v0.2.2

What's New

Pre-built Attack Corpus

• immune.load_default_corpus() — instantly loads 50 curated attack patterns across 11 languages
• Categories: injection, exfiltration, indirect, encoding bypass, roleplay, social engineering
• Immediate protection without any training data needed

CrewAI Integration

• New examples/crewai_guard.py with SecureToolWrapper class
• Wraps any tool callable with input assessment + output scanning
• Works with any CrewAI agent/task workflow

Improved README

• Rewritten "Try it now" with Python code example and output table
• Added pre-built corpus section
• Better discoverability: 10 GitHub topics, expanded PyPI keywords

Full Changelog

https://github.com/denial-web/agent-immune/blob/main/CHANGELOG.md

v0.2.1

Patch release: adds MCP Registry verification tag and server.json manifest for official MCP Registry submission.

v0.2.0

What's New in 0.2.0

Multilingual Detection (5 new languages)

• Injection patterns for Chinese, Japanese, Korean, Arabic, and Hindi — 12 new patterns total
• Generalized script-mixing detector now covers all non-Latin scripts (previously Khmer-only)
• Total: 11 languages (EN, DE, ES, FR, HR, RU, ZH, JA, KO, AR, HI)

Indirect Injection Detection

• HTML comment injection, markdown comment injection, confused deputy attacks, URL-embedded payloads
• Gated behind SecurityPolicy.detect_indirect_injection flag (enabled by default)

Configurable Output Scanner

• New OutputScannerConfig model with per-category weights (PII, credentials, base64, hex)
• Reduced false positives: SHA-256/512 hex hashes exempted, base64 requires threat keywords, bare JWT heuristic

Fast Memory Search

• Optional hnswlib-backed HNSW approximate nearest neighbor index — O(log n) instead of O(n)
• Install: pip install 'agent-immune[fast-memory]'

MCP Server Fixes

• learn_threat now correctly stores entries (was silently failing due to missing memory bank)
• Fallback embedder status surfaced in tool responses

Other Improvements

• Public AdversarialMemoryBank.add_threat_batch() API for bulk loading
• TextEmbedder.using_fallback property with degradation warnings
• Test fixtures diversified: 28 genuinely distinct attack patterns across multiple categories and languages
• 181 tests, 0 lint errors

Full Changelog: https://github.com/denial-web/agent-immune/blob/main/CHANGELOG.md

v0.1.1

What's new

• PyPI now includes MCP server — pip install 'agent-immune[mcp]' works directly from PyPI
• Automated PyPI publishing — GitHub Actions workflow publishes on every release tag
• CI tests MCP on Python 3.12+ (graceful skip on 3.9)
• py.typed marker for PEP 561 typed package support
• CONTRIBUTING.md and SECURITY.md added
• glama.json for Glama marketplace integration

Install: pip install agent-immune==0.1.1 or pip install 'agent-immune[mcp]' for MCP server support.

v0.1.0 — Initial release

agent-immune v0.1.0

Adaptive threat intelligence for AI agent security.

Highlights

• Input assessment — regex + semantic memory detect prompt injection, including rephrased attacks
• Output scanning — credentials, PII, system prompt leaks, encoded payloads
• Semantic memory — learn() from incidents, catch unseen attacks via similarity (F1: 0.685 → 0.865)
• Multi-turn escalation — per-session trajectory tracking
• Prompt hardening — role-lock, input sandboxing, output guards
• Circuit breaker — per-session rate limiting with auto-deny
• MCP server — python -m agent_immune serve with stdio, SSE, and streamable-http transports
• Observability — MetricsCollector with counters, latency, structured JSON events
• Async API — assess_async, assess_output_async, learn_async
• Adapters — Microsoft Agent OS, LangChain, MCP middleware

Install

pip install agent-immune              # core (regex-only, no GPU)
pip install 'agent-immune[memory]'    # + semantic memory
pip install 'agent-immune[mcp]'       # + MCP server

Stats

• 179 tests, 94% coverage
• Zero false positives across all benchmark datasets
• Apache-2.0 license