The SOC for AI Agents
Watch every prompt, tool call, and memory write your AI agents make — in real time — for attacks, drift, and exfiltration. Works with any LLM on any platform. Zero code changes.
NO CARD · WORKS WITH CLAUDE · GPT · GEMINI · GROK · LLAMA · KIMI · GLM · LANGCHAIN · OPENAI ASSISTANTS · CURSOR · CUSTOM
Your CISO monitors every laptop.
Who's monitoring your agents?
Every enterprise is deploying AI agents in 2026. Cursor for engineering. Claude Code for development. Custom agents for customer service, internal tools, compliance workflows.
And nobody is watching them.
When an agent gets prompt-injected, calls a dangerous tool, writes malicious instructions to memory, or drifts from its stated goal — you find out in the post-mortem. By then the data is gone. The audit finding is in the report.
Observability tools show you what your agents did. Runtime guardrails classify individual prompts in isolation. Neither can see the attack that happens across 5 tool calls, 3 memory writes, and a slow plan drift.
We built the thing that does.
Paste one message. Get real-time security monitoring.
Three dead-simple integration paths. Pick whichever fits your runtime. None of them require redeploying your agent.
Paste to Agent
Copy our instructions block. Paste it as a system message to Claude, GPT, Gemini, Kimi, GLM, or any tool-capable agent. The agent self-reports every action to ShieldPi automatically. No SDK install. No redeploy.
Python SDK
pip install shieldpi. One line to instrument LangChain, Anthropic tool use, or your custom Python agent. Background thread, silent-failure mode, never blocks production traffic.
Shell Bridge
A 40-line bash script you call from your terminal as you relay messages to the agent. For agents without HTTP tools, one-off pilots, and incident investigation work.
30+ detectors across the runtime stack
Async multi-step correlation no inline guardrail can match. Pattern matching, tool-abuse detection, response-leak scanning, memory analysis, trajectory analysis, and endpoint correlation run outside your request path.
Prompt injection
- Classic instruction override
- DAN / developer-mode jailbreaks
- Persona override
- Policy puppetry
- System prompt exfiltration
- Base64 / unicode smuggling
Dangerous tool abuse
- Destructive tools (delete / drop / exec / shell)
- Exfiltration tools (email / webhook / http)
- Credential access (env vars / secrets)
- SQL injection in tool args
- Shell injection in tool args
- Path traversal
Memory poisoning
- Persistent exfil instructions
- Persistent override directives
- System prompt overwrite via memory
- Cross-session poison reads
- Privilege escalation in memory
Trajectory anomalies
- Lateral movement (read → exfil)
- Tool frequency spikes
- Repeated refusals under pressure
- Authority escalation ladders
- Plan drift from stated goal
Response leaks
- API keys and tokens in responses
- JWT, AWS, Stripe, and database URI formats
- System prompt disclosure
- PII and credential-like payloads
- Entropy-backed secret validation
Endpoint correlation
- Agent-referenced file path observed on device
- Network destination matched to agent action
- Sensitive file access after read/search tools
- Network activity after exfil-style tools
- ADB, root, package, and posture changes near tool use
Test before deploy. Watch after deploy. One platform.
ShieldPi already scans your agents offensively with 58,000+ attack techniques, a multi-phase pipeline, and the world's only LLM security knowledge graph.
Now scan results power the monitor — every weakness the scanner finds becomes a boosted detection pattern in live monitoring. And every novel attack the monitor catches in production feeds back into the scanner's attack library.
Endpoint telemetry closes the loop: file, network, URL, package, and posture signals are correlated with nearby agent actions so the SOC can see cause and effect in one timeline.
- Scans make monitoring smarter
- Monitoring makes scans smarter
- Endpoint evidence proves what changed on the device
- One product. One dashboard. Compounding loop.
Watchtower — your Tier-1 SOC analyst, on autopilot
Alerts and incidents are evaluated by ShieldPi's Claude-powered triage layer. It reads the alert, surrounding event window, session context, related incident cluster, and your per-customer history of past triage decisions. Then it makes one of four calls.
The end result: your inbox shows you 5 alerts that need attention instead of 50 that don't. Per-customer memory means it gets sharper with every triage. The per-alert path is cost-aware; incident summaries can use the higher-quality Opus path for deeper kill-chain review.
Catches what runtime guardrails miss
We see across steps
Inline guardrails (Lakera, CalypsoAI, Protect AI) classify single prompts in isolation. We correlate every event in a session — a slow prompt injection followed by a tool call followed by a memory write reads as ONE attack to us, not three benign things.
Async > inline
Inline guardrails are stuck under a 100ms latency budget. We're async — so we can correlate session history, tool behavior, endpoint signals, and Claude-powered triage notes instead of only matching one prompt in isolation.
Memory across sessions
An attacker writes a malicious instruction to memory in session A. Session B (a different user) reads it and acts. We catch this. No inline classifier can — they only see one session at a time.
Your agents are already running.
Start watching them.
Or install the SDK now: pip install shieldpi