The fintech company built an HTTP proxy that intercepts AI agent network traffic and uses an LLM judge to approve or deny requests in real time
Brex has open sourced CrabTrap, an internal security platform designed to control how autonomous AI agents access APIs, credentials and online services.
The platform was developed as Brex explored how to deploy agent frameworks such as OpenClaw across its operations. The company found that traditional model guardrails and tool permissions were not enough to control agents with access to API keys, OAuth tokens and service accounts.
CrabTrap operates as an HTTP and HTTPS proxy positioned between an agent and every outbound network request. It examines traffic against established policies before deciding whether a request should be approved or blocked.
Users route agent traffic through the platform by configuring their HTTP_PROXY and HTTPS_PROXY environment settings. This allows CrabTrap to work across different programming languages, frameworks and APIs without requiring individual SDK integrations.
The system combines deterministic rules with an AI model that evaluates requests outside known traffic patterns. Brex said the AI judge typically activates for fewer than 3% of requests after an agent has established predictable behavior.
Brex also built a policy generator that studies historical network traffic while agents operate in shadow mode. It samples requests and drafts natural language policies based on how the agents actually behave.
An evaluation system then compares proposed policy changes against previous traffic before they are deployed. CrabTrap stores full audit trails and can flag repeated denials so a person or another agent can propose an updated policy.
One of the main development challenges was prompt injection. Because the AI judge receives HTTP requests containing user controlled information, a malicious URL, header or request body could attempt to manipulate its decision.
Brex addressed the issue by converting requests into structured JSON before passing them to the model, ensuring user controlled content is escaped rather than inserted as raw text.
The company said CrabTrap has increased internal confidence in deploying autonomous agents across more business operations. Its audit logs have also helped Brex identify unnecessary tools, requests and token usage within its agent systems.
Brex plans to expand CrabTrap with single sign on, role based access controls, permission escalation workflows and automated policy management.
The open source project has already attracted more than 700 GitHub stars, with Brex reporting interest from OpenAI, Y Combinator CEO Garry Tan and developer Pete Steinberger.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our