Built runtime security for AI agents

Atanas Egriderliev — Wed, 18 Feb 2026 22:08:39 +0000

Noticed that a big gap is that there's no standard way to control what agents are allowed to do at runtime.
If an agent gets manipulated (via prompt injection) or just makes a bad decision, it can cause real damage before you notice. Examples I've seen:

Agent exports entire customer database
Agent emails PII to external addresses
Agent makes unauthorised financial transactions
Agent installs compromised tools

So I built Agent-SPM - a security layer that enforces policies on agent actions in real-time.

How it works:

You define what your agent can/can't do in a policy file.
Every action the agent wants to take gets checked against these rules before execution. It's like a firewall, but for AI agents instead of network traffic.

What I'm trying to solve:

Prevent data leaks (detect SSNs, credit cards, API keys in tool arguments)
Stop unauthorised actions (no bulk exports, no dangerous commands)
Enable human oversight (require approval for high-risk operations)
Emergency controls (kill switch to disable rogue agents)
Compliance (automatic audit trails for regulations)

Technical details:

Open source (MIT license)
Works with any LLM framework (LangChain, CrewAI, Claude, custom)
Zero infrastructure (runs in your agent's process)
8 composable packages (install only what you need)

Repo: https://github.com/mlnas/agent-runtime-security

Would genuinely appreciate feedback and/or contributions.

DEV Community: Atanas Egriderliev

Built runtime security for AI agents