๐Ÿ”ฅ RSAC 2026: Agent security is the #1 category. We're the developer-first player.

Your agents shouldn't overspend or overreach.

The security & cost control layer for AI agents. Budget limits, auth isolation, and MCP policy enforcement โ€” in one SDK.

๐Ÿ’ฐ Cost Controls
๐Ÿ” Auth Isolation
โšก MCP Policy Enforcement
from agentguard import guard

# Cost controls + auth isolation + MCP policies. 3 lines.
client = guard(
    openai.OpenAI(),
    budget="$0.50/run",
    auth="isolated",       # per-agent credential vault
    mcp_policy="read-only",  # enforce tool-call rules
    fallback="gpt-5.4-nano",
    on_limit="graceful_stop"
)

Works with OpenAI, Anthropic, Google, and any OpenAI-compatible API. Framework agnostic.

Get Started โ†’ View on GitHub

Three threats. One SDK.

Every AI agent you deploy creates three attack surfaces. AgentGuard closes all of them.

$4.72

Runaway Costs

One agent workflow. GPT-5.4 reasoning loops, subagent spawning, retry cascades. Your API bill explodes while you sleep.

โ†’ Guard: Per-workflow budgets + auto model downgrade + hard kill switch
๐Ÿ”“

Credential Sprawl

Agents share API keys, inherit full machine privileges, and access data they shouldn't. One compromised agent = every credential exposed.

โ†’ Shield: Per-agent credential isolation + OAuth scope enforcement + rotation
โšก

Ungoverned Tool Access

MCP tools give agents direct access to databases, filesystems, and APIs. No policy enforcement. No audit trail. No oversight.

โ†’ Sentinel: MCP tool-call interception + policy enforcement + audit logging

See the difference.

Same agent workflow. Without AgentGuard: $4.72 and unrestricted access. With AgentGuard: $0.30, isolated credentials, and every tool call governed.

๐Ÿค– GPT-5.4 reasoning (planning)$0.12
๐Ÿ”ง Tool call โ†’ search codebase$0.08
๐Ÿค– GPT-5.4 analysis (large context)$0.85
๐Ÿ”„ Retry (hallucination)$0.92
๐Ÿค– Subagent: review docs (GPT-5.4)$1.20
๐Ÿค– Subagent: format output (GPT-5.4)$0.95
Without AgentGuard$4.72 ยท Full access ยท No audit
โ–ผ WITH AGENTGUARD โ–ผ
๐Ÿค– GPT-5.4 reasoning$0.12
๐Ÿ”ง Tool call โ†’ policy check โœ“ALLOWED
๐Ÿ›ก๏ธ 80% budget โ†’ auto-downgradeDOWNGRADE
๐Ÿ” Credential check โ†’ isolated vaultISOLATED
๐Ÿค– Nano model (subagent tasks)$0.10
With AgentGuard$0.30 ยท Isolated ยท Audited โœ“

Everything your agents need. Nothing they don't.

Three layers of protection, one import statement.

๐Ÿ’ฐ

Per-Workflow Budgets

Set max spend per run, per user, or per feature. Budgets enforced in real-time, not after the invoice arrives.

GUARD
โฌ‡๏ธ

Auto Model Downgrade

At 80% budget, transparently route to cheaper models. GPT-5.4 โ†’ nano, Opus โ†’ Haiku. Quality degrades gracefully.

GUARD
๐Ÿ›‘

Hard Kill Switch

At budget cap, gracefully terminate and return a summary. No infinite loops, no runaway costs.

GUARD
๐Ÿ”

Credential Isolation

Each agent gets its own vault-backed credentials. No shared keys, no inherited privileges, no blast radius.

SHIELD
๐Ÿชช

Agent Identity Registry

Every agent registered with unique identity, defined capabilities, and an owner. Full visibility into who deployed what.

SHIELD
๐Ÿ”„

OAuth Scope Enforcement

Agents only get the permissions they need. Scope enforcement per agent, per tool, per user. Least privilege by default.

SHIELD
โšก

MCP Tool-Call Interception

Every MCP tool call evaluated against your policy rules before execution. Violations blocked, logged, and alerted.

SENTINEL
๐Ÿ“‹

Natural Language Policies

"Agents cannot access PII without approval." Write rules in English, enforce them deterministically. No code required.

SENTINEL
๐Ÿ“Š

Compliance Reports

Generate audit-ready reports mapped to EU AI Act, NIST AI RMF, and ISO 42001. Proof when regulators ask.

SENTINEL

Start with cost control. Scale to full security.

Every tier includes everything below it. No hidden costs.

Guard Core

$0
forever ยท open source
  • Per-workflow budget caps
  • Auto model downgrade
  • Hard kill switch
  • CLI cost reports
  • 10K tracked calls/mo
  • All providers supported
Install Free โ†’

Guard Pro

$49
/month
  • Everything in Free
  • 100K tracked calls/mo
  • Web dashboard
  • Slack/Discord alerts
  • Cost anomaly detection
  • Per-user budget tracking
  • 30-day cost history
Get Started โ†’

Shield

$149
/month
  • Everything in Guard Pro
  • Per-agent credential isolation
  • OAuth scope enforcement
  • Agent identity registry
  • Permission drift detection
  • Credential rotation
  • 500K tracked calls/mo
  • 90-day history
Get Started โ†’

Sentinel

$349
/month
  • Everything in Shield
  • MCP tool-call interception
  • Natural language policies
  • Per-tool access control
  • Real-time violation alerts
  • Compliance report generation
  • 1M tracked calls/mo
  • 1-year history ยท Priority support
Get Started โ†’

Need unlimited calls, SSO, SLA, or GRC integration? Contact us for Fortress (Enterprise).
๐Ÿ” Also using MCP servers? Save with the MCP Security Stack bundle โ†’

Get Started in Seconds

Install AgentGuard in seconds. Works with OpenAI, Anthropic, and any OpenAI-compatible API.

pip install agentguard
agentguard init
View on GitHub โ†’ Read Docs โ†’