Guides

Runtime Protection

A complete guide to protecting AI agents at runtime — from first deployment to full enforcement.

The runtime security lifecycle

Securing an agent is not a one-time event. It spans three phases, each with distinct tools and responsibilities.

  1. Pre-deploy — scan your code, fix static issues, set a trust score baseline. Nothing ships below the threshold.
  2. Deploy — launch with the monitor active and the gate configured. The gate enforces your policy; the monitor records behavior.
  3. Operate — monitor alerts surface anomalies, gate logs show blocked calls, approval workflows handle edge cases. Security becomes an ongoing signal, not a one-time gate.

Phase 1 — Pre-deploy scanning

Run the scanner across your entire agents directory before any deployment. The --min-score flag fails the command with a non-zero exit code if any file falls below the threshold — making it CI-ready.

bash
# Scan all agent files
agentcop scan agents/ --recursive --min-score 75

# Generate a report
agentcop scan agents/ --output report.html
open report.html

Phase 2 — Runtime instrumentation

The AgentCop class wraps any agent with three simultaneous layers: the scanner runs at startup to catch anything that slipped through CI, the monitor observes every action, and the gate enforces your policy on every tool call.

python
from agentcop import AgentCop

# One-line instrumentation
cop = AgentCop(
    agent_id="production-agent",
    scan=True,        # Run scanner on startup
    monitor=True,     # Enable runtime monitor
    gate=True,        # Enable execution gate
    policy_file="policies/agent.yaml"
)

# Wrap your agent
agent = cop.wrap(my_agent)

# Now your agent has full coverage:
# - Static issues flagged before first run
# - Behavior monitored during execution
# - Gate enforces permissions on every tool call

Phase 3 — Policy as code

Store your security policy in version control alongside your agent code. Policy files declare the minimum trust score, alert channels, allowed and blocked tools, and sandbox configuration. Changes go through code review like everything else.

yaml
# policies/production-agent.yaml
agent_id: production-agent
version: "2.1"
environment: production

scan:
  min_score: 80
  fail_on: [CRITICAL, HIGH]

monitor:
  sensitivity: high
  alert_channels:
    - type: slack
      webhook: ${SLACK_WEBHOOK}
    - type: email
      to: security@company.com

gate:
  allow:
    - web_search
    - read_knowledge_base
    - send_notification
  require_approval:
    - send_email
    - write_to_database
    - call_external_api
  block:
    - shell_execute
    - delete_record
    - access_auth_system
  on_block: raise_and_alert

sandbox:
  mode: container
  image: agentcop/agent-sandbox:2.0
  timeout: 60

Incident response

When something is flagged, the path from alert to resolution is the same every time.

  • Gate blocked a call — check gate.log for the blocked tool name and the input that triggered it. Review your policy to decide whether to add it to require_approval or leave it blocked.
  • Monitor detected an anomaly — review the agent run trace attached to the alert. Look for unusual tool sequences or responses that deviate from prior runs. Check whether user input could have triggered an injection.
  • Trust score dropped in CI — review the diff between the passing and failing commit. The scanner output will identify the specific file and line. Check what was added or changed.

Full example — production-ready agent

This is the complete pattern: configure AgentCop with an explicit gate policy, build the agent normally, wrap it, and run it. The agent behaves identically to an unwrapped agent from the application's perspective.

python
import os
from agentcop import AgentCop, GatePolicy
from langchain.agents import initialize_agent, AgentType
from langchain.tools import DuckDuckGoSearchRun
from langchain_openai import ChatOpenAI

# Configure AgentCop
cop = AgentCop(
    agent_id="production-search-agent",
    policy=GatePolicy(
        allow=["duckduckgo_search"],
        block=["shell_execute", "file_write", "eval"],
    ),
    monitor=True,
    sandbox_mode="container"
)

# Build agent normally
llm = ChatOpenAI(model="gpt-4")
tools = [DuckDuckGoSearchRun()]
agent = initialize_agent(tools, llm, agent=AgentType.ZERO_SHOT_REACT_DESCRIPTION)

# Wrap with AgentCop — all three layers active
protected_agent = cop.wrap(agent)

# Run with full coverage
result = protected_agent.run("What are the latest AI security vulnerabilities?")

runtime protection is not an add-on. it's the reason agentcop exists. static scanners have been around for decades. nobody built a runtime cop for agents — until now.

← Moltbook API Reference →