Break Your AgentsAgentsAgentsAgents
Before Someone Else Does

AgentSeal is a CLI that runs on your machine. The core command, scan, runs adversarial probes against your system prompt across five attack surfaces: extraction, injection, MCP tool poisoning, RAG poisoning, and multimodal. It uses your own LLM credentials (BYOK: Claude, OpenAI, Ollama, and nine others) so your prompts never leave your provider. Results are scored on a 0 to 100 trust scale weighted across five categories, with a PDF report and a JSON finding list. Guard, Watch, and Scan-MCP extend coverage to your machine, real-time file monitoring, and remote MCP servers.

311 adversarial probes across five surfaces: 82 extraction (system prompt leakage, context recovery), 143 injection (delimiter escape, Unicode tag, BiDi, many-shot, attention shifting), 45 MCP tool poisoning (rug pull, tool shadowing, preference manipulation, schema injection), 28 RAG poisoning (memory persistence, entity substitution, sleeper triggers), and 13 multimodal (image overlay, audio jailbreak, steganographic injection). Probes are grounded in published research: MPMA, MINJA, TAMAS, HashJack, and OWASP Agentic Top 10.

Guard runs a 6-stage pipeline over every AI agent installed on your machine. It auto-discovers 27 agent configurations (Cursor, Claude Code, Windsurf, Continue, and more), scans 12 skill file formats (.cursorrules, CLAUDE.md, .windsurfrules, skill.md, etc.) through 15 analyzers covering command execution, credential exfiltration, base64 payloads, Unicode tag attacks, and third-party content exposure. It also runs cross-artifact XFLOW rules that catch compound attacks, like a skill file that reads sensitive data combined with an MCP server that can write to disk. Nobody else ships cross-artifact detection.

Watch is real-time file monitoring. Run agentseal watch and it observes your skill files, rules files, and MCP configs. When anything changes, it scans instantly against the same Guard analyzers. Malicious content gets quarantined and you get a desktop notification. Catches rug pulls, delayed payloads, and agent-framework auto-updates that silently inject new instructions.

Scan-MCP connects to any MCP server (local binary, Docker image, or remote HTTP endpoint) and runs it in a sandbox. It inspects tool descriptions statically, then invokes tools with adversarial payloads to measure actual behavior. Detects schema poisoning, description-level injection, cross-tool name collisions, and rug pulls (by comparing tool signatures against a recorded baseline). OAuth is supported for authenticated remote servers. It's the only scanner that verifies MCP tools by actually running them.

Twelve providers through a single config: Ollama (local), OpenAI, Anthropic Claude, OpenRouter, Google Gemini, DeepSeek, Groq, Together AI, LM Studio, llama.cpp, vLLM, and any HTTP endpoint that speaks the OpenAI chat API. Test against the exact model and version your production runs on. No vendor lock-in, no proxy layer.

Nowhere you don't control. AgentSeal is BYOK: your prompts go directly from the CLI to your LLM provider using your credentials. AgentSeal never sees them in transit. When you sync results to the dashboard, prompts and model configs are encrypted at rest with Fernet (AES-256). You can also run the CLI fully offline against a local Ollama model, with zero network calls and zero telemetry.

Yes. Output SARIF 2.1.0 (GitHub Advanced Security, Azure DevOps, Defect Dojo), JUnit XML, or a GitHub Actions step summary. Define policy-as-code in .agentseal.yaml with min_score, max_critical, block_on rules, and expirable ignore lists. Gate PRs with `--fail-on high` or `--min-score 70`. A drop-in GitHub Action template is provided, and Guard can run in CI too to catch poisoned skill files before they're committed.

The CLI is open-source (FSL-1.1) on PyPI and npm as `agentseal`. The free tier includes 30 basic probes, the MCP registry, Guard, and Watch, enough to audit your own machine and run light red-teams. Pro unlocks all 311 probes, runtime MCP scanning with OAuth, PDF export, and the dashboard for $19/month or $199 one-time. Because AgentSeal is BYOK, your only ongoing cost is your own LLM usage, typically $0 with Ollama or a few dollars a month with cloud models.