frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: AgentShield SDK – Runtime security for agentic AI applications

https://pypi.org/project/agentshield-sdk/
2•iamsanjayk•1y ago
Hi HN,

We built AgentShield, a Python SDK and CLI to add a security checkpoint for AI agents before they perform potentially risky actions like external API calls or executing generated code.

Problem: Agents calling arbitrary URLs or running unchecked code can lead to data leaks, SSRF, system damage, etc.

Solution: AgentShield intercepts these actions:

- guarded_get(url=...): Checks URL against policies (block internal IPs, HTTP, etc.) before making the request.

- safe_execute(code_snippet=...): Checks code for risky patterns (os import, eval, file access, etc.) before execution.

It works via a simple API call to evaluate the action against configurable security policies. It includes default policies for common risks.

Get Started:

Install: pip install agentshield-sdk

Get API Key (CLI): agentshield keys create

Use in Python: from agentshield_sdk import AgentShield # shield = AgentShield(api_key=...) # await shield.guarded_get(url=...) # await shield.safe_execute(code_snippet=...)

Full details, documentation, and the complete README are at <https://pypi.org/project/agentshield-sdk/>

We built this because securing agent interactions felt crucial as they become more capable. It's still early days, and we'd love to get your feedback on the approach, usability, and policies.

Comments

subhampramanik•1y ago
Looks interesting -- Does it work like a wrapper on top of OpenAI specs? Like, can we just replace the OpenAI package with this, and it's fully integrated?
iamsanjayk•1y ago
Hey, thanks for asking! Good question.

AgentShield isn't a wrapper around the OpenAI package, so you wouldn't replace openai with it. Think of AgentShield as a separate safety check you call just before your agent actually tries to run a specific risky action.

So, you'd still use the openai library as normal to get your response (like a URL to call or code to run). Then, before you actually use httpx/requests to call that URL, or exec() to run the code, you'd quickly check it with shield.guarded_get(the_url) or shield.safe_execute(the_code).

Currently, It focuses on securing the action itself (the URL, the code snippet) rather than wrapping the LLM call that generated it.

I Built ApplyOnce Because Job Applications Shouldn't Feel Like Data Entry

https://chromewebstore.google.com/detail/applyonce-job-application/anmljacnioamdkdcohmhbghlbcffbiaf
1•knyadzayo•3m ago•0 comments

Buran: The Most Impressive Thing the Soviets Ever Built [video]

https://www.youtube.com/watch?v=34tq4RNDRTQ
1•shakow•3m ago•1 comments

Last known US polio survivor using iron lung dies aged 78

https://www.theguardian.com/us-news/2026/jul/12/martha-lillard-last-polio-survivor-iron-lung-death
1•rob74•5m ago•0 comments

The tests passed. The plan didn't

https://boringsql.com/posts/regresql20/
1•radimm•6m ago•0 comments

I like the Uruky search engine

https://akselmo.dev/posts/i-like-the-uruky-search-engine/
2•BrunoBernardino•7m ago•1 comments

Big private equity firms pull in more cash as winners take all

https://www.ft.com/content/b7130eb3-c8bd-460f-9d8a-082e7bb48b48
1•petethomas•10m ago•0 comments

Full Page Screenshot Pro captures lazy loaded pages other tools miss

https://www.fullpagescreenshot.pro/
1•chrisboss•11m ago•0 comments

Show HN: Loot Raiders – an ARC Raiders-inspired inventory game in Svelte

https://loot-raiders.vercel.app
1•refrigerator-12•13m ago•0 comments

The will to power will return

https://world.hey.com/dhh/the-will-to-power-will-return-58ffb9dc
1•ksec•14m ago•0 comments

The Illusion of Competence

https://www.theminimalistdeveloper.com/the-illusion-of-competence/
2•rafaelnexus•15m ago•0 comments

Show HN: TradingSpy-Loop based research and backtesting trading Agent

https://github.com/mrhustlex/TradingSpy-TradingAgentService/tree/main
1•mrhustlex•16m ago•0 comments

Don't Put All Your Tokens in One Basket

https://www.theminimalistdeveloper.com/dont-put-all-your-tokens-in-one-basket/
1•rafaelnexus•17m ago•1 comments

The Harness Is Not the Model: How Far Scaffolding Takes a Weak LLM

https://manazir.dev/work/the-harness-is-not-the-model
1•mnzralee•18m ago•0 comments

I wrote an OS to express my love for Neuro-Sama

1•AndyFish•18m ago•0 comments

Clive Wearing

https://en.wikipedia.org/wiki/Clive_Wearing
1•pr337h4m•22m ago•0 comments

Show HN: I built a tool for people juggling too many projects

https://toward.one
1•sameerav•22m ago•0 comments

Show HN: Reproducible head-to-head benchmarks for WordPress backup plugins

https://backuparena.com
1•ibrahimwithi•26m ago•0 comments

Show HN: A simple timing utility written in Rust

https://github.com/CallMeAlphabet/timeit
1•CallMeAlphabet•29m ago•0 comments

Llambda.lisp an LLM Engine in Pure Common Lisp

https://github.com/jrm-code-project/llambda
1•electricant•32m ago•0 comments

Migrating 65B Database Rows

https://usefathom.com/blog/two-database-migrations-and-a-divorce
1•okozzie•32m ago•0 comments

Most website owners don't know the 5 stages of a domain expiration

https://urlwatch.io/blog/5-stages-domain-expiration.php
2•urlwatch•35m ago•0 comments

The Linux Watchdog Driver API

https://docs.kernel.org/watchdog/watchdog-api.html
1•ankitg12•35m ago•0 comments

WSJ Article Claiming China Has Matched Anthropic Is Obvious Nonsense

https://www.lesswrong.com/posts/2zSpuGJRk6EyjHAL6/wsj-article-claiming-china-has-matched-anthropi...
1•joozio•36m ago•0 comments

Stories Told About Data Centres

https://pxlnv.com/blog/stories-told-about-data-centres/
2•danaris•37m ago•0 comments

Debateee, a place for structured online debates

https://www.debateee.com/
1•mstfah•37m ago•0 comments

Yuji Tachikawa reports Claude Fable solved a 6-month physics roadblock

https://twitter.com/yujitach/status/2076327681562644709
1•sciclaw•41m ago•2 comments

The Infinite Policeman – Chapter 2.000000001->

https://medium.com/luminasticity/the-infinite-policeman-chapter-2-000000001-7fd8da221cd1
1•bryanrasmussen•47m ago•0 comments

Building a Nostr Client (2023)

https://nickmonad.blog/2023/building-nostr-client-index-0/
1•enz•47m ago•0 comments

Bonsai

https://bonsaiedu.org
1•zachwallace•49m ago•0 comments

Dunning-Kruger After AI: The Gap That No Longer Closes

https://blog.zoller.lu/2026/07/dunning-kruger-after-ai-gap-that-no.html
1•thierryzoller•54m ago•0 comments