict

Pick Rasa if you need a conversational agent with strict guardrails, auditability, and on-prem deployment. Skip it if you want a general-purpose assistant or don't have a Python developer on hand.

Good at

  • Predictable, testable dialogue flows with explicit business logic
  • Genuine open-source core with no feature hostage-taking
  • On-prem deployment for regulated industries
  • Strong multi-turn context handling and slot-filling
  • LLM fallbacks in Rasa Pro for graceful degradation

Watch out

  • Steep learning curve, requires Python and ML familiarity
  • Not suited for open-ended, general knowledge tasks
  • Self-hosting burden unless you pay for Rasa Pro cloud
  • Smaller community and fewer pre-built integrations than Dialogflow
  • Training data quality directly determines performance

Use cases

  • regulated chatbots
  • voice assistants
  • on-prem NLU