AgentShield is a robust, enterprise-grade AI Agent Security Firewall designed to intercept, analyze, and neutralize security vulnerabilities, jailbreak attempts, and prompt injection attacks in real-time. By leveraging a multi-layered security architecture, AgentShield protects your AI systems without altering existing business logic.
- 🛡️ Multi-Layer Prompt Injection Defense: Advanced heuristics matching known jailbreaks, adversarial templates, base64/hex encoding evasions, and zero-width spaces.
- 🔤 Homoglyph Normalization: Resolves visual mimicry attacks (e.g., Cyrillic or Greek lookalikes like
ιgnοrε ρrενιους) to standard Latin representations using NFKC Unicode normalization. - 🤖 Machine Learning Classifier: TF-IDF Vectorizer + Logistic Regression pipeline designed to detect novel, unseen injection vectors dynamically.
- 📈 Time-Based Anomaly Tracker: Analyzes rolling window threats per client/user identity to flag brute-force exploration or scanning attempts.
- 🛠️ Tool-Calling Guard: Validates tool arguments and prevents unauthorized OS command executions (e.g.,
subprocess.run,eval,shutil.rmtree). - 🔒 Identity Verification & Cryptographic Isolation: Integrates an authentication layer requiring a security question. Successfully verifying the identity derives a 32-byte master key via PBKDF2 (100,000 rounds) used to encrypt and isolate local storage.
- 💾 Encrypted Local Memory: AES-256 (Fernet) client-memory layer ensuring zero plaintext leaks of sensitive credentials or conversation histories.
- 🔌 Auto-Protect Middleware: Explicit single-line monkey patching (
import agentshield; agentshield.init()) to protectopenairesources and outgoingrequeststo AI model endpoints automatically. - 🏷️ Data Masking & Leakage Blocker: Automatically redacts sensitive patterns (such as Bearer Tokens/API keys) and strips markdown exfiltration links.
Install AgentShield directly from PyPI:
pip install agentshield-firewallOr install it locally:
pip install .Set up your security question, answer, and retrieve your recovery code:
python setup_auth.pyEnable AgentShield globally in your application with a single initialization line:
import agentshield
agentshield.init()
# That's it! Your OpenAI calls and outgoing requests are now protected.Or, protect specific agent functions using the @secure_agent wrapper:
from agentshield import secure_agent
@secure_agent()
def run_my_agent(user_prompt: str) -> str:
# Your LLM logic here
return responseAgentShield includes a cyber-security dashboard to test different LLM security evasion vectors:
- Start the local server:
python -m http.server 8000 --directory docs
- Open http://localhost:8000 in your web browser.
- Select attack presets like Homoglyph Evasion or JSON Injection and observe AgentShield block them in real-time.
To run the complete firewall security suite:
python test_shield.pyTo run the authentication and cryptographic isolation test suite:
python test_auth.pyTo run the automated library intercept and patching tests:
python test_auto_protect.pyagentshield/
├── auth.py # Identity management & Master Key derivation
├── encrypted_memory.py # AES-256 encrypted database client-storage
├── firewall.py # Main AgentShieldFirewall orchestration
├── rules.py # Pattern matchers, split-token & structured parser
├── config.py # Security thresholds and redaction configurations
├── ml_classifier.py # Fallback-safe TF-IDF Machine Learning model
├── anomaly.py # Threat scoring statistics and rolling window tracking
├── auto_protect.py # Monkey patching hooks for OpenAI and network requests
├── sitecustomize_injector.py # Global bootstrap register tool
├── wrappers.py # Client decorators (@secure_agent, @rate_limit)
├── setup.py # Setuptools installer
├── requirements.txt # Optional machine learning dependencies
└── test_shield.py # Comprehensive unit tests
This project is licensed under the Apache 2.0 License.