AEGIS: Agent Security & Governance
Complete lifecycle management for AI agents. From deployment to decommission, AEGIS provides the security controls, behavioral monitoring, and governance framework your autonomous AI needs.
Agent Kill Switch
Instantly terminate any AI agent at any scope level. The kill switch provides immediate, granular control when an agent exhibits dangerous behavior or exceeds its authority.
Scope Hierarchy
Parent kill inherits to all children. Organization kill disables everything.
Activation Triggers
Budget Exceeded
Agent spending surpasses allocated token or cost budget thresholds.
Security Violation
Agent attempts unauthorized actions, data exfiltration, or privilege escalation.
Anomalous Behavior
Behavioral drift detected via z-score or IQR analysis against established baselines.
Manual Override
Human operator manually terminates agent operation for any operational reason.
MCP Firewall
Every tool call from every agent passes through the MCP Firewall. 38 injection patterns, whitelist validation, and parameter sanitization ensure agents only use tools safely.
Tool Name Validation
Whitelist-based tool access control. Agents can only invoke explicitly approved tools matching their guardrail profile.
38 Injection Patterns
Comprehensive regex-based detection of SSRF, command injection, path traversal, SQL injection, and template injection in tool parameters.
Parameter Sanitization
Input validation and sanitization for all tool call parameters. Prevents encoded payloads, Unicode tricks, and nested injection attacks.
Call Count Limits
Per-agent, per-tool rate limiting to prevent runaway tool invocation loops. Configurable burst and sustained rate thresholds.
Injection Pattern Categories
VibeGuard Monitoring
Continuous behavioral analysis of every AI agent using statistical anomaly detection. VibeGuard establishes behavioral baselines and flags deviations before they become incidents.
Detection Methods
Z-Score
Measures how many standard deviations a metric is from the mean. Triggers alert at configurable sigma thresholds (default: 2.5 sigma).
IQR
Interquartile Range analysis robust against outliers. Identifies anomalies beyond Q1 - 1.5*IQR or Q3 + 1.5*IQR boundaries.
Monitored Metrics
Response Latency
Detects sudden slowdowns indicating resource contention or stuck loops
Token Velocity
Monitors tokens-per-minute for anomalous bursts or silent periods
Tool Call Frequency
Tracks tool invocation patterns against established baselines
Error Rate
Flags elevated error rates that may indicate exploitation attempts
Output Entropy
Measures response randomness to detect hallucination spirals
Scope Drift
Identifies when agents operate outside their designated task boundaries
Trust Zones
Progressive capability elevation based on agent trust scores. Higher trust unlocks more autonomy. Lower trust restricts to safe operations.
Green Zone
Score: 80-100- Full tool access per guardrail profile
- Autonomous multi-step operations
- Direct external API calls
- Data read/write access
- Inter-agent communication
Yellow Zone
Score: 50-79- Restricted tool access (read-only)
- Human-in-the-loop for writes
- External calls require approval
- Data read access only
- Monitored inter-agent communication
Red Zone
Score: 0-49- All tools disabled
- Read-only mode enforced
- No external API access
- Quarantined from other agents
- Mandatory security review required
Inter-Agent HMAC Security
Every message between agents is cryptographically signed and verified. No impersonation. No tampering. No replay attacks.
HMAC-SHA256 Signing
Every inter-agent message includes an HMAC-SHA256 signature computed over the full message payload. Receiving agents verify signatures before processing.
Replay Prevention
Messages include a cryptographic nonce and timestamp. Agents reject messages outside a configurable time window and maintain a nonce cache to prevent replay.
Agent Identity Verification
Each agent has a unique key pair for signing. Agent identity is verified against the AEGIS agent registry before communication is established.
OWASP Agentic Top 10
ASTRA BASTION provides coverage for 9 out of 10 OWASP Agentic Security Items, with the remaining item under active development.
Shadow AI Discovery
Unsanctioned AI usage is a growing shadow IT risk. ASTRA BASTION's Shadow AI Discovery engine identifies unauthorized AI model deployments, API calls, and integrations across your environment.
- Pattern-based detection of known AI provider API signatures
- Model fingerprinting to identify specific LLMs in use
- DNS and network traffic analysis for AI service endpoints
- OAuth scope scanning for third-party AI integrations
- SaaS application inventory for embedded AI features
- Automated policy enforcement for discovered AI usage
Discovery Pipeline
Scan
Monitor network traffic, DNS logs, and OAuth grants for AI-related signatures
Identify
Match discovered endpoints against a database of 33+ known AI provider patterns
Fingerprint
Determine specific model versions through response analysis and behavioral profiling
Classify
Categorize discovered AI as sanctioned, unsanctioned, or unknown and assess risk level
Enforce
Automatically apply gateway policies or trigger alerts for SOC analyst review
Secure Your AI Agents
30+ security controls. OWASP Agentic Top 10 coverage. Behavioral monitoring. Trust zones. Complete agent lifecycle governance in one platform.