Open Source · Apache 2.0

Runtime protection for AI agents.

Four pillars. Three lines of code. Zero blind spots. Aegis unifies security scanning, deep observability, policy enforcement, and auto-compliance into a single SDK that wraps any AI agent.

Star on GitHub Explore Pillars ↓
$ pip install aegis-ai Click to copy
88%
of orgs report AI agent
security incidents
$3.6B
invested in AI agent
infrastructure in 2025
Aug 2026
EU AI Act enforcement
deadline for high-risk AI
4
unified pillars: security,
observability, policy, compliance
THE PROBLEM
AI agents are shipping
without a safety net.
Every major framework -- Claude Code, LangChain, CrewAI, AutoGen -- gives agents real-world power. None ships with unified runtime protection. Aegis fills that gap.
"Agents that run tools unsupervised are a loaded gun. One prompt injection and your production database is gone."
Boris Cherny
Author, Programming TypeScript
"The hottest new programming language is English. The problem is that English has no type system, no compiler, and no guardrails."
Andrej Karpathy
Former Director of AI, Tesla
"We need defense-in-depth for AI. Not just input filters -- runtime monitoring, policy enforcement, and real-time anomaly detection."
Thariq Shihipar
Research, MIT Media Lab
THE FOUR PILLARS
One SDK. Four layers of protection.
Aegis wraps your agent in a unified shield. Every action flows through four specialized engines -- all wired together through a single event bus.
Security Engine
Real-time threat detection that scans every tool call, shell command, and file operation before it executes.
  • Command injection detection (rm -rf, curl|bash, fork bombs)
  • Credential exposure scanning (API keys, tokens, secrets)
  • Data exfiltration detection (sensitive read + outbound HTTP)
  • SQL injection and path traversal blocking
  • Auto-block critical and high-severity threats
Observability Tracer
Deep tracing for every agent action with structured spans, latency tracking, and cost attribution.
  • Structured traces with OpenTelemetry-compatible spans
  • Token usage and cost estimation per model
  • Latency tracking (avg + p95) per tool call
  • Event timeline with full parent-child relationships
  • Cost attribution per session, agent, and model
Policy Engine
Declarative rules that enforce what agents can and cannot do, with YAML configuration and real-time evaluation.
  • Allow / Block / Alert / Escalate decisions
  • YAML-based rule definitions
  • Pattern matching on tools, commands, paths, and hosts
  • Permission tiers (read-only, workspace, elevated, full)
  • Human-in-the-loop escalation for sensitive actions
Compliance Reporter
Auto-generate compliance evidence packages from runtime data for SOC 2, EU AI Act, and ISO 42001.
  • SOC 2 Type II evidence (CC6.1, CC6.6, CC7.2, CC8.1)
  • EU AI Act conformity (Articles 9, 12, 13, 14, 15)
  • ISO/IEC 42001 AI management system audits
  • Full audit trail with timestamps and agent identity
  • One-command report generation for any framework
ARCHITECTURE
How Aegis protects your agent
Every action flows through a unified event bus. Four engines subscribe, analyze, and act in real time.
AI Agent
Claude, GPT, LangChain,
CrewAI, AutoGen
Aegis Core
Event bus, agent identity,
session management
4 Pillars
Security, Observability,
Policy, Compliance
Dashboard + Reports
Real-time monitoring,
compliance evidence
CODE
Three lines to protect any agent
Aegis wraps your agent framework with zero friction. Drop it in, ship it safe.
Basic
Anthropic
Policy Rules
Compliance
from aegis import Aegis # Three lines. Full protection. shield = Aegis(agent_name="deploy-bot") with shield.session("deploy-task") as s: s.tool_call("bash", command="npm run build") s.shell_exec("npm test", output="All 42 tests passed") s.file_write("./dist/bundle.js") s.http_request("POST", "https://api.deploy.io/v1", status_code=200) # Full summary: security, metrics, policy, compliance print(shield.summary())
import anthropic from aegis import Aegis client = anthropic.Anthropic() shield = Aegis( agent_name="code-assistant", agent_model="claude-sonnet-4-20250514", agent_framework="anthropic-sdk", ) with shield.session("code-review") as s: # Track LLM request s.llm_request("Review this PR for security issues", model="claude-sonnet-4-20250514", tokens=1200) # Track tool usage s.tool_call("read_file", path="src/auth.py") s.file_read("src/auth.py") # Track LLM response s.llm_response("Found 2 issues...", model="claude-sonnet-4-20250514", tokens=800) # Cost tracking included print(shield.summary()["metrics"]["total_cost_usd"])
from aegis import Aegis from aegis.policy.rules import RuleSet # Define policy rules in YAML rules = RuleSet.from_yaml(""" rules: - name: no-production-writes description: Block writes to production database event_types: [tool.call, exec.shell] pattern: "production.*write|prod.*delete" action: block severity: critical - name: require-approval-for-deploy description: Escalate deployment actions event_types: [tool.call] pattern: "deploy|publish|release" action: escalate severity: high - name: alert-on-external-api description: Alert on external API calls event_types: [exec.http.request] pattern: "https?://(?!internal\\\\.)" action: alert severity: medium """) shield = Aegis(agent_name="deploy-bot", policy=rules)
from aegis import Aegis import json shield = Aegis(agent_name="data-pipeline") # ... run agent sessions ... # Generate SOC 2 compliance evidence soc2 = shield.compliance_report("soc2") print(json.dumps(soc2, indent=2)) # Generate EU AI Act conformity assessment eu = shield.compliance_report("eu_ai_act") # Generate ISO 42001 audit evidence iso = shield.compliance_report("iso42001") # Reports include: # - Agent identity + fingerprint # - Access control evidence # - Threat detection records # - Policy enforcement audit trail # - Monitoring evidence # - Incident response documentation
COMPARISON
Why Aegis wins
Other tools solve one slice. Aegis is the full shield.
Capability Aegis Lakera Guard LangSmith Zenity Manual
Runtime threat detection Yes Yes No Partial No
Action-level blocking Yes Partial No Partial No
Deep observability / traces Yes No Yes No No
Cost attribution per agent Yes No Partial No No
Policy engine (YAML rules) Yes No No Partial Manual
SOC 2 compliance reports Auto No No Partial Manual
EU AI Act compliance Auto No No No Manual
Agent identity management Yes No No Partial No
Open source Yes No No No N/A
Setup effort 3 lines API SDK Enterprise Weeks
PRICING
Start free. Scale when ready.
The core SDK is open source forever. Pro and Enterprise add hosted dashboards, team features, and priority support.
Free / OSS
$0 forever
Full SDK. All 4 pillars. Self-hosted.
  • Security engine with auto-blocking
  • Full observability and tracing
  • Policy engine with YAML rules
  • Compliance reports (SOC 2, EU AI Act, ISO)
  • Unlimited agents and sessions
  • Community support
Get Started
Pro
$99 /mo
Hosted dashboard. Team collaboration. Priority support.
  • Everything in Free
  • Hosted real-time dashboard
  • Team access (up to 10 seats)
  • Slack/webhook alerts
  • 30-day event retention
  • Email support (24h SLA)
Start Free Trial
Enterprise
$799 /mo
SSO, dedicated support, custom compliance, SLA.
  • Everything in Pro
  • SSO / SAML integration
  • Unlimited seats
  • Custom compliance frameworks
  • 90-day event retention
  • Dedicated support engineer
  • 99.9% uptime SLA
Contact Sales

Protect your agents before the breach.

Aegis is open source and ready to ship. Three lines of code stand between your agents and the next incident.

Star on GitHub View Code Examples
$ pip install aegis-ai Click to copy