GuardionAI
GuardionAI is an Agent and MCP Security Gateway that provides unified security for AI agents and Model Context Protocol tools operating on enterprise data. It sits in the execution path to discover, redact sensitive data, enforce protection, and give teams visibility into actions that traditional SIEM, DLP, and identity layers cannot see. Every agent action is inspected, enforced, and logged at the protocol level across AI agents, LLM apps, RAG systems, chatbots, coding agents, MCP servers, internal tools, databases, operating systems, and cloud environments. GuardionAI protects against critical AI threats such as prompt injection, system override, web attacks, MCP tool poisoning, malicious code execution, NSFW content, PII and credential exposure, confidential data leakage, off-topic drift, and unauthorized access, mapped to OWASP LLM Top 10 and agentic AI threat frameworks. Its gateway provides four layers of protection.
Learn more
nono
nono is an open source, kernel-enforced sandbox for AI coding agents and LLM workloads. Unlike policy-based guardrails that intercept and filter operations, nono uses OS security primitives — Landlock on Linux and Seatbelt on macOS — to make unauthorised operations structurally impossible at the syscall level.
Wrap any AI agent — Claude Code, OpenCode, OpenClaw, or any CLI process — with a single command. nono applies default-deny filesystem access, blocks destructive commands (rm, dd, chmod, sudo), isolates credentials and API keys, and cascades all restrictions to child processes. No escape mechanism exists once restrictions are applied.
Built-in profiles get you running in seconds. Secrets inject securely from the system keystore and are zeroised on exit. Audit logging, atomic rollbacks, and Sigstore-attested policy signing are on the roadmap.
Apache 2.0. From the creator of Sigstore.
Learn more
Simaril
Silmaril is a self-healing prompt injection defense designed to protect AI systems from increasingly complex, multi-step attacks that traditional guardrails fail to stop. It operates by wrapping inference calls and evaluating whether an execution sequence is leading toward a harmful outcome, rather than simply filtering inputs. It uses a multihead classifier that analyzes user intent, application context, and execution states together, enabling it to detect indirect injection, multi-turn attack chains, context poisoning, and tool abuse before damage occurs. Silmaril continuously strengthens its defenses through autonomous threat hunting agents that probe systems, discover vulnerabilities, and generate synthetic training data from real attack scenarios. These insights are used to retrain the model automatically, deploying updated protections in under an hour and propagating anonymized defenses across all deployments.
Learn more
ZeroLeaks
ZeroLeaks is an AI prompt security platform that helps organizations identify and fix exposed system prompts, internal tools, and logic vulnerabilities that could allow prompt injection, prompt extraction, or other forms of leakage that expose internal instructions or intellectual property to unauthorized actors. It provides an interactive dashboard where users can scan system prompts manually or automate scanning via CI/CD integration to catch leaks and injection vectors before code is deployed, and it uses an AI-powered red-team-style analysis engine to assess prompt surfaces for logic flaws, extraction risks, and potential misuse with evidence, scoring, and remediation recommendations. ZeroLeaks targets enterprise-grade security for large-language-model-based products by offering vulnerability assessments that highlight prompt exposure depth, prioritized risks, proof, and access paths for issues found, and suggested fixes such as prompt restructuring, tool gating, etc.
Learn more