Open-source security infrastructure for autonomous AI agents.
AI agents are being weaponized. Anthropic recently disclosed a Chinese state-sponsored group used jailbroken Claude to orchestrate autonomous cyberattacks at scale. 80-90% of operations were AI-driven. Several intrusions succeeded.
Organizations deploying AI agents have:
- Zero visibility into what agents are actually doing
- No architectural controls (only prompt-level "guardrails")
- No detection for when models shift into adversarial behavior
- No secure runtime infrastructure
AgentSec provides three layers of defense:
- Telemetry - Know exactly what your agents are doing
- Policy Enforcement - Alignment anchored in architecture, not prompts
- Misalignment Detection - Catch mode shifts before damage occurs
pip install agentsecfrom agentsec import AgentSecClient, policy
# Initialize with your agent
client = AgentSecClient(agent_id="my-agent")
# Wrap tool calls with policy enforcement
@policy.guard
def search_database(query: str) -> list:
# Your tool implementation
pass
# All calls are now logged + policy-checked
results = search_database("SELECT * FROM users")# CLI - tail events in real-time
agentsec tail -f
# CLI - inspect with risk analysis
agentsec inspect
# Web Dashboard
make web # Opens http://localhost:8080+------------------+ +-------------------+ +------------------+
| Your Agent | --> | AgentSec SDK | --> | Policy Engine |
| (OpenAI/Claude/ | | - Telemetry | | - Allow/Deny |
| LangChain/etc) | | - Tool Wrappers | | - Escalate |
+------------------+ +-------------------+ +------------------+
|
v
+-------------------+
| Event Storage |
| - Local files |
| - Remote ingest |
+-------------------+
- Capture prompts, responses, tool calls
- Intercept network and file operations
- Standardized event schema
- Local storage or remote ingest
- YAML-based policy definitions
- Inline enforcement (not just logging)
- Pre-built policy packs for common threats
- Local evaluation (no cloud dependency)
- Heuristic-based risk labeling
- Risk scoring (0.0 - 1.0)
- 20+ risk label vocabulary
- Pre-execution gating for high-risk operations
- Real-time event timeline
- Risk highlighting
- Run selector
- Auto-refresh
# Run unit tests
make test
# Run scenario tests (benign + malicious simulations)
make scenarios
# Run all tests
make test-all- Getting Started
- Event Schema Specification
- Policy Language Reference
- SDK Reference
- Integration Guides
- Roadmap & Milestones
| Milestone | Goal | Status |
|---|---|---|
| M0 | Lights On - See agent behavior in logs | Done |
| M1 | Policy Has Teeth - Block risky actions | Done |
| M2 | Scenario Pack - Automated test harness | Done |
| M3 | Public OSS v0.1 - PyPI + external users | Done |
| M4 | External Validation - Real-world adoption | In Progress |
See ROADMAP.md for full details.
Security adoption depends on trust and code visibility. You need to see exactly what telemetry is collected and how policies are evaluated.
The OSS components provide:
- Telemetry SDKs (Python, Node.js planned)
- Event schema specification
- Local policy evaluator
- CLI tools
- Web dashboard
Commercial offerings (coming soon) will provide:
- Cloud-managed policy engine
- Advanced misalignment detection
- Secure agent runtime
- Enterprise integrations
See CONTRIBUTING.md for guidelines.
Found a vulnerability? See SECURITY.md for responsible disclosure.
Apache 2.0 - See LICENSE
Built by TaylorTech