Skip to main content
Runtime security · Live

Security for agents that act, not just chat.

GuardClaw is runtime security for teams building tool-using agents. Deny-by-default policy, seven independent layers, and a tamper-evident receipt for every decision, running locally on your hardware.

1,700+ patterns·97%+ detection·local-first·deterministic
guardclaw · decision.log
agent> tool.call payments.refund(amount=9900)
policy> scope refund not granted for this token
DENIEDat L3 · Policy Enforcement
receipt 0x9f2a…c41e → chain +1
latency 0.8ms · nothing left the machine

01 / Where GuardClaw sits

Other tools watch the code or the model. We watch the agent act.

AI security has three layers. Most tools live in the first two. GuardClaw owns the third: the runtime, where an agent actually invokes tools, reads files, and calls out.

Layer 1

Code & dependency scanning

Catches vulnerabilities in your source before it runs. Necessary, but blind once the agent is live.

Layer 2

Model input / output filtering

Checks prompts in and responses out. Helpful at the model's edge, but the plan still has to execute.

Layer 3 · GuardClaw

Runtime agent security

Every shell command, file read, and API call the agent makes is checked against policy, in the fast path.

02 / Try it

Send an attack. Watch it get denied.

Pick a hostile action an agent might attempt. GuardClaw runs it through all seven layers and stops it at the first that catches, then writes a signed receipt.

Receipt chain
// pick an attack above to run the pipeline

03 / Defense in depth

Seven layers. Each assumes the others can fail.

One filter at 95% misses 5 in 100. Seven independent layers, each catching what the others miss, miss fewer than 1 in 10 million.

1

Threat Intelligence

Known-threat detection from compiled patterns and live feeds. A vector one team reports protects everyone.

2

Input Validation

Catches prompt injection, data leakage, and malicious payloads before they reach your agent.

3

Policy Enforcement

Deny-by-default. Every action is checked against explicit rules: allow, deny, or escalate.

4

Capability Tokens

Short-lived, signed, single-use tokens scoped to one approved action. Replays fail automatically.

5

Sandboxed Execution

Actions run inside isolated boundaries. Agents reach only what they are explicitly allowed to.

6

Human-in-the-Loop

High-risk operations pause for approval, cryptographically bound to the exact request.

7

Receipt Chain

A tamper-evident, cryptographically linked audit trail. Every decision, reconstructable.

04 / What defines it

Three decisions, made on purpose.

Local-first

The detection engine runs on your hardware. Your code and your agent's actions never leave the machine to be judged in someone else's cloud.

Deterministic

Compiled pattern matching and rule-based policy, not probabilistic scoring. "Will this be blocked?" has one answer: always, or never. Auditable and reproducible.

Defense in depth

Seven independent layers, each built assuming the others can be bypassed. Compound coverage is the only thing that holds against creative attackers.

05 / Drops into your stack

Works with the agents you already run.

CC
Claude Code
Agent runtime
Cu
Cursor
AI editor
CLI
Shell / CLI agents
Command execution
API
Custom agents
SDK & hooks

06 / FAQ

Questions, answered.

What exactly does GuardClaw secure?+

The runtime. After the model produces a plan, GuardClaw checks each concrete action the agent takes (shell commands, file reads, network calls, tool invocations) against deny-by-default policy, before any side effect happens.

How is it different from a code scanner or an LLM guardrail?+

Scanners check code at rest (layer 1). Guardrails filter what goes into and out of the model (layer 2). GuardClaw operates at layer 3: it watches what the agent does while running. Different layer, different problem: it complements the others rather than replacing them.

Does my code or data leave my machine?+

No. GuardClaw is local-first: the detection engine runs on your hardware and security decisions happen locally, with no network round-trip. Free plans sync patterns weekly; Pro adds a live feed.

Is detection AI-based?+

No. GuardClaw uses deterministic, compiled pattern matching (Bloom filters, Aho-Corasick, RE2) and rule-based policy. The same input always produces the same decision, so controls are auditable and reproducible.

What are capability tokens and receipts?+

Every approved action gets a short-lived, signed, single-use token scoped to just that action; replays fail. Every decision is written into a cryptographically linked receipt chain, a tamper-evident record built for compliance and fast incident review.

Will it slow my agents down?+

Checks run in the fast path, locally, typically in well under a millisecond. Security that adds heavy latency gets disabled under pressure, so low-latency enforcement was a design requirement, not an afterthought.

Does it guarantee 100% detection?+

No tool does. GuardClaw publishes its rates (97%+ on the built-in corpus) and layers seven independent controls so a miss at one is caught by another. You keep your security team and threat model; GuardClaw is infrastructure, not a replacement.

Give your agents guardrails.

Deterministic, local, and layered from the first commit. Start free, sync patterns weekly, upgrade when you need the live feed.

← Take InterestRuntime security for tool-using agents.Copyright 2026 TAKE INTEREST Inc.