Frequently Asked Questions

Is AgentSecurity a runtime proxy?

No, AgentSecurity themselves is an open spec and a CLI tool for static validation. However, you can use the spec to configure a runtime proxy (like an API gateway or an egress firewall) natively. Think of it like a Kubernetes Deployment YAML—it declares the state, and the controller enforces it.

Does this stop Prompt Injection?

It stops the impact of prompt injection. If an attacker injects a prompt into your agent telling it to delete its database or exfiltrate tokens, the hard constraints and tool configurations within AGENTSECURITY.md prevent the execution of that payload if you configure your endpoints efficiently. It is a defense-in-depth layer.

Can I use it with closed-source agents or models?

Yes. By specifying constraints on the environment level (network outbound allowlists, filesystem paths), even if a black-box agent goes rogue, the enforcement layers described in the spec limit the blast radius.

Is the CLI required?

No, you can simply write the markdown file by hand and never validate it. The CLI just ensures developers didn't accidentally violate their own security constraints or add new tools to the codebase without updating the policy.

Why YAML frontmatter instead of a raw JSON file?

Developers are familiar with README.md files. By using markdown with frontmatter, we can combine strict, parseable schema logic with deep, human-readable sections describing the threat model and incident response procedures. We prioritize the developer experience.