> For the complete documentation index, see [llms.txt](https://whitepaper.gopluslabs.io/goplus-network/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://whitepaper.gopluslabs.io/goplus-network/ai-agent-security/agentguard.md). # AgentGuard ## Overview AgentGuard is GoPlus' runtime security product for AI agents. AI agents are no longer passive assistants. They can browse, write code, read files, call MCP tools, execute shell commands, manage credentials, deploy applications, and trigger Web3 transactions. This creates a new security challenge: the most important security decision often happens at runtime, immediately before an agent performs a high-impact action. AgentGuard protects agents at that moment. It sits between the agent and risky execution paths, evaluates actions against security detectors and policy rules, blocks or escalates dangerous behavior, and records an audit timeline for review. It is designed as a local-first runtime guard connected to a cloud control plane for policy, approvals, reporting, advisories, and team workflows. ## Why AI Agents Need Runtime Security Traditional AI safety focuses heavily on prompts and model outputs. Agent security requires more. Once an agent can use tools, the attack surface expands from text generation to execution. Key risks include: * **Prompt injection:** Untrusted content can manipulate agent intent, override instructions, or attempt to extract system prompts. * **Credential leakage:** Agents may access API keys, private keys, cloud tokens, database credentials, or `.env` files during normal workflows. * **Malicious command execution:** Agents can be tricked into running destructive shell commands, encoded payloads, reverse shells, or supply-chain installation scripts. * **Data exfiltration:** Sensitive files or credentials can be copied, uploaded, tunneled, or sent through external services. * **Permission abuse:** Agents may request broad tool permissions, combine capabilities in unsafe ways, or exceed the intended scope of a task. * **Malicious URLs and package supply chain:** Agents often consume web pages, install dependencies, load skills, and connect to MCP servers from external sources. These risks cannot be solved only by asking the model to behave safely. They require policy enforcement at the boundary where the agent attempts to act. ## Core Capabilities ### Runtime Policy Enforcement AgentGuard evaluates risky actions before shell, file, deploy, browser, URL, or tool execution. Based on policy, it can allow, block, warn, or require approval for an action. ### Local-First Protection The guard runs close to the agent runtime so sensitive operations can be inspected before they leave the local environment. This reduces dependency on remote-only scanning and makes protection practical for developer machines and agent workflows. ### Security Detectors AgentGuard includes detectors for credential leaks, prompt injection, malicious commands, data exfiltration, permission abuse, and URL risk. These detectors help identify both obvious malicious actions and subtle agent-specific attack patterns. ### Approval Workflows Sensitive operations can be routed through human approval. This gives teams a practical way to supervise high-risk agent behavior without blocking all automation. ### Audit Timeline AgentGuard records what the agent attempted, which policy was applied, what risk was detected, and whether the action was allowed, blocked, or approved. This creates the evidence needed for debugging, incident response, governance, and compliance. ### Supply-Chain and Advisory Protection AgentGuard scans agent skills, plugins, packages, URLs, and related supply-chain inputs. It can also consume signed advisories for malicious skills, plugins, MCP servers, packages, phishing URLs, and prompt-injection payloads. ## AgentGuard in the GoPlus Security Layer AgentGuard is the AI agent runtime enforcement layer of GoPlus. It complements the rest of the GoPlus ecosystem: * **GoPlus Intelligence** provides risk models, detection capabilities, and threat intelligence. * **GoPlus Security Network** enables open security data, verifiable security signals, and decentralized security services. * **GoPlus Web3 Security** protects transactions, signatures, approvals, tokens, dApps, wallets, RPCs, and chains. * **AgentGuard** protects the agent actions that may lead to those same high-risk environments. This connection is important because AI agents will increasingly operate Web3 wallets, manage on-chain assets, interact with dApps, deploy contracts, analyze tokens, and execute transactions. AgentGuard protects the agent runtime before the action reaches Web3, while GoPlus Web3 Security protects the on-chain execution path itself. ## Use Cases **Developers using coding agents** Protect shell commands, file access, dependency installation, repository changes, deployment scripts, and credentials during agent-assisted development. **Teams adopting autonomous workflows** Apply organization-level policy to agent actions, require approvals for risky operations, and keep audit records of agent decisions. **AI agent platforms** Integrate runtime security and action evaluation into agent frameworks, tool routers, MCP workflows, and cloud agent infrastructure. **Web3 agent applications** Protect agents that interact with wallets, contracts, dApps, tokens, transaction builders, and cross-chain workflows. ## Conclusion AgentGuard brings GoPlus' security-layer philosophy into the AI agent runtime. It protects actions before they execute, gives users and teams control over agent behavior, and creates an auditable foundation for safe AI automation. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whitepaper.gopluslabs.io/goplus-network/ai-agent-security/agentguard.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.