Security purpose-built for autonomous agents: tool-call inspection, MCP gateways and governance, agent discovery, and runtime behavior control.
18 solutions listed • part of the Guardion AI Security Index
GuardionAI builds its own guard models and publishes the benchmarks — the numbers below come from the public guard models guide. Independent alternatives are listed right after this section.
Guard models are natively trained on 8 languages (English, Spanish, Italian, Portuguese, Russian, Chinese, Hindi, Arabic) extended to 100+ languages, and evaluated across 1,000+ languages — including historical and dead languages — with graceful post-training decay.
Precision 0.98 • FPR 0.02
Recall 0.99 • aligned with the NVIDIA Aegis (Nemotron) content-safety taxonomy
Precision 1.00 • FPR 0.004
PII groups
Person name · Contact · Address · Government ID · Payment · Digital ID · Company
Secrets
AWS access & secret keys · GitHub tokens · Google API keys · Slack tokens · Stripe keys · Private keys & JWTs · npm tokens · Seed phrases · Generic API keys, secrets & passwords
Policy engine decisions return in under 130ms — 20× faster than cloud provider guardrails. Benchmarks: sensitivity L1–L4, methodology in the docs.
Request a demoA GenAI-first platform focused on protecting LLM interactions, offering a secured gateway, browser integrations, and specialized protection for AI agents via MCP.
Designed to protect AI agents and Model Context Protocol (MCP) workflows through automated discovery, red teaming, and guardrails.
Snyk acquired Zurich-based Invariant Labs in June 2025, folding the research team that coined 'tool poisoning' and 'MCP rug pulls' into Snyk Labs. Invariant's mcp-scan lineage lives on in the open-source Snyk Agent Scan, detecting 15+ risks across MCP servers and agent skills, and feeds Evo by Snyk, its agentic security orchestration platform launched October 2025.
Enterprise AI control platform combining an MCP gateway, threat detection on every request, shadow-AI discovery, and identity-aware permissions via Okta/Entra. Launched from stealth in November 2025; by mid-2026 customers include Gusto, Instacart, dbt Labs, and PagerDuty. Holds AARM Extended conformance — the highest tier in the CSA registry.
Tel Aviv-based runtime security company using eBPF sensors to watch applications, libraries, and AI workloads as they execute, proving exploitability and detecting attacks in real time. Its platform spans application detection and response, runtime vulnerability management, and Runtime AI Security for LLMs and agents. Customers include Databricks, Salesforce, and Instacart.
Created by ETH Zurich spin-off Invariant Labs and maintained by Snyk since its June 2025 acquisition, mcp-scan auto-discovers agent configurations (Claude, Cursor, Windsurf, Gemini CLI) and scans MCP servers, skills, and harnesses for 15+ risk categories including prompt injection, tool poisoning, tool shadowing, and toxic flows. Rebranded Snyk Agent Scan; v0.5.12 released June 2026.
Specializes in securing low-code/no-code platforms and AI agents. It focuses on 'Application Lifecycle Management' for agents, preventing data leakage and broken access control in Copilots.
Apache-2.0 platform from Stacklok (co-maintained with Red Hat) that runs MCP servers in isolated containers with fine-grained permissions, network controls, and encrypted secrets, managed via a desktop UI, CLI, or Kubernetes operator. By mid-2026 it is production-ready with a curated registry and a Virtual MCP gateway; Stacklok Enterprise layers on SSO and central management.
Platform offering an open-source AI gateway and automated red teaming for protection.
Docker's MCP Catalog distributes 300+ verified MCP servers as signed container images with SBOMs, while the MCP Toolkit and open-source MCP Gateway run them in resource-limited, isolated containers behind a single endpoint with logging, interceptors, and secrets blocking. In May 2026 Docker extended this into Docker AI Governance for centralized agent and tool policy.
Delivers 'Ascend AI' for pentesting and 'Defend AI' for visibility and guardrails.
An open-source platform specifically designed to manage and secure Model Context Protocol (MCP) servers, providing a control plane for agent-tool interactions.
Enterprise MCP gateway and agent-governance platform adding OAuth/SSO, least-privilege agent identities, audit trails, and secret/PII scanning in front of MCP servers used by Claude, Cursor, and custom agents. Founded by ex-Google Brain engineers, backed by Coatue and Andrej Karpathy; customers include Coursera and Harvey AI. AARM Core conformant.
Focuses on the entire AI lifecycle, securing the data science supply chain, runtime pipelines, and autonomous agents.
Delivers comprehensive AI agent security, discovering agents and enforcing runtime guardrails.
A platform that monitors agent behavior in real-time to catch blind spots and steer agents toward safer actions using 'contextual agentic security'.
Runtime security platform using eBPF sensors to discover and protect APIs, AI agents, LLMs, MCP servers, and vector stores without code changes or SDKs. Its 2026 platform pairs an established API security suite with AI red-teaming, an AI gateway/firewall, and MCP discovery and testing.
Builds a runtime control layer between AI agents and enterprise systems, constraining which systems and data an agent may touch under strict, predictable rules — deterministic enforcement rather than probabilistic guardrail models. The team gained attention for offensive research including compromising Notion's agent in under four hours; ~$5M seed led by Syn Ventures (2026).