The security kernel
for AI agents
Drop-in trust boundary for any agent system. Cryptographic identity, real-time policy enforcement, memory integrity, and automatic quarantine — in one SDK import.
Free trial · No credit card required · Cancel anytime
4
Hardened security agents
10/10
OWASP Agentic coverage
< 5ms
Policy check latency
256-bit
Ed25519 cryptography
The problem
AI agents are a new attack surface
Existing security tools were built for humans and APIs. They don't understand agent goals, tool scopes, or memory semantics.
No identity between agents
Agents call each other with no cryptographic proof of who they are. Any compromised agent can impersonate any other.
No policy enforcement
Tool calls execute with no governance layer. A prompt injection attack can exfiltrate data, spawn processes, or delete records.
Memory is a silent attack surface
Poisoned vectors persist silently and corrupt future decisions. There's no anomaly detection on what agents write to memory.
How it works
Four hardened agents.
One trust boundary.
Guardian runs alongside your agents, not inside them. It intercepts, validates, and enforces — invisibly.
Identity Agent
LangGraphIssues cryptographically signed passports per agent. Ed25519 signatures — forgery is computationally impossible, not just policy.
Governance Agent
CrewAIIntercepts every tool call before execution. Semantic drift detection, param validation, privilege ceiling enforcement — in real time.
Memory Guardian
pgvectorAppend-only vector store with anomaly detection on every write. Poison a memory vector and you get flagged before it spreads.
Containment Agent
LangGraphFour escalation tiers from warn to terminate. Human override webhook. Quarantine freezes all pending tool calls instantly.
Integration
One import.
Fully protected.
Guardian wraps your existing agents. No architectural changes, no new infrastructure, no rewrite. Import, register, check.
pip install guardian-sdkPython and TypeScript SDKs
g = Guardian(api_key=...)Connect with your API key
await g.governance.check(...)Every tool call is now enforced
#a5d6ff">"color:#ff7b72">from guardian "color:#ff7b72">import Guardian
g = Guardian(api_key=#a5d6ff">"gai_live_••••••••••••")
# Register your agent with scoped permissions
passport = #a5d6ff">"color:#ff7b72">await g.identity.register(
agent_id=#a5d6ff">"research-agent-01",
scopes=[#a5d6ff">"tools:web_search", "memory:read"],
)
# Every tool call now enforced by policy
#a5d6ff">"color:#ff7b72">await g.governance.check(
passport=passport,
tool=#a5d6ff">"web_search",
params={#a5d6ff">"query": "quarterly report"},
goal=#a5d6ff">"Summarize Q3 financials",
)
# → {"decision": "allow", "confidence": 0.97}
# Memory writes are anomaly-checked automatically
#a5d6ff">"color:#ff7b72">await g.memory.write(passport, vector=embedding, metadata={
#a5d6ff">"source": "web", "timestamp": "2026-05-03"
})
Features
Everything you need.
Nothing you don't.
Zero-config integration
One import. Guardian wraps your existing agents — no architectural changes.
Full observability
Every decision logged to an immutable audit table with structured JSON.
Policy as code
Governance rules stored in Supabase, hot-reloaded every 30s without restarts.
Multi-tenant ready
Namespace isolation, scoped API keys, and per-org dashboards out of the box.
Crypto-bound identity
Passports are Ed25519 signed. Revoke in milliseconds, not minutes.
Real-time risk scoring
Per-agent risk scores updated continuously from governance decisions.
Security coverage
OWASP Agentic Top 10
Every category covered. Not just detected — actively blocked.
Pricing
Simple, transparent pricing
Start free. Scale when you need to.
Starter
For individual developers and small experiments.
Pro
For teams shipping production AI agents.
Enterprise
Unlimited scale, SLA, dedicated support.
Start protecting your agents today
Free tier includes 5 agents and 10,000 governance checks per month. No credit card, no commitment.