AgentGuard — AI Runtime Security
AgentGuard is BleedWatch's runtime security module for AI agent workloads. It monitors AI agents executing in your infrastructure in real-time, detects anomalous behavior, and can automatically terminate compromised sessions.
AgentGuard is an add-on module available on Enterprise plans. Contact your account representative to enable it.
Three Security Layers
1. eBPF Monitoring
AgentGuard deploys an eBPF-based daemon that instruments AI agent processes at the kernel level. It observes:
| What It Monitors | Why It Matters |
|---|---|
| Process execution | Detects unexpected child processes spawned by agents (e.g., shells, network tools) |
| Network connections | Identifies data exfiltration attempts — outbound connections to unknown hosts |
| File system access | Alerts on agents reading sensitive files outside their sandbox (credentials, configs, SSH keys) |
| System calls | Detects privilege escalation attempts or unusual syscall patterns |
eBPF monitoring operates at the kernel level with minimal performance overhead (under 2% CPU) — no agent code modification required.
2. Anomaly Detection
An AI behavioral analysis engine profiles each agent's normal activity and flags deviations:
- Prompt injection detection — Identifies when an agent's behavior diverges from its intended instructions, suggesting a prompt injection attack
- Tool abuse — Detects agents making excessive or unusual API calls (e.g., mass data queries, credential access)
- Data exfiltration patterns — Recognizes when an agent attempts to encode, compress, or transmit large volumes of data to external endpoints
- Lateral movement — Flags agents that attempt to access resources or services beyond their authorized scope
3. Kill Switch
When a threat threshold is exceeded, AgentGuard can automatically:
- Terminate the agent session immediately
- Revoke the agent's API tokens to prevent further access
- Isolate the container from the network
- Generate a forensic snapshot of the agent's state at termination time
The kill switch can operate in two modes:
| Mode | Behavior |
|---|---|
| Automatic | Terminate immediately when threat score exceeds threshold |
| Manual | Alert the operator and await confirmation before termination |
Daemon Status
The AgentGuard page displays the current daemon status:
- Running — The eBPF daemon is active and monitoring
- Unavailable — The daemon is not deployed or not responding
- Version — Current daemon version and uptime
Deployment
AgentGuard requires deploying the agentguard-daemon container alongside your AI agent workloads. The daemon:
- Runs as a privileged container with access to the host kernel (required for eBPF)
- Communicates findings back to BleedWatch via a secure gRPC channel
- Requires Linux kernel 5.8+ with BTF (BPF Type Format) support
Detailed deployment instructions are provided during Enterprise onboarding.
Use Cases
Securing Code-Generation Agents
AI agents that generate and execute code (like coding assistants) can be manipulated to run malicious commands. AgentGuard monitors for:
- Spawning unexpected processes (
curl,wget,nc, reverse shells) - Accessing credential files (
.env,~/.aws/credentials, SSH keys) - Making outbound connections to unauthorized endpoints
Protecting Data-Analysis Agents
AI agents with database access can be tricked into exfiltrating data. AgentGuard detects:
- Unusually large query result sets
- Data encoding patterns (base64, compression) in output
- Outbound data transfers that exceed baseline
Multi-Agent Orchestration
In multi-agent systems, a compromised agent can attempt to manipulate other agents. AgentGuard monitors inter-agent communication for:
- Prompt injection payloads in agent-to-agent messages
- Unauthorized tool invocations
- Scope escalation beyond assigned roles
Related
- Security & Privacy — BleedWatch's security architecture and data handling
- Settings — General platform configuration