DEV Community

Dilawar Gopang
Dilawar Gopang

Posted on

Why I Built a Black Box for AI Agents

#ai #cybersecurity #opensource #python

AI agents are going autonomous. Who is watching them?

AI agents are no longer just chatting; they are doing. Claude Code, Cursor, Copilot, Devin — they edit files, run shell commands, install packages, and access credentials.

And nobody is watching.

You finish a coding session and have no idea what actually happened. What files were modified? What commands were executed? Did the agent touch your .env file? Your SSH keys? Did it curl something to an external URL?

That's insane. So I built Unworldly.

What It Does

Unworldly is a flight recorder for AI agents. Run it before your AI agent, and it silently records everything:

  • File changes — Every create, modify, and delete.
  • Shell commands — Every npm install, curl, rm -rf.
  • Risk scoring — Flags dangerous behavior in real-time.
  • Agent identity — Detects which AI agent is running.
  • Tamper-proof logs — SHA-256 hash chain on every event. If someone edits the logs, the chain breaks.

bash
pip install unworldly-recorder
unworldly watch
# That's it. Everything is now recorded.
The "Oh Shit" Moment
Here's what Unworldly looks like when an AI agent starts doing dangerous things:

Safe operations show in green. Caution in yellow. And when an agent touches your credentials, SSH keys, or runs rm -rf / — bright red DANGER flags.

HIPAA PHI Detection
If you're in healthcare, run with --hipaa:

Bash
unworldly watch --hipaa
This activates 52 detection patterns for Protected Health Information:

File Formats: HL7, FHIR, DICOM, CDA, X12.

SQL Queries: Detects queries on patient tables.

API Calls: FHIR API calls to EHR systems (Epic, Cerner, Athena).

Cloud Services: Google Cloud Healthcare, Azure Health Data Services.

If an AI agent touches a .hl7 file or runs SELECT * FROM patients, Unworldly catches it instantly.

Tamper-Proof by Design
Every event gets a SHA-256 hash that chains to the previous event. The session is sealed with a final hash on save. Verify anytime:

Bash
unworldly verify

# ✓ All 47 events have valid hash chain
# ✓ Session seal is intact — no tampering detected
If anyone modifies a single event, the chain breaks. This satisfies ISO 42001 audit control requirements.

Replay and Reports
Replay any session like a DVR:

Bash
unworldly replay
Generate a security audit report:

Bash
unworldly report --format md
It Works With Any Agent
Unworldly auto-detects: Claude Code, Cursor, GitHub Copilot, Windsurf, Devin, Aider, OpenClaw, and Cline. It works with any agent because it monitors the filesystem and processes, rather than relying on specific agent integrations.

Open Source
MIT licensed. 185 tests. CI on 12 environments (4 Python versions × 3 operating systems).

GitHub: DilawarShafiq/unworldly

PyPI: unworldly-recorder

Bash
pip install unworldly-recorder
You wouldn't run production code without logs. Why are you running AI agents without a black box?
Enter fullscreen mode Exit fullscreen mode

Top comments (0)