Home / Products / AgentGuard
Runtime Authorisation

AgentGuard

Real-time authorisation controls for autonomous AI agents.

AgentGuard sits between your AI agents and your infrastructure. Every command an agent issues is classified, authorised, or blocked at runtime — before it touches your filesystem, your APIs, or your data. Sub-millisecond decisions. No observable latency.

13
Risk classifications
<250μs
Decision latency (p99)
200K+
Training commands
Schedule a Briefing View on GitHub
agentguard · live capture
$ rm -rf ~/.aws
Critical category 03 · credential destruction
↳ Blocked at syscall · Agent halted
$ curl http://internal.svc/db/dump
Elevated category 07 · exfiltration risk
↳ Awaiting human approval
$ ls -la /var/log/app
Safe category 11 · read-only inspection
↳ Authorised · 187μs
Architecture

Authorisation at the syscall boundary

AgentGuard operates as a daemon between the AI agent runtime and the operating system. Every command — whether issued via shell, library function, or remote procedure call — is evaluated against the trained classifier before any system effects occur. Decisions are logged in full, with structured provenance, and surfaced through the integration of choice.

AI Agent Runtime

An autonomous agent attempts to issue a command in the customer environment.

AgentGuard Daemon

The classifier evaluates the command across thirteen risk categories in under 250 microseconds.

Authorisation Decision

Block at syscall, flag for human approval, or authorise with audit log. All outcomes are signed and logged.

Risk Coverage

Thirteen categories of execution risk

Risk categories are derived from analysis of more than 200,000 production agent commands across customer engagements, public corpora, and red-team exercises. Each category carries an assigned severity tier that maps to a default authorisation policy, which customers may override per-environment.

01
Remote code execution
Critical
02
Privilege escalation
Critical
03
Credential destruction
Critical
04
Persistence mechanism installation
Critical
05
Lateral movement
Elevated
06
Disabling security controls
Elevated
07
Data exfiltration
Elevated
08
Cryptocurrency mining
Elevated
09
Modification of system binaries
Elevated
10
Network reconnaissance
Moderate
11
Read-only system inspection
Low
12
Filesystem traversal
Low
13
Outbound network connection
Moderate
Editions

Three editions for different operational contexts

AgentGuard is available in three editions distinguished primarily by deployment surface, update cadence, and support model. The Community edition is open source; Professional and Enterprise editions are commercially licensed and include managed updates and direct support.

Community
Free
MIT-licensed open source release. Full classifier and daemon. Self-managed updates from public registry.
  • Complete thirteen-category classifier
  • Daemon and command-line integration
  • Public model registry
  • Community support via GitHub
View Repository
Most adopted
Professional
From $2,400 / agent / year
Commercial license with managed model updates, signed registry, and direct technical support.
  • Everything in Community
  • Signed model updates with rollback
  • SOC 2 Type II audit-ready logging
  • Customer-tunable severity policies
  • Email support with 8-hour SLA
Contact Sales
Enterprise
Custom pricing
Designed for air-gapped deployment, sovereign environments, and integration with existing security infrastructure.
  • Everything in Professional
  • Air-gapped deployment binary
  • Custom risk-category extensions
  • SAML, SIEM, and HSM integration
  • Named technical account manager
Contact Sales
Integration

Operates within existing agent infrastructure

AgentGuard is designed to integrate with existing agent runtimes without modification to application code. Reference integrations are maintained for the most commonly deployed agent frameworks; additional integrations are developed under engagement with our platform team.

Claude Code
Daemon integration via the Anthropic Claude Code CLI. Available now.
LangChain
Tool wrapper for LangChain agent executors. Available now.
CrewAI
Native middleware for CrewAI multi-agent workflows. Available now.
AutoGen
Function-call interception for Microsoft AutoGen. Limited availability.
Cursor
IDE-level command authorisation for Cursor. Limited availability.
MCP Servers
Authorisation hook for any Model Context Protocol server. In development.

Evaluate AgentGuard in your environment

Most engagements begin with a structured evaluation against representative agent traffic from your production environment. Our team can provide reference deployments, severity policy tuning, and integration support throughout.

Schedule a Briefing View on GitHub
Scroll to Top