How It Works

The Problem

AI agents are being deployed with unprecedented access to sensitive systems. They can read and write files, execute shell commands, call APIs, query databases, manage cloud infrastructure, and interact with other agents. A single misconfigured agent can expose your entire internal network, leak customer data, or give attackers a persistent foothold in your environment.

Traditional security tools were not designed for this new attack surface. They do not cover prompt injection, tool abuse, secret leakage through LLM responses, MCP misconfigurations, or the unique ways agents can be manipulated into performing unauthorized actions. Most teams discover these vulnerabilities only after deployment -- when the damage is already done.

Pre-Deploy Scanning vs Runtime Blocking

Pre-Deploy (AgentGuard)Runtime BlockersManual Audit
Catches config issuesYesNoSometimes
Detects secret leaksYesNoSometimes
Works before deploymentYesNoYes
CI/CD compatibleYes (API keys)limitedNo
Covers all 12 OWASP areasYesvariesvaries
Automated & repeatableYesYesNo
Consumer-friendly resultsYeslimitedvaries

The 12-Module Approach

Exposed Endpoints

AG05

Discovers publicly accessible admin panels, debug endpoints, and internal tools.

Authentication Security

LLM02

Tests 8 JWT/auth vulnerability categories: none algorithm bypass, expired token acceptance, signature validation, algorithm confusion, session fixation, IDOR, privilege escalation, and missing auth.

Secret Leakage

LLM06

Finds exposed API keys, passwords, tokens, and credentials in configs and responses.

Prompt Injection

LLM01

Tests if the agent obeys injected instructions using canary token verification across 4 attack categories.

MCP Security

AG02

Tests Model Context Protocol tool connections for unauthorized access and data exposure.

SSRF

AG04

Checks if the agent can be tricked into accessing internal networks or cloud metadata.

Tool Execution

LLM07

Audits tool access for command injection, path traversal, and code execution risks.

Configuration

LLM05

Scans for exposed settings, debug modes, .git directories, and misconfigurations.

Data Exfiltration

LLM06

Detects data theft via encoded URLs, known exfiltration domains, and tracking pixel techniques.

Typosquatting

LLM05

Detects dependency confusion and typosquatting attacks by comparing package names against known-good packages.

Excessive Agency

LLM08

Detects agents that execute destructive actions without confirmation, invoke unauthorized tools, or expand beyond their intended scope.

Canary Tokens

LLM06

Plants fake credentials in agent context and checks if they are replayed on demand or leak into unrelated responses.

OWASP Alignment

AgentGuard's modules are aligned with both the OWASP Top 10 for LLM Applications and the OWASP Top 10 for Agentic Applications. Each scan module maps to specific OWASP risk categories, ensuring comprehensive coverage of the known threat landscape for AI agents.

AG05
Exposed Endpoints -- Insufficient Access Control - exposed endpoints and admin panels
LLM02
Authentication Security -- Broken Authentication - JWT vulnerabilities, missing auth, privilege escalation
LLM06
Secret Leakage -- Sensitive Information Disclosure - leaking secrets in responses
LLM01
Prompt Injection -- Prompt Injection - manipulating LLM through crafted inputs
AG02
MCP Security -- Insecure Tool/Function Calls - MCP and tool server vulnerabilities
AG04
SSRF -- Server-Side Request Forgery - agents accessing restricted resources
LLM07
Tool Execution -- Insecure Plugin Design - unsafe tool execution without guardrails
LLM05
Configuration -- Supply Chain Vulnerabilities - compromised components and configs
LLM06
Data Exfiltration -- Sensitive Information Disclosure - leaking secrets in responses
LLM05
Typosquatting -- Supply Chain Vulnerabilities - compromised components and configs
LLM08
Excessive Agency -- Excessive Agency - agents performing unintended actions beyond their scope
LLM06
Canary Tokens -- Sensitive Information Disclosure - leaking secrets in responses

Start Scanning Free

Create an account and run your first security scan in under a minute.

Start Scanning Free