This post is half celebration (10k+ downloalds!!), half technical write-up of the thing I'm most excited about: an AI agent can now discover, evaluate, and provision an Ethicore Engine™ Guardian API key entirely on its own, no human account, no signup form, no dashboard.
If you're building agents, the self-provisioning pattern below is reusable for any API. If you're building with untrusted input (and every LLM input is untrusted), the detection layer is the point.
The problem: agents are a new kind of caller
Traditional APIs assume a human got an account, clicked through a dashboard, and copied a key. Agents don't do that. An autonomous agent needs to:
- Discover that your API exists and what it does,
- Understand the price and terms — programmatically, and
- Provision access — without a person in the loop.
And if the API is a security layer, there's a second-order problem: a trust layer has to be trustworthy itself. An agent that's been told "verify your safety middleware" needs a way to confirm it's actually talking to the real thing and not a spoof.
Self-provisioning is the delivery mechanism. The product is the detection. Guardian runs a layered pipeline on every input:
-
Pattern matching with obfuscation normalization (it de-leets
1gn0r3 4lland un-reverses reversed payloads before matching, so the same patterns catch the obfuscated variants). - Semantic analysis — ONNX MiniLM embeddings against a managed fingerprint database (2,900+ fingerprints across 160+ threat categories).
- Gradient-boosted ML inference, plus behavioral session heuristics.
- Full agentic-loop coverage the input-only tools miss: it validates every tool call the model proposes before execution, and scans every tool result before it re-enters the agent's context (that's where indirect injection lives).
In our open benchmark suite, the API tier hits F1 0.981 vs Lakera Guard's 0.823, and a recall of 0.995 — it misses far fewer real attacks at essentially tied precision. (Benchmark + methodology are public; "open" means you can reproduce it, not that it's third-party-audited — I'd rather be precise.)
There's a free community tier that runs locally — no API key, no network call: pip install ethicore-engine-guardian
Add an API key to unlock the full pipeline — 160+ categories, the ONNX semantic layer, and the agentic tool-call/output scanning: https://portal.oraclestechnologies.com
The agentic web needs primitives for agents to find and pay for services without a human babysitting every step — and security tooling has to be first in line, because an unguarded agent with tool access is a privilege-escalation attack waiting to happen. Self-provisioning + signed responses + a real detection pipeline is our take on that.
If it's useful:
- Star it: https://github.com/OraclesTech/guardian-sdk
-
Install it:
pip install ethicore-engine-guardian -
Point an agent at it:
GET https://oraclestechnologies.com/llms.txt - Docs / API: https://portal.oraclestechnologies.com
Intelligence With Integrity. — Oracles Technologies LLC
Top comments (0)