EU AI Act enforcement begins August 2026

Stop deploying
unsafe AI agents

AgentGuard enforces security policies at deploy-time and runtime. Like container scanning, but for AI agents.

CI/CD gate — blocks unsafe deploys
Sub-ms local • ~200ms cloud API
Compliance trail built in
Get Started Free → ⭐ View on GitHub
AgentGuard blocks dangerous tool calls in real-time
Works with: 🦜 LangChain 🚢 CrewAI 🤖 AutoGen ⬡ OpenAI Any MCP agent
Free Tier · No Credit Card

Get Your API Key

▶ Watch Demo

🎉 Account created!

Check your email for setup instructions and docs.

Free forever. No spam. No card required.
Trusted by teams building AI agents
🛡 SOC 2 Type II Ready ⚡ Sub-ms local PolicyEngine • ~200ms cloud API 📋 OWASP Top 10 for Agentic AI 🔒 EU AI Act Art. 9, 12, 14 🚀 GitHub Action included 🔍 Prompt Injection Detection 🛡️ PII Redaction Built-In
What AgentGuard Does

Three layers. One platform.

Deploy-time enforcement stops problems before they reach production. Runtime enforcement catches what slips through. The compliance trail proves you were in control the whole time.

Pillar 01
🚦

CI/CD Gate

Block unsafe agents before they reach production. Our GitHub Action scans agent code, validates policy coverage, and fails the pipeline if security requirements aren't met.

Shift Left
Pillar 02

Runtime Enforcement

Every tool call is evaluated against your security policy in real-time. Block, monitor, or require human approval — sub-millisecond latency with local PolicyEngine, or ~200ms via cloud API.

Always On
Pillar 03
📋

Compliance Trail

Tamper-evident audit log with SHA-256 hash chain. Generate compliance evidence for EU AI Act, SOC 2, and APRA CPS 234 — before your auditor asks.

Audit Ready
🔔
Webhook Alerts
Slack, Teams, PagerDuty — instant alerts on blocked actions
🤖
Agent Identity
Per-agent keys, scoped policies, individual audit trails
⏱️
Rate Limiting
Per-agent sliding window limits — prevent runaway costs
💰
Cost Attribution
Track spend per agent, per tool — know where the money goes
🔌
MCP Middleware
Policy enforcement on any Model Context Protocol server
📈
Live Dashboard
Real-time decision feed, block rates, agent activity
New
🔍
Prompt Injection Detection
Heuristic + Lakera adapter — scan messages before they reach your agent
New
🛡️
PII Detection & Redaction
Scan for SSN, email, credit cards, addresses — auto-redact before logging
New
📊
OWASP Compliance Reports
Auto-generate OWASP LLM Top 10 compliance evidence from your audit trail
New
💬
Slack HITL Approvals
Route human review requests to Slack — approve or deny with one click
New
🤝
Multi-Agent A2A
Parent/child agent hierarchies with policy inheritance, TTL, and budget caps
Why Deployment Enforcement?

System prompts aren't security controls.

System prompts are probabilistic suggestions the model can ignore. AgentGuard enforces policy outside the model — at deploy-time and runtime — so compliance is structural, not hopeful.

Before AgentGuard After AgentGuard
Deployment gate No check before pushing agents to production CI/CD pipeline fails if agent tools lack policy coverage
Tool call enforcement System prompt asks the model not to do bad things Every tool call evaluated against a versioned YAML policy — outside the model
Audit trail SIEM logs show an API was called — not whether it should have been SHA-256 hash-chained log of every decision, with intent and policy context
Compliance evidence A Confluence page and a Slack thread Pre-built reports for EU AI Act Art. 9/12/14, SOC 2, APRA CPS 234
Incident response Find out an agent misbehaved after the damage is done Kill switch halts any agent in <500ms; blocked actions alert in real-time
Policy updates Re-deploy the agent with a new system prompt — and hope Update the YAML policy, merge the PR — enforcement is immediate
"I have 200 agents deployed across 6 departments. I can't tell you what they accessed yesterday, whether any of them violated our data handling policies, or if one is currently exfiltrating PII to a third-party API. My board asks about AI risk every quarter and I have nothing to show them." — CISO, Financial Services Enterprise (discovery interview, Jan 2026)
Getting Started

Zero to enforced in four steps.

From install to a live CI/CD gate and runtime policy engine in under 10 minutes.

1

Install the SDK

Add AgentGuard to your project. Works with LangChain, CrewAI, AutoGen, or any MCP-compatible agent.

# TypeScript / Node
$ npm install @the-bot-club/agentguard

# Python
$ pip install agentguard-tech
2

Define Your Policy

Write a YAML security policy — version-controlled, reviewed in PRs, enforced outside the model.

id: production-policy
version: 1.0.0
rules:
  - id: block-external
    action: block
    match:
      tool: http_post
default: allow
3

Add the CI Gate

One line in your GitHub Actions workflow. Fails the pipeline if any agent tool lacks policy coverage.

# .github/workflows/deploy.yml
- uses: agentguard-tech/validate@v1
  with:
    path: .
# Blocks deploy if uncovered tools
4

Runtime Enforced

Every tool call is checked against your policy before execution. Block, allow, or require approval.

const decision = await guard.evaluate({
  tool: "http_post",
  params: { destination: url }
});
// { result: "block",
// durationMs: 0.49 }
GitHub Actions Integration

Your pipeline. Your gate.

Drop this workflow into any repo. AgentGuard validates tool coverage before every deploy — like container scanning, but for agents.

.github/workflows/deploy.yml ✓ AgentGuard Gate
name: Deploy Agent to Production on: push: branches: [ main ] jobs: agentguard-gate: runs-on: ubuntu-latest steps: # ✅ Step 1 — Validate agent tool coverage against policy - uses: agentguard-tech/validate@v1 with: path: . # scan the entire repo policy: ./policy.yaml # your security policy api-key: ${{ secrets.AGENTGUARD_KEY }} fail-on-uncovered: true # ← blocks deploy if any tool lacks coverage deploy: needs: agentguard-gate # ← deploy only runs if gate passes runs-on: ubuntu-latest steps: - name: Deploy to production run: ./deploy.sh
All tools covered
Policy covers every tool in the codebase — deploy proceeds
🚫
Uncovered tools found
Pipeline fails, PR blocked — agent cannot reach production
📋
Certification created
Every successful gate creates a deployment certification in the audit trail
Who It's For

Your title. Your pain.

AgentGuard is built for the people responsible when an agent goes wrong — and for the engineers who want to ship safely before it does.

🔐 CISO / VP Security

Finally, something to put on the board slide

You have agents deployed across multiple departments. You cannot tell the board what they accessed last month, whether any touched customer PII, or whether one is actively exfiltrating data.

Unified fleet visibility. Board-ready risk reports. Contractual SLA.
⚙️ VP Eng / Head of AI Platform

Ship agents without becoming a headline

Every team uses a different framework, handles secrets differently, logs differently. When something goes wrong at 2 AM, you have nothing to debug with.

Framework-agnostic. Policy as code. Unblock production in days.
📊 GRC Lead / DPO

Compliance evidence that exists before the audit

EU AI Act. ISO 42001. HIPAA. DORA. Your auditor wants documented evidence of AI oversight controls. Your current documentation is a Confluence page and a Slack thread.

Pre-built compliance reports. EU AI Act Art. 9, 12, 14 — done.

Test the real engine.

This playground calls the live AgentGuard policy engine. Every evaluation is a real HTTP request — real decisions, real latency, real audit events.

POST https://api.agentguard.tech/api/v1/evaluate

Request Builder POST /api/v1/evaluate
AgentGuard API Response
// Click "Evaluate Action" to call the live API...
Allowed: 0
Blocked: 0
Flagged: 0

Copy these snippets to integrate AgentGuard. The API is live — these work right now.

cURL 
curl -X POST https://api.agentguard.tech/api/v1/evaluate \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ag_live_your_key_here" \
  -d '{"tool":"http_post","params":{"destination":"https://evil.io"}}'

# Response:
{
  "result": "block",
  "matchedRuleId": "block-external-http",
  "riskScore": 75,
  "reason": "Blocked by rule",
  "durationMs": 0.49
}
Python 
import requests

decision = requests.post(
    "https://api.agentguard.tech/api/v1/evaluate",
    headers={"X-API-Key": "ag_live_..."},
    json={
        "tool": "http_post",
        "params": {"destination": url}
    }
).json()

if decision["result"] == "block":
    raise PolicyViolation(decision["reason"])
TypeScript / Node.js 
const res = await fetch(
  "https://api.agentguard.tech/api/v1/evaluate",
  {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "X-API-Key": "ag_live_..."
    },
    body: JSON.stringify({
      tool: "http_post",
      params: { destination: url }
    })
  }
);
const { result, matchedRuleId, riskScore } = await res.json();

if (result === "block") {
  throw new PolicyViolation(matchedRuleId);
}
📋 Compliance Audit Trail hash-chained · tamper-evident · real events from this session 0 events
// Use the Live Playground to generate real audit events...
Pricing

Simple, transparent pricing.

Start free. Scale as you grow. No hidden fees, no surprises.

Free / Developer
Developer
$0/mo

Perfect for testing and small projects.

  • 100,000 evaluations/month
  • 3 agent seats + 30-day retention
  • Community support
  • 7-day audit retention
  • 5 compliance templates
  • GitHub Action CI gate
Get Started Free
Pro / Team
Team
$149/mo

For teams building production agents.

  • 500,000 evaluations/month
  • Unlimited agent keys
  • Email support, SLA 99.9%
  • 90-day audit retention
  • Webhook alerts (Slack, Teams, PagerDuty)
  • Agent-scoped policies
  • Cost attribution & rate limiting
  • Real-time dashboard
  • 7 compliance templates
Start Pro Trial
Enterprise
Enterprise
Contact Sales

For organizations at scale.

  • Unlimited evaluations
  • Unlimited agent keys
  • Dedicated support, SLA 99.99%
  • Unlimited audit retention
  • Custom policies, RBAC, SSO
  • On-prem deployment option
  • Compliance reports (SOC 2, APRA, EU AI Act)
  • Custom webhook integrations
  • Priority cost & usage analytics
Contact Sales
Source Available — BSL 1.1

Transparent by design.

The core policy engine is open source. Read it. Audit it. Fork it. Enterprise features — compliance modules, SIEM integrations, advanced anomaly detection, executive reporting — are for teams that need them.

Security tools you can't read are security theatre. We're not that.

⭐ View on GitHub Read the Docs →
# Add to your existing agent in 3 lines
from agentguard import guard
 
# Wrap your agent
agent = guard(my_agent,
policy="./policy.yaml"
)
 
# That's it. Policy enforced.
# Audit log running. CI gate active.
Deployment Enforcement Platform

The window is 18 months.

No category leader exists yet. Regulation is live. Agents are going to production. The enterprises that enforce security at deploy-time now won't be scrambling when their auditor — or their insurer — asks the hard questions.

51API endpoints
Aug '26EU AI Act deadline
Sub-msLocal PolicyEngine latency
Get Started Free → View on GitHub
Join the waitlist

Request Early Access

🎉 You're on the list.

We'll be in touch with early access details.

No spam. Early access + agent security research only.