Collection · 6 entries
Security tools for AI coding agents
Sandboxes, scanners, proxies, and governance toolkits that keep autonomous agents from doing damage.
The 'agent security' problem is really three problems stacked: input (prompt injection, untrusted data crossing the agent loop), execution (what the agent can run, where, with what permissions), and output (data leaving the system through tool calls). The tools below tackle different layers - Destructive Command Guard and Zerobox at execution, AgentShield and the Microsoft Governance Toolkit at config and policy, CrabTrap and LLM-Anonymization at the output / network boundary.
AgentShield - security scanner for AI agents
CLI, GitHub Action, and GitHub App that scan agent configs, MCP servers, and tool permissions for vulnerabilities. Detects skill poisoning and prompt-injection vectors.
LLM Anonymization - pentest data scrubber
Reverse proxy for Claude Code that strips IPs, hashes, credentials, and PII before requests hit Anthropic. Dual-layer detection: local Ollama LLM plus regex.
CrabTrap - LLM-as-a-judge proxy for agent security
Brex's HTTP proxy that uses an LLM judge to vet agent traffic in production. Drop it in front of any agent runtime to block exfiltration and jailbreaks.
Agent Governance Toolkit
Microsoft's policy engine for autonomous agents: zero-trust identity, execution sandboxing, and reliability checks. Maps to all 10 OWASP Agentic Top 10 categories.
Destructive Command Guard
Rust CLI that blocks dangerous git and shell commands before an agent can run them. Pattern-matched safety net for autonomous coding agents.
Zerobox - process sandboxing on the Codex runtime
Lightweight, cross-platform process sandbox in Rust. Wraps any command with file, network, and credential controls - built on OpenAI Codex's runtime primitives.
Frequently asked
Where should I start with agent security?
If you're running a coding agent locally, Destructive Command Guard or Zerobox give you immediate execution-layer guardrails. If you're shipping an agent product, look at CrabTrap (LLM-as-a-judge proxy) and the Microsoft Agent Governance Toolkit for the policy layer.
How do these compare to OWASP's Agentic Top 10?
The Microsoft Agent Governance Toolkit explicitly maps to all 10 OWASP Agentic categories. Most other tools here cover specific risks - sandboxing for excessive agency, anonymization for sensitive data exposure, MCP scanners for supply chain compromise.
Related collections
Claude Code tools, plugins, and integrations
The best tools, MCP servers, and harnesses for getting more out of Claude Code - orchestration, observability, telemetry, and remote control.
MCP servers and Model Context Protocol tools
Production MCP servers, gateways, frameworks, and clients - everything in this directory that speaks the Model Context Protocol.