aicoolies logo
Superagent logo

Superagent

AI agent safety SDK with guard, redact, and scan modules

Share
open-sourceOpen Source
Visit Website →

Superagent is an open-source AI agent safety SDK that provides runtime protection through four modules: Guard for detecting prompt injections and unsafe tool calls, Redact for removing PII and secrets, Scan for analyzing repos against AI-targeted attacks, and Test for red-team evaluations. It works with any LLM provider and includes open-weight guard models from 0.6B to 4B parameters with 50-100ms latency for real-time protection.

Superagent is an open-source safety SDK designed to protect AI agents from prompt injection attacks, data leakage, and malicious tool calls in production environments. Originally launched as Safety Agent before rebranding in early 2026, the project provides four core modules that work together as a defense-in-depth layer: Guard intercepts and blocks prompt injections and unsafe tool invocations, Redact automatically strips PII, PHI, and secrets from agent inputs and outputs, Scan analyzes GitHub repositories for AI-targeted supply chain attacks, and Test enables automated red-team evaluations of agent robustness.

The SDK ships with open-weight guard models available on HuggingFace in three sizes from 0.6B to 4B parameters, enabling teams to choose between speed and accuracy based on their latency requirements. At the smallest model size, Guard processes requests in 50-100 milliseconds, making it viable for real-time protection without noticeable user impact. The framework integrates with any LLM provider including OpenAI, Anthropic, Google, Groq, and AWS Bedrock, requiring minimal code changes to add safety layers to existing agent architectures.

Backed by Y Combinator, Superagent has attracted 6,500 GitHub stars and provides TypeScript and Python SDKs alongside a CLI tool and MCP server integration. The MIT-licensed project addresses a growing need in the AI ecosystem as more teams deploy autonomous agents that interact with external tools, APIs, and user data. Its modular design means teams can adopt individual components like Guard or Redact independently before committing to the full safety stack.

Pricing

Free and open source under MIT license

Platforms

TypeScript SDK, Python SDK, CLI, MCP server

Categories

AI Security & DevSecOps

Tags

Open SourcePrompt Injection DefensePII RedactionAgent SafetyRed TeamingGuard Models

Use Cases

Security AuditingCost Optimization

Alternatives

AI-Infra-Guard logo

AI-Infra-Guard

AI red teaming and infrastructure security scanner by Tencent

AI-Infra-Guard is Tencent's open-source AI security platform providing one-click evaluation of AI infrastructure risks across five modules. It covers insecure config detection, multi-agent workflow evaluation, MCP server scanning across 14 risk categories, vulnerability scanning for 55+ AI frameworks with 1,000+ CVE mappings, and jailbreak evaluation for prompt robustness. Deployable via Docker with academic backing from Peking and Fudan Universities.

open-sourceOpen Source
Salus logo

Salus

Runtime guardrails validating AI agent actions before execution

Salus is a YC W26-backed platform that provides runtime guardrails for AI agents, validating actions before execution using policy-as-code defined in YAML, markdown, or plain English. It features evidence grounding for decision verification, structured feedback enabling 58% recovery rate when actions are blocked, plus PII detection, budget protection, and human-in-the-loop escalation. Agents with Salus follow policies at up to 60% lower cost with 52% reduced misalignment on frontier models.

paid

Related Tools

Magika logo

Magika

AI-powered file-type detection at Google scale

Open-source AI-powered file-type detection tool from Google that uses a custom deep-learning model under a few megabytes to identify more than 200 binary and textual content types in milliseconds, even on a single CPU. Magika ships as a CLI, Python package, JavaScript/TypeScript library, and an ONNX model, achieves around 99% accuracy on its test set, and is already used at Google scale across Gmail, Drive, and Safe Browsing as well as by VirusTotal and abuse.ch.

freeOpen Source
Trent AI logo

Trent AI

Agentic AI security posture management

Trent AI is a specialized security platform for agentic AI applications providing AI Security Posture Management that compounds with every development cycle. Scans, judges, mitigates, and evaluates AI agent security detecting threats traditional tools miss including prompt injection attacks, tool misuse, unintended autonomous actions, data exfiltration through agent chains, and privilege escalation. Offers continuous assessment with remediation plan execution through Claude Code.

paid
fig-security logo

Fig Security

Security operations resilience for SOC teams

Fig provides a Security Operations Resilience platform designed for modern SOC teams facing both unplanned and planned changes. Features drift detection to catch unplanned infrastructure changes, automated drift repair with testing, planned change modeling to simulate initiatives before deployment, version control, and automatic deployment with rollbacks. Helps teams maintain security coverage while shipping risk-free at 10x speed and focusing on strategic cyber work.

paid
Keycard logo

Keycard

Control plane for autonomous AI agents

Keycard is the control plane for autonomous agents, providing identity verification, policy enforcement, and scoped access management. Resolves agent identity, enforces security policies, and issues time-limited resource-specific access tokens. Provides full visibility into every agent action with drift detection, automatic remediation, and integrations with Datadog, Linear, GitHub, and other services for agent-driven incident response and security operations.

paid
RagaAI Catalyst logo

RagaAI Catalyst

AI testing and evaluation for agents and LLM apps

RagaAI Catalyst is a comprehensive Python SDK for observability, monitoring, and evaluation of LLM and agentic applications. Provides agent tracing with execution graph visualization, self-hosted dashboard with analytics, synthetic data generation, multi-metric evaluation framework, and guardrail management. Built for teams running production RAG systems and AI agents who need systematic testing, debugging, and performance optimization workflows.

open-sourceOpen Source
Elkeid logo

Elkeid

Kernel-space host intrusion detection system

Elkeid is ByteDance's open-source HIDS for hosts, containers, Kubernetes, and serverless workloads. Its kernel-level data collection via Kprobe hooks captures process lineage, privilege escalation attempts, file access patterns, and network connections with minimal overhead. Includes an Agent for telemetry, Detector for rule evaluation, Controller for policy management, and a Dashboard for alerts and investigation.

open-sourceOpen Source