Kernel-enforced agent sandbox. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.

Protect every action your agent takes.

Free OpenClaw security scanner. 2,890+ agents audited. 3-Layer Audit Protocol. OWASP ASI 10/10 coverage. AI agent integrity layer.

AI got hands. This is the leash. Policy, audit, kill switch for any AI agent with access to your accounts.

Portable runtime policy and audit layer for AI agents - HTTP/HTTPS proxy enforcing egress policies, inspecting content, materializing secrets, and recording every decision.

OpenPAKT: Open Protocol for Agent Knowledge Trust — a language-agnostic specification for AI agent security findings, scenarios, and CI policy gating.

Security proxy for AI agents (OpenClaw, LangChain, CrewAI). Protects API keys, enforces spend limits, blocks dangerous endpoints. Local-first Rust binary — your credentials never leave your machine.

macOS secrets manager with Touch ID. Stores API keys in the Keychain, detects AI agents, delivers secrets via encrypted handoff. Free, open source, local-only. A dotenv alternative for developers.

AI agent runtime governance control plane: intercept tool calls with PII protection, approvals, and formal verification.

Package Firewall — self-hosted supply chain security for macOS. Intercepts npm/pip/cargo/yarn in ALL shells including AI agents. 4 vuln sources (OSV + GHSA + deps.dev + CISA KEV). Zero telemetry.

Comprehensive security checklist for deploying autonomous AI agents safely. Covers prompt injection, data exfiltration, tool-use safety, and autonomous execution risks.

TealTiger Python SDK - Drop-in security and cost tracking for OpenAI, Anthropic, and Azure OpenAI

Security scanner for AI agent plugins, skills, MCPs, and configurations. Detects prompt injection, malware, credential theft, and obfuscated payloads.

Non-custodial x402 safety proxy & guardrails engine for autonomous AI agents in DeFi — spend limits, contract whitelists, session keys (EIP-7702) on Base & Solana

Default-deny enterprise MCP gateway with signed policy bundles and taint tracking