🔥 RSAC 2026: Agent security is the #1 category. We're the developer-first player.

Your agents shouldn't overspend or overreach.

The security & cost control layer for AI agents. Budget limits, auth isolation, and MCP policy enforcement — in one SDK.

💰 Cost Controls
🔐 Auth Isolation
MCP Policy Enforcement
📊 Token Metering
from agentguard import guard

# Cost controls + auth isolation + MCP policies. 3 lines.
client = guard(
    openai.OpenAI(),
    budget="$0.50/run",
    auth="isolated",       # per-agent credential vault
    mcp_policy="read-only",  # enforce tool-call rules
    fallback="gpt-5.4-nano",
    on_limit="graceful_stop"
)

Works with OpenAI, Anthropic, Google, and any OpenAI-compatible API. Framework agnostic.

Get Started → View on GitHub

Three threats. One SDK.

Every AI agent you deploy creates three attack surfaces. AgentGuard closes all of them.

$4.72

Runaway Costs

One agent workflow. GPT-5.4 reasoning loops, subagent spawning, retry cascades. Your API bill explodes while you sleep.

→ Guard: Per-workflow budgets + auto model downgrade + hard kill switch
🔓

Credential Sprawl

Agents share API keys, inherit full machine privileges, and access data they shouldn't. One compromised agent = every credential exposed.

→ Shield: Per-agent credential isolation + OAuth scope enforcement + rotation

Ungoverned Tool Access

MCP tools give agents direct access to databases, filesystems, and APIs. No policy enforcement. No audit trail. No oversight.

→ Sentinel: MCP tool-call interception + policy enforcement + audit logging

See the difference.

Same agent workflow. Without AgentGuard: $4.72 and unrestricted access. With AgentGuard: $0.30, isolated credentials, and every tool call governed.

🤖 GPT-5.4 reasoning (planning)$0.12
🔧 Tool call → search codebase$0.08
🤖 GPT-5.4 analysis (large context)$0.85
🔄 Retry (hallucination)$0.92
🤖 Subagent: review docs (GPT-5.4)$1.20
🤖 Subagent: format output (GPT-5.4)$0.95
Without AgentGuard$4.72 · Full access · No audit
▼ WITH AGENTGUARD ▼
🤖 GPT-5.4 reasoning$0.12
🔧 Tool call → policy check ✓ALLOWED
🛡️ 80% budget → auto-downgradeDOWNGRADE
🔐 Credential check → isolated vaultISOLATED
🤖 Nano model (subagent tasks)$0.10
With AgentGuard$0.30 · Isolated · Audited ✓

Meter every token. Bill every agent.

Track token consumption across all your AI agents in real time. Connect Stripe, meter usage, and bill clients automatically.

🤖 OpenAI · GPT-5.412,450 tokens$0.18
🤖 Anthropic · Claude Opus8,230 tokens$0.12
🤖 Ollama · DeepSeek3,100 tokens$0.04
🤖 OpenAI · GPT-5.4 mini5,600 tokens$0.02
AgentGuard Token Meter29,380 tokens · $0.36→ Stripe invoice auto-generated

Multi-provider tracking · Usage-based Stripe billing · Per-customer rate limiting · Cost analytics dashboard

Everything your agents need. Nothing they don't.

Three layers of protection, one import statement.

💰

Per-Workflow Budgets

Set max spend per run, per user, or per feature. Budgets enforced in real-time, not after the invoice arrives.

GUARD
⬇️

Auto Model Downgrade

At 80% budget, transparently route to cheaper models. GPT-5.4 → nano, Opus → Haiku. Quality degrades gracefully.

GUARD
🛑

Hard Kill Switch

At budget cap, gracefully terminate and return a summary. No infinite loops, no runaway costs.

GUARD
📊

Real-Time Token Tracking

Monitor token consumption across OpenAI, Anthropic, and Ollama agents in real-time with zero latency.

GUARD
💳

Usage-Based Stripe Billing

Automatically invoice clients based on actual token usage. Connect Stripe once, bill all agent costs accurately.

GUARD
🚦

Rate Limiting & Quotas

Prevent runaway token usage with configurable rate limits and spending caps per agent, per user, per endpoint.

GUARD
🔐

Credential Isolation

Each agent gets its own vault-backed credentials. No shared keys, no inherited privileges, no blast radius.

SHIELD
🪪

Agent Identity Registry

Every agent registered with unique identity, defined capabilities, and an owner. Full visibility into who deployed what.

SHIELD
🔄

OAuth Scope Enforcement

Agents only get the permissions they need. Scope enforcement per agent, per tool, per user. Least privilege by default.

SHIELD

MCP Tool-Call Interception

Every MCP tool call evaluated against your policy rules before execution. Violations blocked, logged, and alerted.

SENTINEL
📋

Natural Language Policies

"Agents cannot access PII without approval." Write rules in English, enforce them deterministically. No code required.

SENTINEL
📊

Compliance Reports

Generate audit-ready reports mapped to EU AI Act, NIST AI RMF, and ISO 42001. Proof when regulators ask.

SENTINEL

Start with cost control. Scale to full security.

Every tier includes everything below it. No hidden costs.

Guard Core

$0
forever · open source
  • Per-workflow budget caps
  • Auto model downgrade
  • Hard kill switch
  • CLI cost reports
  • 10K tracked calls/mo
  • All providers supported
Install Free →

Guard Pro

$49
/month
  • Everything in Free
  • 100K tracked calls/mo
  • Web dashboard
  • Slack/Discord alerts
  • Cost anomaly detection
  • Per-user budget tracking
  • Multi-provider token metering
  • Stripe billing integration
  • 30-day cost history
Get Started →

Shield

$149
/month
  • Everything in Guard Pro
  • Per-agent credential isolation
  • OAuth scope enforcement
  • Agent identity registry
  • Permission drift detection
  • Credential rotation
  • 500K tracked calls/mo
  • 90-day history
Get Started →

Sentinel

$349
/month
  • Everything in Shield
  • MCP tool-call interception
  • Natural language policies
  • Per-tool access control
  • Real-time violation alerts
  • Compliance report generation
  • 1M tracked calls/mo
  • 1-year history · Priority support
Get Started →

Need unlimited calls, SSO, SLA, or GRC integration? Contact us for Fortress (Enterprise).
🔍 Also using MCP servers? Save with the MCP Security Stack bundle →

Get Started in Seconds

Install AgentGuard in seconds. Works with OpenAI, Anthropic, and any OpenAI-compatible API.

pip install agentguard
agentguard init
View on GitHub → Read Docs →